Preparing the HttpServletRequest in Spring security

Hi,

I was hoping someone could help.

I have developed a secure rest API in spring that receives json, and then uses JSR303 bean validation using @RequestBody @Validated etc.. This all works fine.

However it has now been decided that the whole json string to be sent to my REST API, needs to be encrypted in AES.

So within a custom spring security filter I have pulled the encrypted string from the request, decrypted it to Json, do authentication etc...

I basically now need to put the json into the request, so that my controllers @RequestBody Annotations can continue to do their magic.

How do I put the JSON into the request within my filter? Also is there is a better approach and how does everyone encrypt their json? Was wondering if its easier to encrypt each filed with field?

Snippet of Filter

public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; //Pull out the Authorization header String authorization = request.getHeader("Authorization"); //If the Authorization header is null, let the ExceptionTranslationFilter provided by //the <http> namespace kick of the RestAuthenticationEntryPoint to send Unauthorised if (authorization == null) { chain.doFilter(request, response); return; } String incomingJson = decodeHeader(authorization); // incomingJson needs to go into the request, so that @RequestBody will continue to work String[] credentials = getCredentials(incomingJson);

Regards
D.