Access login page data after user is authenticated

[zhangj5]

I have the CustomOpenIDAuthenticationFilter used, but still have problems

The CustomOpenIDAuthenticationFilter.java

HTML Code:

public class CustomOpenIDAuthenticationFilter extends OpenIDAuthenticationFilter{

	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) 
	throws IOException,ServletException{
		System.out.println("==before login==");
		String language = request.getParameter("language");
		System.out.println("language= " + language);
		super.successfulAuthentication(request, response, authResult);
		System.out.println("==after login==");
	}
	
	protected void unsuccessfulAuthentication(HttpServletRequest request,
			HttpServletResponse response, AuthenticationException failed)
	throws IOException,ServletException{
		System.out.println("==before failed login==");
		super.unsuccessfulAuthentication(request, response, failed);
		System.out.println("==after failed login==");
	}
}

And the login.jsp

HTML Code:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %>

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<c:url var="javascriptpath" value="/resources/javascript/"/>
<c:url var="imagepath" value="../../resources/images/"/>
<c:url var="stylepath" value="../../resources/css/"/>
<script type="text/javascript" src="${javascriptpath}jquery.js"></script>
</head>
<script type="text/javascript">
$(document).ready(function(){
	$('#openid-selector img').click(function(){
		var identifier = $(this).attr('id');
		$('#openid_identifier').val(identifier);
		$('#openid-form').submit();
	});
});
</script>
<body>
<div id="login-error">${error}</div>
<h1>Login</h1>


<c:url var="openIDLoginUrl" value="/j_spring_openid_security_check" />
<c:url var="googleLogoUrl" value="${imagepath}google-logo.png" />
<c:url var="yahooLogoUrl" value="${imagepath}yahoo.jpg" />
<hr/>

<table id="openid-selector">
<tr>
<td><div style="margin-right: 50px"> <img src="${googleLogoUrl}" width="80px" height="50px" id="https://www.google.com/accounts/o8/id"></img></div></td>
<td><img src="${yahooLogoUrl}" width="80px" height="50px" id="https://me.yahoo.com"></img></td>
</tr>
</table>
<form action="${openIDLoginUrl}" method="post" id="openid-form">
this is hidden identifier:<input id="openid_identifier" name ="openid_identifier" value=""/> <br/>
this is hidden message: <input id="language" name="language" value="hello world">
</form>

</body>
</html>

The spring-security.xml

HTML Code:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/context
                           http://www.springframework.org/schema/context/spring-context-3.0.xsd
                           http://www.springframework.org/schema/security 
                           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <security:http pattern="/myapp/auth/login" security="none"/>
    <security:http pattern="/myapp/auth/logout" security="none"/>
    <security:http entry-point-ref="entryPoint">
        <security:intercept-url pattern="/myapp/main/*" access="ROLE_USER"/>
        <security:logout invalidate-session="true"
    		logout-success-url="/myapp/auth/login"
    		logout-url="/myapp/auth/logout"/>  
        <security:custom-filter position="OPENID_FILTER" ref="openIdAuthFilter"/>
    </security:http>

  <bean id="openIdAuthFilter" class="org.myorg.openid.filter.CustomOpenIDAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
    <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
    <property name="consumer">
      <bean class="org.springframework.security.openid.OpenID4JavaConsumer">
        <constructor-arg index="0">
          <bean class="org.openid4java.consumer.ConsumerManager"/>
        </constructor-arg>
        <constructor-arg index="1">
          <list value-type="org.springframework.security.openid.OpenIDAttribute">
            <bean class="org.springframework.security.openid.OpenIDAttribute">
              <constructor-arg index="0" value="email"/>
              <constructor-arg index="1" value="http://schema.openid.net/contact/email"/>
              <property name="required" value="true"/>
              <property name="count" value="1"/>           
            </bean>
            <bean class="org.springframework.security.openid.OpenIDAttribute">
              <constructor-arg index="0" value="firstName"/>
              <constructor-arg index="1" value="http://axschema.org/namePerson/first" />
              <property name="required" value="true"/>
              <property name="count" value="1"/>     
            </bean>
            <bean class="org.springframework.security.openid.OpenIDAttribute">
              <constructor-arg index="0" value="lastName"/>
              <constructor-arg index="1" value="http://axschema.org/namePerson/last" />
              <property name="required" value="true"/>
              <property name="count" value="1"/>     
            </bean>
          </list>
        </constructor-arg>
      </bean>
    </property>
  </bean>
  
  
    <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider ref="openIdAuthProvider"/>
    </security:authentication-manager>
  <bean id="openIdAuthProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider">
    <property name="authenticationUserDetailsService" ref="registeringUserService"/>
  </bean>

	<bean id="authenticationSuccessHandler"
		class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
		<property name="defaultTargetUrl" value="/myapp/main/translationpage.jsp" />
	</bean>
	
	<bean id="authenticationFailureHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
		 <property name="defaultFailureUrl" value="/myapp/auth/login?error=true" />
	</bean>
<!--
    A custom UserDetailsService which will allow any user to authenticate and "register" their IDs in an internal map
    for use if they return to the site. This is the most common usage pattern for sites which use OpenID.
 -->
    <bean id="registeringUserService" class="org.myorg.openid.service.CustomUserDetailsService" />

  <bean id="entryPoint"
    class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl" value="/myapp/auth/login"/>
  </bean>
</beans>

At line

HTML Code:

String language = request.getParameter("language");
		System.out.println("language= " + language);

I got language= null.

Did I miss anything again? Thanks.

[zhangj5]

If the credentials are for authentication you might have a look at the faq http://static.springsource.org/sprin...a-login-fields You could store the extra fields in Session.

If i save the value in the session, say there are two instances of the login page opened by a user, I think the extra fields from these two instances will overwrite each other.