Accessing HST request context on Spring Security POST


#1

For our Hippo project, we implemented Spring Security (ver. 4.2.10-RELEASE) for authentication control, where we based the integration on the documentation described in https://www.onehippo.org/labs/setting-up-spring-security-in-hippo.html.
This documentation describes an example where the credentials are checked against the Hippo repository. We tested this and everything works as expected.
However, for our project we need to access an external system to validate the credentials given by the user. To achieve this we created a customer authentication provider.
In order to access the external environment we need to retrieve some information, which is stored in a ChannelInfo, from the resolved mount (i.e. RequestContextProvider.get().getResolvedMount().getMount().getChannelInfo()). However, when using this piece of code in our custom authentication provider, this caused an exception because there is no HstRequestContext (yet?). It looks like this is because the HstFilter is executed after the springSecurityFilterChain. According to the documentation this is required though, because “the HST Spring Security Valve depends on a Spring Security managed principal”.
Is there a known way to retrieve the HST request context or resolved mount in a login (or logout) POST request of Spring Security?


#2

well, you pretty much answered it yourself: no, it is not possible because request needs to go through HST filter to create HST context etc.