Recover Cookies in Spring Security Authentication

Question

Recover Cookies in Spring Security Authentication

Asked 8 years, 6 months ago

Viewed 455 times

2

How can I recover cookies when the user logs in through Spring Security and with the implementation of the interface AuthenticationProvider? If I recover an instance of HttpServletRequest from a class with controller I have access to Cookies, but if doing so returns null the attribute with Cookies:

Obs: I have Cookies set, are displayed on Devtools chrome.

Code:

@Component
public class LoginAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication)
            throws AuthenticationException {

        /* Aqui tento recuperar os cookies */
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
        /* Aqui tento recuperar os cookies */

        String username =  authentication.getName().toString();
        String password = (String) authentication.getCredentials();

        if (! AuthenticationConvert.validaSchema(username)) {
            throw new SchemaNotFoundException();
        } 

        SecurityContextHolder.getContext().setAuthentication(authentication);   


        Usuario usuario = usuarioService.findUsuario(AuthenticationConvert.getLogin(authentication.getName().toString()));  

        if (usuario == null)
            throw new UsernameNotFoundException("Usuário não encontrado.");

        if (! usuario.getSenha().equalsIgnoreCase(password))
            throw new BadCredentialsException("Senha incorreta.");

        return new UsernamePasswordAuthenticationToken(username, password, null);
    }

}

Imagery:

Is there another way to retrieve cookies from an authentication? Which?

1 answer

Browser other questions tagged java spring cookies spring-security request

You are not signed in. Login or sign up in order to post.

by dougg0k • **1,619** points · Answer 1 · 2015-12-16T12:20:49+00:00

0

It is possible to recover with an Annotation, performing Binding through a parameter.

public void metodo(@CookieValue("nome") String cookie) {

}

To add you need a HttpServletResponse

public void metodo2(HttpServletResponse response) {
   Cookie cookie = new Cookie("chave", "valor");
   //configurações do cookie
   response.addCookie(cookie);
}

http://docs.spring.io/spring/docs/current/spring-framework-reference/html/mvc.html#mvc-Ann-cookievalue

http://viralpatel.net/blogs/spring-mvc-cookie-example/

Thanks @Douglasgaldino, this way I already know. The problem is that the method authenticate this with the annotation @Override being an interface method implemented in the class, so I cannot change the method by placing another parameter with an instance of HttpServletResponse.

– Giancarlo Abel Giulian

2015/12/16 at 12:24
:] It is necessary that cookies are recovered before authentication?

– dougg0k

2015/12/16 at 13:44
That’s what it takes.

– Giancarlo Abel Giulian

2015/12/16 at 13:46
1

I understand, if it were not, I could use a Handler (successHandler), which receives request, Response and Authentication in the parameters when extending Savedrequestawaresuccessionhandler

– dougg0k

2015/12/16 at 13:48
I even used the interface AuthenticationEntryPoint but it only works when the user accesses the application, and not when he logs in, but I will look for alternatives later. I was using the following material, see if you are also interested: http://pawel-malczyk.pl/wordpress/? p=291

– Giancarlo Abel Giulian

2015/12/16 at 13:57
1

It matters yes, I did not know some of the implementations, may be useful in future situations, Thank you.

– dougg0k

2015/12/16 at 15:15
I just met today including haha of nothing

– Giancarlo Abel Giulian

2015/12/16 at 15:47

Show 2 more comments