-1

I have made a simple spring mvc application using spring 3.1.my objective isto implement the spring-security feature in my project.security part is working fine but I'm having problem in getting the username entered by user within my spring controller class(Java class).

I know it is very easy with jsp,we used to achieve this through request.getParameter("input component name") but since it is spring I am not getting the valu inside my controller using this very syntax,so,I decided to use @RequestParam.I'm attaching my code herewith.My jsp page is login.jsp as follows

    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
      <html>
        <head>
            <title>Login Page</title>
         <style>
           .errorblock {
            color:red;
            background-color: #ffEEEE;
            border: 3px solid #ff0000;
            padding: 8px;
            margin: 16px;
             }
        </style>
       </head>

        <body onload='document.f.j_username.focus();'>
                 <h3>Login with Username and Password (Custom Page)</h3>

<c:if test="${not empty error}">
    <div class="errorblock">
        Your login attempt was not successful, try again.<br /> Caused by:
        ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
    </div>
</c:if>

<form name='f' action="<c:url value='j_spring_security_check'/>"
    method='POST'>

    <table>
        <tr>
            <td>User:</td>
            <td><input type='text' name='j_username'>
            </td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='j_password'/>
            </td>
        </tr>
        <tr>
            <td><input name="submit" type="submit"
                value="Submit" />
            </td>
            <td><input name="reset" type="reset" />
            </td>
        </tr>
    </table>
</form>
   </body>
  </html>

from the field 'j_username' we want to get the value entered by the user inside our controller.Now I'm attaching my Controller class named ContactController.java as follows

   package com.edifixio.controller;

   import java.util.Map;
   import javax.servlet.http.HttpServletRequest;
   import org.springframework.beans.factory.annotation.Autowired;
   import org.springframework.stereotype.Controller;
   import org.springframework.validation.BindingResult;
   import org.springframework.web.bind.annotation.ModelAttribute;
   import org.springframework.web.bind.annotation.RequestMapping;
   import org.springframework.web.bind.annotation.RequestMethod;
   import org.springframework.web.bind.annotation.RequestParam;
   import com.edifixio.model.Contact;
   import com.edifixio.service.InContactService;

   @Controller
   public class ContactController{

private InContactService inContactService;

public InContactService getInContactService() {
    return inContactService;
}

@Autowired
public void setInContactService(InContactService inContactService) {
    this.inContactService = inContactService;
}

@RequestMapping(value = "/index")
public String login() {
    return "login";
}

@RequestMapping(value = "/loginfailed", method = RequestMethod.GET)
public String loginError() {
    return "login";
}

@RequestMapping(value = "/logout")
public String logout() {
    return "login";
}

@RequestMapping(value = "/welcome", method = RequestMethod.GET)
public String listManagers(Map<String, Object> map,@RequestParam String j_username){
    System.out.println("User="+j_username);
    map.put("contact", new Contact());
    map.put("contactList", inContactService.showAllManager());
    return "allcontact";
}

@RequestMapping(value = "/add", method = RequestMethod.POST)
public String storeManager(@ModelAttribute("contact") Contact contact,
        BindingResult bindingResult) {
    inContactService.addContact(contact);
    return "redirect:/index";
   }
   }

Now I'm getting the error with following controller code 

   public String listManagers(Map<String, Object> map,@RequestParam String j_username){
    System.out.println("User="+j_username);
    map.put("contact", new Contact());
    map.put("contactList", inContactService.showAllManager());
    return "allcontact";
}

I am getting the error 

   HTTP Status 400 - 

   type Status report

   description: The request sent by the client was syntactically incorrect ().

I have tried with the following code to optimize the error::

   @RequestMapping(value = "/welcome", method = RequestMethod.GET)
  public String listManagers(Map<String, Object>map,@RequestParam(required=false)   String j_username){
    System.out.println("User="+j_username);
    map.put("contact", new Contact());
    map.put("contactList", inContactService.showAllManager());
    return "allcontact";
}

using this I was able to bypass the server error 400 but couldn't retrieve the user name within the above mentioned controller

here is my spring-security.xml file

   <beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
  http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
  http://www.springframework.org/schema/security
  http://www.springframework.org/schema/security/spring-security-3.1.xsd">

  <http auto-config="true">
    <intercept-url pattern="/login" access="ROLE_ADMIN" />
    <form-login login-page="/login" default-target-url="/welcome"
        authentication-failure-url="/loginfailed" />
    <logout logout-success-url="/logout" />
  </http>

  <authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="SELECT user_name,user_password,account_status FROM systemuser WHERE user_name=?"
            authorities-by-username-query="SELECT user_name,authority FROM systemuser WHERE user_name=?"/>
    </authentication-provider>
</authentication-manager>
 </beans:beans>

can anyone has any feasible solution to this?????????

Sumit Ghosh
  • 39
  • 2
  • 14

1 Answers1

0

You don't need to process j_username and j_password. When form is submitted spring_security use authentication-manager to check if user name and password are valid. If data is valid you will be redirected to welcome. Otherwise to loginfailed. If you need username and password inside your controller after user authentication you may use Principal.

@RequestMapping(value = "/welcome", method = RequestMethod.GET)
public String listManagers(Map<String, Object> map, Principal principal){
    System.out.println("User="+principal.getName());
    map.put("contact", new Contact());
    map.put("contactList", inContactService.showAllManager());
    return "allcontact";
}
mvb13
  • 1,514
  • 3
  • 18
  • 33
  • I know that very well I'm trying to process the value 'j_username' bczI need it for some other purpose.just tell me how can I access the value of 'j_username' from spring controller.There is no problem with login or security that part is working fine I have allready mentioned in the post. – Sumit Ghosh Nov 11 '13 at 11:39
  • I answered you: just use a Principal in your Controller method. Principal contains username and password. – mvb13 Nov 11 '13 at 11:41
  • ok ok.just tell me which Principal you are talking about there are two types of principal 1)java.security.Principal 2)org.omg.CORBA.Principal – Sumit Ghosh Nov 11 '13 at 11:45
  • I am talking about java.security.Principal – mvb13 Nov 11 '13 at 11:47
  • ok thanks using principal.getName() i got the user name and how can I retrieve the password??? – Sumit Ghosh Nov 11 '13 at 11:51
  • try to do http://stackoverflow.com/questions/5088319/how-can-i-get-plaintext-password-from-spring-security – mvb13 Nov 11 '13 at 12:14
  • yes i did,but unable to retrieve the password through getCredentials() method – Sumit Ghosh Nov 12 '13 at 10:00
  • Ok, if you really need it retrieve password from database, using user name. – mvb13 Nov 12 '13 at 10:04
  • haha thats funny,yah i will do that if i require and thanks a lot for help and guidance looking forward to your compnay in future – Sumit Ghosh Nov 12 '13 at 10:13