Access login page data after user is authenticated

[zhangj5]

Hi all,

I am very new to Spring, and I will do my best to explain my problem.

I have a login.jsp to perform OpenID authentication, and there are also some other values contained within the login.jsp, for example a hidden input

HTML Code:

<pre><input type="hidden" name="Language" value="English"></pre>

When the authentication succeeded, I want to be able to access the values from the login.jsp, such as the "Language" value is "English". So the flow would be
1. Save the value in the hidden form in somewhere.
2. OpenID authentication.
3. Access the value of the hidden form in somewhere.
So, my problem is where and how can I save those values.


Thanks.

[Rob Winch]

Spring Security supports localization through Spring's LocaleContextHolder, but managing that Locale is outside of what Spring Security supports. If you want to manage the locale, use the MVC framework of your choice. If you are using Spring MVC, see the using locales from the Spring MVC documentation.

[zhangj5]

Spring Security supports localization through Spring's LocaleContextHolder, but managing that Locale is outside of what Spring Security supports. If you want to manage the locale, use the MVC framework of your choice. If you are using Spring MVC, see the using locales from the Spring MVC documentation.

Thanks, rwinch. I learned another powerful Spring feature.
However, maybe my example in the first post confused you. The name and value of the hidden input are not just "Language" and "English", it can be something like

HTML Code:

<input type="hidden" name="name_1" value="value_1">
<input type="hidden" name="name_2" value="value_2">

And there can be up to 5 of such inputs.
So i thought if I can use an object to store those hidden inputs, like

HTML Code:

public class MyHiddenObject{
          private String value_1;
          private String value_2;
          .........
          private String value_5;
          //getter and setters
         ........
}

Then, I can read the hidden inputs at some stages, store them into MyHiddenObject. When the OpenID authentication is returned, I can read the values from MyHiddenObject.
The steps would be
1. User click Google image to authenticate using OpenID.
2. Store hidden form values into MyHiddenObject using setters.
3. Store MyHiddenObject into somewhere.
3. OpenID authentication.
4. Retrieve MyHiddenObject from somewhere.
5. Read MyHiddenObject fields using getters.

Any idea? Thanks

[Rob Winch]

If the credentials are for authentication you might have a look at the faq http://static.springsource.org/sprin...a-login-fields You could store the extra fields in Session.

[zhangj5]

If the credentials are for authentication you might have a look at the faq http://static.springsource.org/sprin...a-login-fields You could store the extra fields in Session.

Thanks again. I will try OpenIDAuthenticationFilter as I am using OpenID authentication.
The only thing that I am afraid of using session is the values of the input fields may contain texts larger than string like "a company name" or "a phone number", it could be the HTML source code of another web page, or a text document (less than 1000 sentences in average). Will this cause negative effects on the performance, such as speed.

[Rob Winch]

Out of curiosity what are you going to put in the fields and what do you intend to do with the values? If you think the values are too large you can store an idea in session and store the fields in a database or cache.

[zhangj5]

Out of curiosity what are you going to put in the fields and what do you intend to do with the values?

At least, there are

• source language and target language pair
• an URL
• the HTML source code of the URL

After user logged in, the HTML source code of the URL will be translated using source language and target language pair.

Database? I do not known if I want to include Database into this project.
Cache sounds good. Can you explain more.

[arthomps]

have you dug through http://static.springsource.org/sprin...html#ns-openid ?

[zhangj5]

have you dug through http://static.springsource.org/sprin...html#ns-openid ?

Yes, I have the OpenID working at the moment.
To be honest, I have only started using Spring MVC and Spring Security about 5 days ago. So there are basic techniques that I need to know first, rather than just make the application working. Especially the xml configuration files. I know that there are so many resources on the web, but It seems hard to find one for absolute beginner.

[zhangj5]

OK, I came out with the following,
The spring-security

HTML Code:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/context
                           http://www.springframework.org/schema/context/spring-context-3.0.xsd
                           http://www.springframework.org/schema/security 
                           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <security:http pattern="/myapp/auth/login" security="none"/>
    <security:http pattern="/myapp/auth/logout" security="none"/>
    <security:http entry-point-ref="entryPoint">
        <security:intercept-url pattern="/myapp/main/*" access="ROLE_USER"/>
        <security:logout invalidate-session="true"
    		logout-success-url="/myapp/auth/login"
    		logout-url="/myapp/auth/logout"/>  
        <security:custom-filter position="OPENID_FILTER" ref="openIdAuthFilter"/>
    </security:http>

