• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • paul wheaton
  • Ron McLeod
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:

request.getAttribute in onSuccessfulAuthentication method

 
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a requirement where I want to get the request attribute set from my custom filter class. In my filter class I have set an attribute to request scope. When I try to get the attribute in 'onSuccessfulAuthentication' method using request.getAttribute("attrName") I am getting null. the other way to get this attribute is setting it to a session. But I don't want to set a session in that filter because every request pass through this filter and it creates large clusters if I set a session. Can any one suggest me any other way to achieve this.

I tried getting 'SPRING_SECURITY_SAVED_REQUEST'. but this is not returning me the attribute set in the previous class(my filter class).
 
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I presume you're setting this in your custom filter with request.setAttribute. One issue may be the position that filter has in the filter chain. Are you sure that the filter where the attribute is set comes before the filter you want to access it? It should be that if your filter where you set the attribute is hit first, that it should work as expected. When you say you have a custom filter, are you talking about a plain servlet filter (implements Filter)? Or are you talking about a filter that extends one of the Spring authentication filters? There is a way to specify the order of your filter in the spring config file.
 
Mukhi Vla
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Are you sure that the filter where the attribute is set comes before the filter you want to access it?



Yes.

My custom filter(where I set request.setAttribute) is extended from 'org.springframework.security.context.HttpSessionContextIntegrationFilter'.

And my authentication filter class(where I have 'onSUccessfulAuthentication') is extended from 'org.springframework.security.ui.webapp.AuthenticationProcessingFilter'.

The custom filter is configured in web.xml using <filter> and <filter-mapping> tags.
the authentication filter class is configured in my app-security.xml file using <security:filter-chain-map>. So I don't have this custom filer reference in my app-security.xml file to specify the order. And I am pretty sure that this custom filter is hit before I get to the authentication filter.


Thanks.
 
Mark Secrist
Ranch Hand
Posts: 89
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there a way you can turn on logging and test the assumption that your filter is being hit first? In theory, this should work. In fact it's worked in a few projects I've used filters on. Can you turn on/up logging to see what's going on?

I think there can only be two explanations.
1. The filter where you set the attribute is hit after the filter you try to access the attribute
2. The request object you set the property on is somehow not the request object that is received in the filter where you try to read the attribute.

The latter seems less likely to me, which is why I'm pushing the filter order.
 
Mukhi Vla
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I turned on logger and check the sequence. My custom filter is hit first for sure. I am able to get the attribute in all the other classes except this class. I think there is some mechanism in spring security that is hindering this object to get the attribute. I read other forums addressing this issue. Thanks for analyzing my problem.
 
Mukhi Vla
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have one more problem in my appliucation. This is realted to application.properties values in my JSP.

Please see this link if you are interested https://coderanch.com/t/500725/Spring/properties-file#2257495


Thanks
 
Author
Posts: 84
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If it is "SPRING_SECURITY_SAVED_REQUEST" in particular that you are trying to get, I think this is saved as a session attribute and not request attribute (because it needs to persist through several requests involved in login and authentication). Can you provide us the name of the attribute you are trying to retrieve? Is it set by your code, or Spring Security?
 
Mukhi Vla
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It is not saved in 'SPRING_SECURITY_SAVED_REQUEST'. I tried getting it using request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST").

Name of my attribute is 'siteSpecificBean' in my custom filter class.
This is set by me.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic