Spring Security - Auto login based on the url parameter


#1

I have big application which secure using Spring Security/jHipster. But some users would be accessing one page/view without userid/password, but rest of the application will need password.

The user will be identified using a request parameter (adviceNumber=1234). The application makes an internal call based on this number to find if the request can be allowed. I am auto-login such users with internal hardcoded user with specific role.

But somehow, spring security eats the parameters and saves the original request in the cache. RequestCache/HttpSessionRequestCache/SavedRequest.

I just have one custom filter which checks the JWT token in the filter chain using Okta’s JWT library. Rest of the filters are standard added by Spring Security.

How to get access to RequestCache? and where ? I tried to add one more custom filter but I am not able to get request parameters or RequestCache even before the first filter ChannelProcessingFilter.