Announcement Announcement Module
Collapse
No announcement yet.
Access login page data after user is authenticated Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access login page data after user is authenticated

    Hi all,

    I am very new to Spring, and I will do my best to explain my problem.

    I have a login.jsp to perform OpenID authentication, and there are also some other values contained within the login.jsp, for example a hidden input
    HTML Code:
    <pre><input type="hidden" name="Language" value="English"></pre>
    When the authentication succeeded, I want to be able to access the values from the login.jsp, such as the "Language" value is "English". So the flow would be
    1. Save the value in the hidden form in somewhere.
    2. OpenID authentication.
    3. Access the value of the hidden form in somewhere.
    So, my problem is where and how can I save those values.


    Thanks.

  • #2
    Spring Security supports localization through Spring's LocaleContextHolder, but managing that Locale is outside of what Spring Security supports. If you want to manage the locale, use the MVC framework of your choice. If you are using Spring MVC, see the using locales from the Spring MVC documentation.

    Comment


    • #3
      Originally posted by rwinch View Post
      Spring Security supports localization through Spring's LocaleContextHolder, but managing that Locale is outside of what Spring Security supports. If you want to manage the locale, use the MVC framework of your choice. If you are using Spring MVC, see the using locales from the Spring MVC documentation.
      Thanks, rwinch. I learned another powerful Spring feature.
      However, maybe my example in the first post confused you. The name and value of the hidden input are not just "Language" and "English", it can be something like
      HTML Code:
      <input type="hidden" name="name_1" value="value_1">
      <input type="hidden" name="name_2" value="value_2">
      And there can be up to 5 of such inputs.
      So i thought if I can use an object to store those hidden inputs, like
      HTML Code:
      public class MyHiddenObject{
                private String value_1;
                private String value_2;
                .........
                private String value_5;
                //getter and setters
               ........
      }
      Then, I can read the hidden inputs at some stages, store them into MyHiddenObject. When the OpenID authentication is returned, I can read the values from MyHiddenObject.
      The steps would be
      1. User click Google image to authenticate using OpenID.
      2. Store hidden form values into MyHiddenObject using setters.
      3. Store MyHiddenObject into somewhere.
      3. OpenID authentication.
      4. Retrieve MyHiddenObject from somewhere.
      5. Read MyHiddenObject fields using getters.

      Any idea? Thanks

      Comment


      • #4
        If the credentials are for authentication you might have a look at the faq http://static.springsource.org/sprin...a-login-fields You could store the extra fields in Session.

        Comment


        • #5
          Originally posted by rwinch View Post
          If the credentials are for authentication you might have a look at the faq http://static.springsource.org/sprin...a-login-fields You could store the extra fields in Session.
          Thanks again. I will try OpenIDAuthenticationFilter as I am using OpenID authentication.
          The only thing that I am afraid of using session is the values of the input fields may contain texts larger than string like "a company name" or "a phone number", it could be the HTML source code of another web page, or a text document (less than 1000 sentences in average). Will this cause negative effects on the performance, such as speed.

          Comment


          • #6
            Out of curiosity what are you going to put in the fields and what do you intend to do with the values? If you think the values are too large you can store an idea in session and store the fields in a database or cache.

            Comment


            • #7
              Originally posted by rwinch View Post
              Out of curiosity what are you going to put in the fields and what do you intend to do with the values?
              At least, there are
              • source language and target language pair
              • an URL
              • the HTML source code of the URL

              After user logged in, the HTML source code of the URL will be translated using source language and target language pair.

              Database? I do not known if I want to include Database into this project.
              Cache sounds good. Can you explain more.

              Comment


              • #8
                have you dug through http://static.springsource.org/sprin...html#ns-openid ?

                Comment


                • #9
                  Originally posted by arthomps View Post
                  Yes, I have the OpenID working at the moment.
                  To be honest, I have only started using Spring MVC and Spring Security about 5 days ago. So there are basic techniques that I need to know first, rather than just make the application working. Especially the xml configuration files. I know that there are so many resources on the web, but It seems hard to find one for absolute beginner.