  <bean id="openIdAuthFilter" class="org.myorg.openid.filter.CustomOpenIDAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
    <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
    <property name="consumer">
      <bean class="org.springframework.security.openid.OpenID4JavaConsumer">
        <constructor-arg index="0">
          <bean class="org.openid4java.consumer.ConsumerManager"/>
        </constructor-arg>
        <constructor-arg index="1">
          <list value-type="org.springframework.security.openid.OpenIDAttribute">
            <bean class="org.springframework.security.openid.OpenIDAttribute">
              <constructor-arg index="0" value="email"/>
              <constructor-arg index="1" value="http://schema.openid.net/contact/email"/>
              <property name="required" value="true"/>
              <property name="count" value="1"/>           
            </bean>
            <bean class="org.springframework.security.openid.OpenIDAttribute">
              <constructor-arg index="0" value="firstName"/>
              <constructor-arg index="1" value="http://axschema.org/namePerson/first" />
              <property name="required" value="true"/>
              <property name="count" value="1"/>     
            </bean>
            <bean class="org.springframework.security.openid.OpenIDAttribute">
              <constructor-arg index="0" value="lastName"/>
              <constructor-arg index="1" value="http://axschema.org/namePerson/last" />
              <property name="required" value="true"/>
              <property name="count" value="1"/>     
            </bean>
          </list>
        </constructor-arg>
      </bean>
    </property>
  </bean>
  
  
    <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider ref="openIdAuthProvider"/>
    </security:authentication-manager>
  <bean id="openIdAuthProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider">
    <property name="authenticationUserDetailsService" ref="registeringUserService"/>
  </bean>

	<bean id="authenticationSuccessHandler"
		class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
		<property name="defaultTargetUrl" value="/myapp/main/common.jsp" />
	</bean>
	
	<bean id="authenticationFailureHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
		 <property name="defaultFailureUrl" value="/myapp/auth/login?error=true" />
	</bean>
<!--
    A custom UserDetailsService which will allow any user to authenticate and "register" their IDs in an internal map
    for use if they return to the site. This is the most common usage pattern for sites which use OpenID.
 -->
    <bean id="registeringUserService" class="org.myorg.openid.service.CustomUserDetailsService" />

  <bean id="entryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/myapp/auth/login"/>
  </bean>
</beans>

The login.jsp

HTML Code:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %>

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<c:url var="javascriptpath" value="/resources/javascript/"/>
<c:url var="imagepath" value="../../resources/images/"/>
<c:url var="stylepath" value="../../resources/css/"/>
<script type="text/javascript" src="${javascriptpath}jquery.js"></script>
</head>
<script type="text/javascript">
$(document).ready(function(){
	$('#openid-selector img').click(function(){
		var identifier = $(this).attr('id');
		$('#openid_identifier').val(identifier);
		$('#openid-form').submit();
	});
});
</script>
<body>
<div id="login-error">${error}</div>
<h1>Login</h1>
<c:url var="openIDLoginUrl" value="/j_spring_openid_security_check" />
<c:url var="googleLogoUrl" value="${imagepath}google-logo.png" />
<c:url var="yahooLogoUrl" value="${imagepath}yahoo.jpg" />
<hr/>
<table id="openid-selector">
<tr>
<td><div style="margin-right: 50px"> <img src="${googleLogoUrl}" width="80px" height="50px" id="https://www.google.com/accounts/o8/id"></img></div></td>
</tr>
</table>
<form action="${openIDLoginUrl}" method="post" id="openid-form">
this is hidden identifier:<input id="openid_identifier" name ="openid_identifier" value=""/> <br/>
this is hidden message: <input id="language" value="hello world">
</form>

</body>
</html>

The CustomOpenIDAuthenticationFilter.java

HTML Code:

public class CustomOpenIDAuthenticationFilter extends OpenIDAuthenticationFilter{

	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) 
	throws IOException,ServletException{
		System.out.println("==before login==");
		String language = request.getParameter("language");
		System.out.println("language= " + language);
		super.successfulAuthentication(request, response, authResult);
		System.out.println("==after login==");
	}
	
	protected void unsuccessfulAuthentication(HttpServletRequest request,
			HttpServletResponse response, AuthenticationException failed)
	throws IOException,ServletException{
		System.out.println("==before failed login==");
		super.unsuccessfulAuthentication(request, response, failed);
		System.out.println("==after failed login==");
	}
}

I can login into common.jsp page, but at the CustomOpenIDAuthenticationFilter, line

HTML Code:

String language = request.getParameter("language");
		System.out.println("language= " + language);

I got language= null.

Did I miss anything here? Thanks.