request.getParameter == null, even though form post var does exist

Hello-

I have asked this question on stackoverflow (http://stackoverflow.com/questions/6444700/spring-security-custom-filter-cannot-read-from-post-parameter) and spring-security (http://forum.springsource.org/showthread.php?110978-Spring-security-3-amp-SSO-with-pubcookie) however couldn't find a solution, re-posting here:

Essentially, I have a pre-authenticated scenario, where I have a custom pre-auth filter and if a certain form post variable is not present in the request the request is redirected to an external authentication system (pubcookie), the system authenticates the user and re-sends the request back to my application with the id of the authenticated user in a form post variable. The custom pre-auth filter 'should' succeed this time.

Problem is the form post data is being "lost", request.getParameter("x") always returns null. The filter is pretty basic, nothing earth shattering. Tamper-Data shows the variable is present in the request.

I'm stuck with this issue for a week now, has any body seen such behavior?

Sounds like because of the redirect, the request loses its values because of the scope of request parameters aren't retained in redirects. That is why there is this scope called Flash scope in web frameworks like Grails for instance. I am not sure if there is one that you can set it to that scope in Spring Security. So you might need to put those values into the Session or something that will allow it to be available after a redirect.

Unfortunately, I don't have a specific solution for you.

Mark

I may not be understanding correctly, however, my app is not sending any parameters to the external app, rather the other way around, so not sure how the params can be lost in redirect.

K Mansoor wrote:I may not be understanding correctly, however, my app is not sending any parameters to the external app, rather the other way around, so not sure how the params can be lost in redirect.

request the request is redirected to an external authentication system

There, you just said that your request is redirected. So the request parameter is now gone. That is what I mean.

Mark

Hi,

Did you ever work out what the problem was? I'm facing exactly the same situation and am stumped.

thanks in advance + kind regards,

Kaveh.

Hi,

In my case the problem was due to the fact that my preauth custom filter was calling the HttpServletRequest.getInputStream() but the WrapperRequest I was passing to the downstream filters had a bug which meant that they got nulls. Once I fixed my HttpServletRequestWrapper object things started to work.

Hope this helps.

Kaveh.

Problems like this you need to post your codes in order for others to help you, based on the info alone I can't confirm even I may know what's the problem.

In summary, I think something it has to do with store the "HOHUM_ID" from pubcookie in the session and retrieve it later. I think you have missed something there, that's why it give you a null.

From the Controller you needs to do store the the ID in the session, later if you want to retrieve for the next process you need to do a check whether the ID is there or not, if not get the ID from the session etc.

The MAIN problem that I see is probably you didn't store the ID return from pubcookie any where so, it give you null when you try to getting the ID out.



The code below doesn't do any good.

if (hohumId == null) { throw new PreAuthenticatedCredentialsNotFoundException("ID not found in request"); }

How about this:


//Get id from the session or where you store the pubcookie String id = request.getParameter("HOHUM_ID");

if (id == null || id .trim().length() < 1) { id = (String)request.getSession().getAttribute("HOHUM_ID"); if (id == null || id.trim().length() < 1) { id = null; } else { request.getSession().removeAttribute("HOHUM_ID"); } }



I assumed that everything else is set correctly...


Hope it help...