request.getAttribute in onSuccessfulAuthentication method

I have a requirement where I want to get the request attribute set from my custom filter class. In my filter class I have set an attribute to request scope. When I try to get the attribute in 'onSuccessfulAuthentication' method using request.getAttribute("attrName") I am getting null. the other way to get this attribute is setting it to a session. But I don't want to set a session in that filter because every request pass through this filter and it creates large clusters if I set a session. Can any one suggest me any other way to achieve this.

I tried getting 'SPRING_SECURITY_SAVED_REQUEST'. but this is not returning me the attribute set in the previous class(my filter class).

I presume you're setting this in your custom filter with request.setAttribute. One issue may be the position that filter has in the filter chain. Are you sure that the filter where the attribute is set comes before the filter you want to access it? It should be that if your filter where you set the attribute is hit first, that it should work as expected. When you say you have a custom filter, are you talking about a plain servlet filter (implements Filter)? Or are you talking about a filter that extends one of the Spring authentication filters? There is a way to specify the order of your filter in the spring config file.

Are you sure that the filter where the attribute is set comes before the filter you want to access it?

Yes.

My custom filter(where I set request.setAttribute) is extended from 'org.springframework.security.context.HttpSessionContextIntegrationFilter'.

And my authentication filter class(where I have 'onSUccessfulAuthentication') is extended from 'org.springframework.security.ui.webapp.AuthenticationProcessingFilter'.

The custom filter is configured in web.xml using <filter> and <filter-mapping> tags.
the authentication filter class is configured in my app-security.xml file using <security:filter-chain-map>. So I don't have this custom filer reference in my app-security.xml file to specify the order. And I am pretty sure that this custom filter is hit before I get to the authentication filter.


Thanks.

Is there a way you can turn on logging and test the assumption that your filter is being hit first? In theory, this should work. In fact it's worked in a few projects I've used filters on. Can you turn on/up logging to see what's going on?

I think there can only be two explanations.
1. The filter where you set the attribute is hit after the filter you try to access the attribute
2. The request object you set the property on is somehow not the request object that is received in the filter where you try to read the attribute.

The latter seems less likely to me, which is why I'm pushing the filter order.

I turned on logger and check the sequence. My custom filter is hit first for sure. I am able to get the attribute in all the other classes except this class. I think there is some mechanism in spring security that is hindering this object to get the attribute. I read other forums addressing this issue. Thanks for analyzing my problem.

I have one more problem in my appliucation. This is realted to application.properties values in my JSP.

Please see this link if you are interested https://coderanch.com/t/500725/Spring/properties-file#2257495


Thanks

If it is "SPRING_SECURITY_SAVED_REQUEST" in particular that you are trying to get, I think this is saved as a session attribute and not request attribute (because it needs to persist through several requests involved in login and authentication). Can you provide us the name of the attribute you are trying to retrieve? Is it set by your code, or Spring Security?

It is not saved in 'SPRING_SECURITY_SAVED_REQUEST'. I tried getting it using request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST").

Name of my attribute is 'siteSpecificBean' in my custom filter class.
This is set by me.