Recover Cookies in Spring Security Authentication

Asked

Viewed 455 times

2

How can I recover cookies when the user logs in through Spring Security and with the implementation of the interface AuthenticationProvider? If I recover an instance of HttpServletRequest from a class with controller I have access to Cookies, but if doing so returns null the attribute with Cookies:

Obs: I have Cookies set, are displayed on Devtools chrome.

Code:

@Component
public class LoginAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication)
            throws AuthenticationException {

        /* Aqui tento recuperar os cookies */
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
        /* Aqui tento recuperar os cookies */

        String username =  authentication.getName().toString();
        String password = (String) authentication.getCredentials();

        if (! AuthenticationConvert.validaSchema(username)) {
            throw new SchemaNotFoundException();
        } 

        SecurityContextHolder.getContext().setAuthentication(authentication);   


        Usuario usuario = usuarioService.findUsuario(AuthenticationConvert.getLogin(authentication.getName().toString()));  

        if (usuario == null)
            throw new UsernameNotFoundException("Usuário não encontrado.");

        if (! usuario.getSenha().equalsIgnoreCase(password))
            throw new BadCredentialsException("Senha incorreta.");

        return new UsernamePasswordAuthenticationToken(username, password, null);
    }

}

Imagery:

inserir a descrição da imagem aqui

Is there another way to retrieve cookies from an authentication? Which?

1 answer

0

  • Thanks @Douglasgaldino, this way I already know. The problem is that the method authenticate this with the annotation @Override being an interface method implemented in the class, so I cannot change the method by placing another parameter with an instance of HttpServletResponse.

  • :] It is necessary that cookies are recovered before authentication?

  • That’s what it takes.

  • 1

    I understand, if it were not, I could use a Handler (successHandler), which receives request, Response and Authentication in the parameters when extending Savedrequestawaresuccessionhandler

  • I even used the interface AuthenticationEntryPoint but it only works when the user accesses the application, and not when he logs in, but I will look for alternatives later. I was using the following material, see if you are also interested: http://pawel-malczyk.pl/wordpress/? p=291

  • 1

    It matters yes, I did not know some of the implementations, may be useful in future situations, Thank you.

  • I just met today including haha of nothing

Show 2 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.