                  Comment


                  • #10
                    OK, I came out with the following,
                    The spring-security
                    HTML Code:
                    <?xml version="1.0" encoding="UTF-8"?>
                    
                    <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
                        xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security"
                        xsi:schemaLocation="http://www.springframework.org/schema/beans
                                               http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                                               http://www.springframework.org/schema/context
                                               http://www.springframework.org/schema/context/spring-context-3.0.xsd
                                               http://www.springframework.org/schema/security 
                                               http://www.springframework.org/schema/security/spring-security-3.1.xsd">
                    
                        <security:http pattern="/myapp/auth/login" security="none"/>
                        <security:http pattern="/myapp/auth/logout" security="none"/>
                        <security:http entry-point-ref="entryPoint">
                            <security:intercept-url pattern="/myapp/main/*" access="ROLE_USER"/>
                            <security:logout invalidate-session="true"
                        		logout-success-url="/myapp/auth/login"
                        		logout-url="/myapp/auth/logout"/>  
                            <security:custom-filter position="OPENID_FILTER" ref="openIdAuthFilter"/>
                        </security:http>
                    
                      <bean id="openIdAuthFilter" class="org.myorg.openid.filter.CustomOpenIDAuthenticationFilter">
                        <property name="authenticationManager" ref="authenticationManager"/>
                        <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
                        <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
                        <property name="consumer">
                          <bean class="org.springframework.security.openid.OpenID4JavaConsumer">
                            <constructor-arg index="0">
                              <bean class="org.openid4java.consumer.ConsumerManager"/>
                            </constructor-arg>
                            <constructor-arg index="1">
                              <list value-type="org.springframework.security.openid.OpenIDAttribute">
                                <bean class="org.springframework.security.openid.OpenIDAttribute">
                                  <constructor-arg index="0" value="email"/>
                                  <constructor-arg index="1" value="http://schema.openid.net/contact/email"/>
                                  <property name="required" value="true"/>
                                  <property name="count" value="1"/>           
                                </bean>
                                <bean class="org.springframework.security.openid.OpenIDAttribute">
                                  <constructor-arg index="0" value="firstName"/>
                                  <constructor-arg index="1" value="http://axschema.org/namePerson/first" />
                                  <property name="required" value="true"/>
                                  <property name="count" value="1"/>     
                                </bean>
                                <bean class="org.springframework.security.openid.OpenIDAttribute">
                                  <constructor-arg index="0" value="lastName"/>
                                  <constructor-arg index="1" value="http://axschema.org/namePerson/last" />
                                  <property name="required" value="true"/>
                                  <property name="count" value="1"/>     
                                </bean>
                              </list>
                            </constructor-arg>
                          </bean>
                        </property>
                      </bean>
                      
                      
                        <security:authentication-manager alias="authenticationManager">
                          <security:authentication-provider ref="openIdAuthProvider"/>
                        </security:authentication-manager>
                      <bean id="openIdAuthProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider">
                        <property name="authenticationUserDetailsService" ref="registeringUserService"/>
                      </bean>
                    
                    	<bean id="authenticationSuccessHandler"
                    		class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
                    		<property name="defaultTargetUrl" value="/myapp/main/common.jsp" />
                    	</bean>
                    	
                    	<bean id="authenticationFailureHandler"
                    		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
                    		 <property name="defaultFailureUrl" value="/myapp/auth/login?error=true" />
                    	</bean>
                    <!--
                        A custom UserDetailsService which will allow any user to authenticate and "register" their IDs in an internal map
                        for use if they return to the site. This is the most common usage pattern for sites which use OpenID.
                     -->
                        <bean id="registeringUserService" class="org.myorg.openid.service.CustomUserDetailsService" />
                    
                      <bean id="entryPoint"
                        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
                        <property name="loginFormUrl" value="/myapp/auth/login"/>
                      </bean>
                    </beans>
                    The login.jsp
                    HTML Code:
                    <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
                    <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
                    <%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %>
                    
                    <%@ page language="java" contentType="text/html; charset=UTF-8"
                        pageEncoding="UTF-8"%>
                    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
                    <html>
                    <head>
                    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                    <title>Insert title here</title>
                    <c:url var="javascriptpath" value="/resources/javascript/"/>
                    <c:url var="imagepath" value="../../resources/images/"/>
                    <c:url var="stylepath" value="../../resources/css/"/>
                    <script type="text/javascript" src="${javascriptpath}jquery.js"></script>
                    </head>
                    <script type="text/javascript">
                    $(document).ready(function(){
                    	$('#openid-selector img').click(function(){
                    		var identifier = $(this).attr('id');
                    		$('#openid_identifier').val(identifier);
                    		$('#openid-form').submit();
                    	});
                    });
                    </script>
                    <body>
                    <div id="login-error">${error}</div>
                    <h1>Login</h1>
                    <c:url var="openIDLoginUrl" value="/j_spring_openid_security_check" />
                    <c:url var="googleLogoUrl" value="${imagepath}google-logo.png" />
                    <c:url var="yahooLogoUrl" value="${imagepath}yahoo.jpg" />
                    <hr/>
                    <table id="openid-selector">
                    <tr>
                    <td><div style="margin-right: 50px"> <img src="${googleLogoUrl}" width="80px" height="50px" id="https://www.google.com/accounts/o8/id"></img></div></td>
                    </tr>
                    </table>
                    <form action="${openIDLoginUrl}" method="post" id="openid-form">
                    this is hidden identifier:<input id="openid_identifier" name ="openid_identifier" value=""/> <br/>
                    this is hidden message: <input id="language" value="hello world">
                    </form>
                    
