How to avoid HTTP POST parameter conversion to String in Spring Boot
up vote
0
down vote
favorite
I have built a controller that receives a POST
request with a username and a password (both strings) as URL encoded form values.
For security reasons I do not want to store the password as String
on my heap any more, I want to have it as a CharArray
so that I can overwrite it with 'XXXXXXX' after use.
So far, my controller looks like this:
@RequestMapping(
method = [POST],
value = ["/login"],
consumes = [MediaType.APPLICATION_FORM_URLENCODED_VALUE]
)
fun login(
@RequestBody
body: Map<String,String>
) {
val password = body["password"]
...
}
How can I change it so that I can be sure the password never gets converted to String anywhere inside the spring framework?
spring-mvc spring-boot security kotlin
add a comment |
up vote
0
down vote
favorite
I have built a controller that receives a POST
request with a username and a password (both strings) as URL encoded form values.
For security reasons I do not want to store the password as String
on my heap any more, I want to have it as a CharArray
so that I can overwrite it with 'XXXXXXX' after use.
So far, my controller looks like this:
@RequestMapping(
method = [POST],
value = ["/login"],
consumes = [MediaType.APPLICATION_FORM_URLENCODED_VALUE]
)
fun login(
@RequestBody
body: Map<String,String>
) {
val password = body["password"]
...
}
How can I change it so that I can be sure the password never gets converted to String anywhere inside the spring framework?
spring-mvc spring-boot security kotlin
What if I have Spring just inject theHttpServletRequest
and I do the parsing of the body myself?
– Bastian Voigt
Nov 8 at 10:14
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have built a controller that receives a POST
request with a username and a password (both strings) as URL encoded form values.
For security reasons I do not want to store the password as String
on my heap any more, I want to have it as a CharArray
so that I can overwrite it with 'XXXXXXX' after use.
So far, my controller looks like this:
@RequestMapping(
method = [POST],
value = ["/login"],
consumes = [MediaType.APPLICATION_FORM_URLENCODED_VALUE]
)
fun login(
@RequestBody
body: Map<String,String>
) {
val password = body["password"]
...
}
How can I change it so that I can be sure the password never gets converted to String anywhere inside the spring framework?
spring-mvc spring-boot security kotlin
I have built a controller that receives a POST
request with a username and a password (both strings) as URL encoded form values.
For security reasons I do not want to store the password as String
on my heap any more, I want to have it as a CharArray
so that I can overwrite it with 'XXXXXXX' after use.
So far, my controller looks like this:
@RequestMapping(
method = [POST],
value = ["/login"],
consumes = [MediaType.APPLICATION_FORM_URLENCODED_VALUE]
)
fun login(
@RequestBody
body: Map<String,String>
) {
val password = body["password"]
...
}
How can I change it so that I can be sure the password never gets converted to String anywhere inside the spring framework?
spring-mvc spring-boot security kotlin
spring-mvc spring-boot security kotlin
asked Nov 8 at 9:29
Bastian Voigt
2,17322448
2,17322448
What if I have Spring just inject theHttpServletRequest
and I do the parsing of the body myself?
– Bastian Voigt
Nov 8 at 10:14
add a comment |
What if I have Spring just inject theHttpServletRequest
and I do the parsing of the body myself?
– Bastian Voigt
Nov 8 at 10:14
What if I have Spring just inject the
HttpServletRequest
and I do the parsing of the body myself?– Bastian Voigt
Nov 8 at 10:14
What if I have Spring just inject the
HttpServletRequest
and I do the parsing of the body myself?– Bastian Voigt
Nov 8 at 10:14
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53204851%2fhow-to-avoid-http-post-parameter-conversion-to-string-in-spring-boot%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
What if I have Spring just inject the
HttpServletRequest
and I do the parsing of the body myself?– Bastian Voigt
Nov 8 at 10:14