Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to update header parameters from filter with Spring security?

Tags:

java

spring-mvc

spring

I am developing a filter with Spring security which extends of OncePerRequestFilter class and It has to update parameters in the REST service .Parameters are entered by the header with the annotation @RequestHeader.

I have tried to update parameters from the filter with the follows class: 

public class HeaderMapRequestWrapper extends HttpServletRequestWrapper {
    /**
     * construct a wrapper for this request
     * 
     * @param request
     */
    public HeaderMapRequestWrapper(HttpServletRequest request) {
        super(request);
    }

    private Map<String, String> headerMap = new HashMap<String, String>();

    /**
     * add a header with given name and value
     * 
     * @param name
     * @param value
     */
    public void addHeader(String name, String value) {
        headerMap.put(name, value);
    }

    public void removeteHeader(String name){
        headerMap.remove(name); 
    }
    @Override
    public String getHeader(String name) {
        String headerValue = super.getHeader(name);
        if (headerMap.containsKey(name)) {
            headerValue = headerMap.get(name);
        }
        return headerValue;
    }

    /**
     * get the Header names
     */
    @Override
    public Enumeration<String> getHeaderNames() {
        List<String> names = Collections.list(super.getHeaderNames());
        for (String name : headerMap.keySet()) {
            names.add(name);
        }
        return Collections.enumeration(names);
    }

    @Override
    public Enumeration<String> getHeaders(String name) {
        List<String> values = Collections.list(super.getHeaders(name));
        if (headerMap.containsKey(name)) {
            values.add(headerMap.get(name));
        }
        return Collections.enumeration(values);
    }

}

And with the method .addHeader("parameter", "New value"), but when I read the parameter in the method it has not changed, but if read it from .getHeader("parameter") method from HttpServletRequest class, which I have inyected in the same method class. The changes are done, but in the method parameters not appear.

The method is the follows:

@Autowired
HttpServletRequest a;


//Annotations @GetMapping......
public void method (@RequestHeader(value="Parameter") String parameter){
      System.out.print(parameter); //Parameter did not change
      system.out.print(a.getHeader("parameter"));    //Parameter changed.
}

Does Someone know how to change the operation parameters from a filter?, or from other way....

like image 242
J. Abel Avatar asked Dec 06 '17 15:12

J. Abel

People also ask

What Spring Security annotation can you use to filter the results of a method?

Simply put, the @PreFilter and @PostFilter annotations are used to filter lists of objects based on custom security rules we define. @PostFilter defines a rule for filtering the return list of a method, by applying that rule to every element in the list.

How do I override Defaultsecurityfilterchain?

@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity . authorizeRequests() // various GET/POST path enable rules, none of which would enable access to default ones (see log below) ... // finally, deny everything else . antMatchers("/**"). denyAll() ... } }

Can you add custom filters in Spring Security filter chain?

We can register the filter programmatically by creating a SecurityFilterChain bean. There are a couple of possible methods: addFilterBefore(filter, class) adds a filter before the position of the specified filter class. addFilterAfter(filter, class) adds a filter after the position of the specified filter class.

How does a Spring Security filter work?

Spring Security maintains a filter chain internally where each of the filters has a particular responsibility and filters are added or removed from the configuration depending on which services are required. The ordering of the filters is important as there are dependencies between them.

1 Answers

I'm not sure what you're doing wrong but when I try it with my setup it seems to work. Please take a look at the following code.

/**
 * username: test, password: test
 * Added Header: param
 * REST URL: http://localhost:8080/hello
 */

package com.test;

import java.io.IOException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.filter.OncePerRequestFilter;

@SpringBootApplication
public class TestRequestWrapperApplication {

    public static void main(String[] args) {
        SpringApplication.run(TestRequestWrapperApplication.class, args);
    }
}

@Component
class RequestWrapperFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        HeaderMapRequestWrapper wrappedRequest = new HeaderMapRequestWrapper((HttpServletRequest)request);
        wrappedRequest.addHeader("param", "Hello World!");

        filterChain.doFilter(wrappedRequest, response);
    }
}

@RestController
class TestRest {
    @GetMapping("hello")
    public String hello(@RequestHeader("param") String param) {
        return "param: " + param;
    }
}

@Configuration
class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("test").authorities("test").password("test");
    }
}

class HeaderMapRequestWrapper extends HttpServletRequestWrapper {
    public HeaderMapRequestWrapper(HttpServletRequest request) {
        super(request);
    }

    private Map<String, String> headerMap = new HashMap<String, String>();

    public void addHeader(String name, String value) {
        headerMap.put(name, value);
    }

    public void removeteHeader(String name) {
        headerMap.remove(name);
    }

    @Override
    public String getHeader(String name) {
        String headerValue = super.getHeader(name);
        if (headerMap.containsKey(name)) {
            headerValue = headerMap.get(name);
        }
        return headerValue;
    }

    @Override
    public Enumeration<String> getHeaderNames() {
        List<String> names = Collections.list(super.getHeaderNames());
        for (String name : headerMap.keySet()) {
            names.add(name);
        }
        return Collections.enumeration(names);
    }

    @Override
    public Enumeration<String> getHeaders(String name) {
        List<String> values = Collections.list(super.getHeaders(name));
        if (headerMap.containsKey(name)) {
            values.add(headerMap.get(name));
        }
        return Collections.enumeration(values);
    }

}
like image 197
11thdimension Avatar answered Sep 27 '22 20:09

11thdimension
Sign in to Comment

Related questions

Spark SQL - DataFrame - select - transformation or action?
Sorting a list of floats/double which are in String format with Comparator.comparing
LibGdx should I use gl30?
Does there exist a Babel like compiler for Java?
How to find automatic modules with javapackager
How to load a CSV file into Apache Arrow vectors and save an arrow file to disk
Having trouble referring to a method in another class
Inconsistent hashcode and equals java
MongoDB: trying to read Long from JSON causes java.lang.Integer cannot be cast to java.lang.Long
Java9 packager with jlink compress tags
fetch size for NamedParameterJdbctemplate?
New Date() object gives the same value
How can I implement custom asynchronous operation in Vert.x?
Is it ok to use Optional.ofNullable for checking if null and assigning default value
Why does Jackson's default deserializer set the Zone to UTC rather than Z?
how play video in fullscreen with exoplayer?
sonarLint complains "Null pointers should not be dereferenced (squid:S2259)" despite that possibility being handled
Java 8 stream - Merge maps and calculate average of "values"
Discover all installed R packages with a Java dependency (for security reasons)
Issue checking if binary tree is also binary search tree

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!