In my application the first page the user gets is the login form. I handle the login action using spring 2 security. After the successful login user is directed to struts 2 action.
In this struts 2 action I have property which I would like to populate with user input (additional field inside login form).
To be able to populate this property of struts 2 action I need to set request parameter. The problem is that the request is controlled by spring security. I've tried adding input field to login form, but spring doesn't forward its value to struts action.
You can try the following solution:
1. insert custom filter into spring security filter chain
2. inside this filter obtain http session and store there the value of request parameter
As we change the login form (adding another parameter) we need to customize spring representation of login form and spring login processing filter.
Here is the configuration:
MyAuthenticationProcessingFilter extends spring's org.springframework.security.ui.webapp.AuthenticationProcessingFilter, wraps attemptAuthentication method obtaining request parameter and storing it inside http session. This class is written just to show the idea, for better practice browse AuthenticationProcessingFilter code for username and password parameters.
You may notice that "myFilter" and "entryPoint" beans together define parameters that are otherwise defined by <form-login> element inside <http>. You use <form-login> when you want the default behavior. But in our case we use custom beans, so you shouldremove <form-login> element completely.
Now we need to tell <http> use our beans. "myFilter" bean is passed to spring chain by using <custom-filter> element inside bean definition: