I have integrated spring security into a webapp which relies on an authentication servlet outside of the webapp (at different host/url) to determine whether the user has been authenticated. I used a custom filter in a "PRE_AUTH_FILTER" position in the spring security filter chain.
Now for local development purposes, i would like to have an authentication servlet inside the webapp. I have written the servlet as follows:
When the "doPost" method of the servlet is called, the user is authenticated (this is working). The problem I'm having is with the "doGet" method which verifies whether a user has been authenticated... I do a get request to the servlet, passing a session id as a url parameter. The problem is that inside the "doGet" method, I cannot retrieve the parameter from the HttpServletRequest object:
The above just returns null.
But when constructing the get request to the servlet, the url parameter is definitely included. I also tried setting a cookie and getting the cookie value inside the doGet method, but no luck - the list of cookies returned by request.getCookies() is null.
I debugged the code and noticed that the instance type of the HttpServletRequest parameter (of the doGet method) is of type SecurityContextHolderAwareRequestWrapper. Is this the reason for the problem? If so, how can I go about getting the request parameter from the url?