Spring security: Redirect after successful authentication based on a drop-down value in the login form

Question

I'm not getting selected drop down values from front-end when i use 'commandName' attribute along with spring security, as the LoginModel fields (strLogintype,strUserType)become 'null' when i get it in controller.

But when i'm not using spring security, the same code works fine.I did tried the solution mentioned in link1 and link2 but it didn't work in my case.

My login JSP code is like this:

                    <script>
        $(document).ready(function() {
        $type = $("select[id='userType']");
        $page = $("select[id='signInPage']");
        $("<option>Account Summary</option>").appendTo($page);
        $("<option>Basket Order</option>").appendTo($page);
        $("<option>Portfolio</option>").appendTo($page);
        $type.change(function() {
                    ...
        });
        });
        </script>                              
    <c:set var = "url" value = "/j_spring_security_check" />
    <form:form method="post" commandName="portalLogin" action="${pageContext.servletContext.contextPath}${url}" name="f">
    <form:select path ="strUserType" style="font-family: tahoma;font-style: normal;font-size: 11px;" id="userType">
                  <form:option value="retail" selected="selected">Retail</form:option>
                  <form:option value="admin">Admin</form:option>
    </form:select>
    <div class="left"><spring:message code="label.startIn" /></div>
    <form:select path="strLogintype" style="font-family: tahoma;font-style: normal;font-size: 11px;" id="signInPage" > </form:select>

My controller code is like this:

       @RequestMapping("/signIn")
    public ModelAndView onClickLogin(
    @ModelAttribute("portalLogin") LoginModel loginModel, Model model,HttpServletRequest request) {

    strLoginPg = loginModel.getStrLogintype();
    if (strLoginPg != null && strLoginPg.equals("Basket Order")) {
        return new ModelAndView("redirect:BasketOrders.html");
    } else if (strLoginPg != null && strLoginPg.equals("Portfolio")) {
        return new ModelAndView("redirect:portfolio.html");
    } else if (strLoginPg != null && strLoginPg.equals("Account Summary")) {
        return new ModelAndView("redirect:accountSummary.html");
    } else if (strLoginPg != null && strLoginPg.equals("General Settings")) {
        return new ModelAndView("redirect:settings.html");
    } else{
                    return new ModelAndView("redirect:adminConfig.html");
            }}

[Update]: I tried two ways:

I created custom authenticationsuccesshandler.LoginController is same as it is.When i run the application i see that CustomSimpleURLAuthenticationSuccessHandler is fired, but here again i'm not getting the selected dropdown value from front-end in controller and instead it's null.Because of this i land up in a different page (adminConfig).

second way:

I reverted back to my earlier code.I just used @RequestParam attribute for 'onClickLogin' method of LoginController.

   @RequestMapping("/signIn")
public ModelAndView onClickLogin(
        @ModelAttribute("portalLogin") LoginModel loginModel, @RequestParam("strLogintype") String strtype, Model model,HttpServletRequest request) {

jsp page:

   <form:select path="strLogintype" name="strLogintype" style="font-family: tahoma;font-style: normal;font-size: 11px;" id="strLogintype" >

But i get following error 'HTTP Status 400 - Required String parameter 'strLogintype' is not present'. It also says 'The request sent by the client was syntactically incorrect'. What is going wrong here? Also, does @RequestParam serve the purpose of getting 'selected' dropwdown values in jsp page.

How can i retain the selected dropdown value once control goes to spring security and when it makes call to controller?

Answer 1

I got it working after i added the following:

1. RequestContextListener in web.xml

          <listener>
          <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
          </listener>
   

2. CustomUsernamePasswordAuthenticationFilter class

       public class CustomUsernamePasswordAuthenticationFilter extends
   UsernamePasswordAuthenticationFilter {
       @Override
   public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
       final String strLogintype = request.getParameter("strLogintype");
       request.getSession().setAttribute("strLogintype", strLogintype);
       return super.attemptAuthentication(request, response); 
   } 
   }
   

3. CustomSimpleURLAuthenticationSuccessHandler class

           public class CustomSimpleURLAuthenticationSuccessHandler extends
   SimpleUrlAuthenticationSuccessHandler {
           public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
       Authentication authentication) throws IOException, ServletException {
   
       final String strLogintype = request.getParameter("strLogintype");
       String session= (String)request.getSession().getAttribute("strLogintype");
       setDefaultTargetUrl("/signIn.html?strLoginPg=" + request.getParameter("strLogintype"));
       super.onAuthenticationSuccess(request, response, authentication);
   }
   }
   

I noticed that CustomUsernamePasswordAuthenticationFilter class itself did the work of storing the additional parameter in session. I used CustomSimpleURLAuthenticationSuccessHandler to append that additional parameter (strLoginPg) with DefaultTargetUrl (/signIn.html),which i think could not have been done with any other attribute in context xml. Thanks.