                    </body>
                    </html>
                    The CustomOpenIDAuthenticationFilter.java
                    HTML Code:
                    public class CustomOpenIDAuthenticationFilter extends OpenIDAuthenticationFilter{
                    
                    	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) 
                    	throws IOException,ServletException{
                    		System.out.println("==before login==");
                    		String language = request.getParameter("language");
                    		System.out.println("language= " + language);
                    		super.successfulAuthentication(request, response, authResult);
                    		System.out.println("==after login==");
                    	}
                    	
                    	protected void unsuccessfulAuthentication(HttpServletRequest request,
                    			HttpServletResponse response, AuthenticationException failed)
                    	throws IOException,ServletException{
                    		System.out.println("==before failed login==");
                    		super.unsuccessfulAuthentication(request, response, failed);
                    		System.out.println("==after failed login==");
                    	}
                    }
                    I can login into common.jsp page, but at the CustomOpenIDAuthenticationFilter, line
                    HTML Code:
                    String language = request.getParameter("language");
                    		System.out.println("language= " + language);
                    I got language= null.

                    Did I miss anything here? Thanks.

                    Comment


                    • #11
                      I have the CustomOpenIDAuthenticationFilter used, but still have problems

                      The CustomOpenIDAuthenticationFilter.java
                      HTML Code:
                      public class CustomOpenIDAuthenticationFilter extends OpenIDAuthenticationFilter{
                      
                      	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) 
                      	throws IOException,ServletException{
                      		System.out.println("==before login==");
                      		String language = request.getParameter("language");
                      		System.out.println("language= " + language);
                      		super.successfulAuthentication(request, response, authResult);
                      		System.out.println("==after login==");
                      	}
                      	
                      	protected void unsuccessfulAuthentication(HttpServletRequest request,
                      			HttpServletResponse response, AuthenticationException failed)
                      	throws IOException,ServletException{
                      		System.out.println("==before failed login==");
                      		super.unsuccessfulAuthentication(request, response, failed);
                      		System.out.println("==after failed login==");
                      	}
                      }
                      And the login.jsp
                      HTML Code:
                      <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
                      <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
                      <%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %>
                      
                      <%@ page language="java" contentType="text/html; charset=UTF-8"
                          pageEncoding="UTF-8"%>
                      <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
                      <html>
                      <head>
                      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                      <title>Insert title here</title>
                      <c:url var="javascriptpath" value="/resources/javascript/"/>
                      <c:url var="imagepath" value="../../resources/images/"/>
                      <c:url var="stylepath" value="../../resources/css/"/>
                      <script type="text/javascript" src="${javascriptpath}jquery.js"></script>
                      </head>
                      <script type="text/javascript">
                      $(document).ready(function(){
                      	$('#openid-selector img').click(function(){
                      		var identifier = $(this).attr('id');
                      		$('#openid_identifier').val(identifier);
                      		$('#openid-form').submit();
                      	});
                      });
                      </script>
                      <body>
                      <div id="login-error">${error}</div>
                      <h1>Login</h1>
                      
                      
                      <c:url var="openIDLoginUrl" value="/j_spring_openid_security_check" />
                      <c:url var="googleLogoUrl" value="${imagepath}google-logo.png" />
                      <c:url var="yahooLogoUrl" value="${imagepath}yahoo.jpg" />
                      <hr/>
                      
                      <table id="openid-selector">
                      <tr>
                      <td><div style="margin-right: 50px"> <img src="${googleLogoUrl}" width="80px" height="50px" id="https://www.google.com/accounts/o8/id"></img></div></td>
                      <td><img src="${yahooLogoUrl}" width="80px" height="50px" id="https://me.yahoo.com"></img></td>
                      </tr>
                      </table>
                      <form action="${openIDLoginUrl}" method="post" id="openid-form">
                      this is hidden identifier:<input id="openid_identifier" name ="openid_identifier" value=""/> <br/>
                      this is hidden message: <input id="language" name="language" value="hello world">
                      </form>
                      
