Home/ Questions/Q 3609122
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T21:35:12+00:00

I am writing an OpenID filter based on the JOID library to allow applications

  • 0

I am writing an OpenID filter based on the JOID library to allow applications to transparently authenticate against our local OpenID Server. Since OpenID works via HTTP redirects, I end up losing the original request object in the process, especially if it’s a POST with a data body. Is it possible to save the request object in a way that I can reuse it later in the transaction, after the user has been authenticated? Even just saving the message body itself should suffice, as I can preserve the query URL easily enough with a roundtrip redirect (by using the OpenID’s return-to-url).

I want to make this completely transparent to the underlying servlets, so they behave the same whether the user went through the OpenID flow for this particular request or just has a valid/authenticated local session.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Store the data of interest (request parameters, request attributes, etc) in a Map in session scope by an unique ID as key which you add to the return-to-url.

    String id = UUID.randomUUID().toString();
DataOfInterest data = new DataOfInterest(request);
Map<String, DataOfInterest> map = (Map<String, DataOfInterest) session.getAttribute("dataOfInterest");
map.put(id, data);
returnToUrl += "?token=" + URLEncoder.encode(id, "UTF-8");
// ...

    And then when it comes back, use HttpServletRequestWrapper to wrap the current request wherein you override the getParameter() and consorts to return the original data of interest. Do this in a Filter.

    String id = request.getParameter(token);
Map<String, DataOfInterest> map = (Map<String, DataOfInterest) session.getAttribute("dataOfInterest");
DataOfInterest data = map.remove(id);
chain.doFilter(new HttpServletRequestWithDataOfInterest(request, data), response);

    The HttpServletRequestWithDataOfInterest can look like this:

    public class HttpServletRequestWithDataOfInterest extends HttpServletRequestWrapper {

    private DataOfInterest data;

    public HttpServletRequestWithDataOfInterest(HttpServletRequest request, DataOfInterest data) {
        super(request);
        this.data = data;
    }

    public String getParameter(String name) {
        return data.getParameter(name);
    }

    public String[] getParameterValues(String name) {
        return data.getParameterValues(name);
    }

    // Etc, only when necessary.
}

    Note: any obvious nullcheck handling etc is up to you.

    • 0