Adding Request Parameters

Hi,

How can I add some dynamic request parameters to the incoming authenticated request. This is based on the role of the user which is loaded from the database and the incoming ucl(already authenticated). Please note that this is for a pre-authenticated scenario (spring security is only doing authorization).

Regards,
DJ

I don't think the servlet API allows you to modify the list of parameters directly. If you think this is the best way, you can use a request wrapper (javax.servlet.from.fromServletRequestWrapper
) and override the getParameter* methods.

Make sure you aren't adding anything important that a user can fake as a parameter themselves.

Hi, Luke
Let me explain the need.

1. Want to get the matching Config Attibute (from Object Definition Source) for the ucl.
2. Based on Config attribute set a request attribute.I have roles stored in the database against a user name (numbering in hundreds, unfortunately I can't group them). DB schema is like user name, role and mode. The mode can be edit or view. Also any number of role can be configured against a user and this can change. What I am doing is matching the incoming request ucl against a regexp ucl format. Spring security is working perfectly. When the page is displayed I want to tell what mode it should be displayed (EDIT / VIEW).

I was planning to pass the mode as a request attribute somewhere after getting ConfigAttribute so that I will know which role and what is the mode (view or edit) for that role.

Thanks,
Deepak Jacob

Are you asking about where to store the information or how to get code to execute in order to put it there?

question is how to code to execute in order to put there

You might consider using AOP or a HandlerInterceptor (so something similar) to intercept the request. I haven't done this in a while, so I'm afraid I can't give further details right now.