                      </body>
                      </html>
                      The spring-security.xml
                      HTML Code:
                      <?xml version="1.0" encoding="UTF-8"?>
                      
                      <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
                          xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security"
                          xsi:schemaLocation="http://www.springframework.org/schema/beans
                                                 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                                                 http://www.springframework.org/schema/context
                                                 http://www.springframework.org/schema/context/spring-context-3.0.xsd
                                                 http://www.springframework.org/schema/security 
                                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd">
                      
                          <security:http pattern="/myapp/auth/login" security="none"/>
                          <security:http pattern="/myapp/auth/logout" security="none"/>
                          <security:http entry-point-ref="entryPoint">
                              <security:intercept-url pattern="/myapp/main/*" access="ROLE_USER"/>
                              <security:logout invalidate-session="true"
                          		logout-success-url="/myapp/auth/login"
                          		logout-url="/myapp/auth/logout"/>  
                              <security:custom-filter position="OPENID_FILTER" ref="openIdAuthFilter"/>
                          </security:http>
                      
                        <bean id="openIdAuthFilter" class="org.myorg.openid.filter.CustomOpenIDAuthenticationFilter">
                          <property name="authenticationManager" ref="authenticationManager"/>
                          <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
                          <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
                          <property name="consumer">
                            <bean class="org.springframework.security.openid.OpenID4JavaConsumer">
                              <constructor-arg index="0">
                                <bean class="org.openid4java.consumer.ConsumerManager"/>
                              </constructor-arg>
                              <constructor-arg index="1">
                                <list value-type="org.springframework.security.openid.OpenIDAttribute">
                                  <bean class="org.springframework.security.openid.OpenIDAttribute">
                                    <constructor-arg index="0" value="email"/>
                                    <constructor-arg index="1" value="http://schema.openid.net/contact/email"/>
                                    <property name="required" value="true"/>
                                    <property name="count" value="1"/>           
                                  </bean>
                                  <bean class="org.springframework.security.openid.OpenIDAttribute">
                                    <constructor-arg index="0" value="firstName"/>
                                    <constructor-arg index="1" value="http://axschema.org/namePerson/first" />
                                    <property name="required" value="true"/>
                                    <property name="count" value="1"/>     
                                  </bean>
                                  <bean class="org.springframework.security.openid.OpenIDAttribute">
                                    <constructor-arg index="0" value="lastName"/>
                                    <constructor-arg index="1" value="http://axschema.org/namePerson/last" />
                                    <property name="required" value="true"/>
                                    <property name="count" value="1"/>     
                                  </bean>
                                </list>
                              </constructor-arg>
                            </bean>
                          </property>
                        </bean>
                        
                        
                          <security:authentication-manager alias="authenticationManager">
                            <security:authentication-provider ref="openIdAuthProvider"/>
                          </security:authentication-manager>
                        <bean id="openIdAuthProvider" class="org.springframework.security.openid.OpenIDAuthenticationProvider">
                          <property name="authenticationUserDetailsService" ref="registeringUserService"/>
                        </bean>
                      
                      	<bean id="authenticationSuccessHandler"
                      		class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
                      		<property name="defaultTargetUrl" value="/myapp/main/translationpage.jsp" />
                      	</bean>
                      	
                      	<bean id="authenticationFailureHandler"
                      		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
                      		 <property name="defaultFailureUrl" value="/myapp/auth/login?error=true" />
                      	</bean>
                      <!--
                          A custom UserDetailsService which will allow any user to authenticate and "register" their IDs in an internal map
                          for use if they return to the site. This is the most common usage pattern for sites which use OpenID.
                       -->
                          <bean id="registeringUserService" class="org.myorg.openid.service.CustomUserDetailsService" />
                      
                        <bean id="entryPoint"
                          class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
                          <property name="loginFormUrl" value="/myapp/auth/login"/>
                        </bean>
                      </beans>
                      At line
                      HTML Code:
                      String language = request.getParameter("language");
                      		System.out.println("language= " + language);
                      I got language= null.

                      Did I miss anything again? Thanks.

                      Comment


                      • #12
                        Originally posted by rwinch View Post
                        If the credentials are for authentication you might have a look at the faq http://static.springsource.org/sprin...a-login-fields You could store the extra fields in Session.
                        If i save the value in the session, say there are two instances of the login page opened by a user, I think the extra fields from these two instances will overwrite each other.

                        Comment

                        Working...
                        X