How to avoid HTTP POST parameter conversion to String in Spring Boot

Multi tool use
Multi tool use











up vote
0
down vote

favorite












I have built a controller that receives a POST request with a username and a password (both strings) as URL encoded form values.



For security reasons I do not want to store the password as String on my heap any more, I want to have it as a CharArray so that I can overwrite it with 'XXXXXXX' after use.



So far, my controller looks like this:



@RequestMapping(

  method = [POST], 

  value = ["/login"],

  consumes = [MediaType.APPLICATION_FORM_URLENCODED_VALUE]

)

fun login(

   @RequestBody 

   body: Map<String,String>

) {

   val password = body["password"]

   ...

}


How can I change it so that I can be sure the password never gets converted to String anywhere inside the spring framework?






spring-mvc spring-boot security kotlin







share|improve this question






















  • What if I have Spring just inject the HttpServletRequest and I do the parsing of the body myself?
    – Bastian Voigt
    Nov 8 at 10:14















up vote
0
down vote

favorite












I have built a controller that receives a POST request with a username and a password (both strings) as URL encoded form values.



For security reasons I do not want to store the password as String on my heap any more, I want to have it as a CharArray so that I can overwrite it with 'XXXXXXX' after use.



So far, my controller looks like this:



@RequestMapping(

  method = [POST], 

  value = ["/login"],

  consumes = [MediaType.APPLICATION_FORM_URLENCODED_VALUE]

)

fun login(

   @RequestBody 

   body: Map<String,String>

) {

   val password = body["password"]

   ...

}


How can I change it so that I can be sure the password never gets converted to String anywhere inside the spring framework?






spring-mvc spring-boot security kotlin







share|improve this question






















  • What if I have Spring just inject the HttpServletRequest and I do the parsing of the body myself?
    – Bastian Voigt
    Nov 8 at 10:14













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have built a controller that receives a POST request with a username and a password (both strings) as URL encoded form values.



For security reasons I do not want to store the password as String on my heap any more, I want to have it as a CharArray so that I can overwrite it with 'XXXXXXX' after use.



So far, my controller looks like this:



@RequestMapping(

  method = [POST], 

  value = ["/login"],

  consumes = [MediaType.APPLICATION_FORM_URLENCODED_VALUE]

)

fun login(

   @RequestBody 

   body: Map<String,String>

) {

   val password = body["password"]

   ...

}


How can I change it so that I can be sure the password never gets converted to String anywhere inside the spring framework?






spring-mvc spring-boot security kotlin







share|improve this question













I have built a controller that receives a POST request with a username and a password (both strings) as URL encoded form values.



For security reasons I do not want to store the password as String on my heap any more, I want to have it as a CharArray so that I can overwrite it with 'XXXXXXX' after use.



So far, my controller looks like this:



@RequestMapping(

  method = [POST], 

  value = ["/login"],

  consumes = [MediaType.APPLICATION_FORM_URLENCODED_VALUE]

)

fun login(

   @RequestBody 

   body: Map<String,String>

) {

   val password = body["password"]

   ...

}


How can I change it so that I can be sure the password never gets converted to String anywhere inside the spring framework?






spring-mvc spring-boot security kotlin




spring-mvc spring-boot security kotlin






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 8 at 9:29









Bastian Voigt

2,17322448




2,17322448












  • What if I have Spring just inject the HttpServletRequest and I do the parsing of the body myself?
    – Bastian Voigt
    Nov 8 at 10:14


















  • What if I have Spring just inject the HttpServletRequest and I do the parsing of the body myself?
    – Bastian Voigt
    Nov 8 at 10:14
















What if I have Spring just inject the HttpServletRequest and I do the parsing of the body myself?
– Bastian Voigt
Nov 8 at 10:14




What if I have Spring just inject the HttpServletRequest and I do the parsing of the body myself?
– Bastian Voigt
Nov 8 at 10:14

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53204851%2fhow-to-avoid-http-post-parameter-conversion-to-string-in-spring-boot%23new-answer', 'question_page');
}
);

Post as a guest























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53204851%2fhow-to-avoid-http-post-parameter-conversion-to-string-in-spring-boot%23new-answer', 'question_page');
}
);

Post as a guest






































































FAsV XnFaJ9wU lwoF1p,WXpIxO pJv 1yw,D2A4tM4WNKOMJ x1,p,Ozey8,HbHaPXRCKsYk8Q,E,z6jycPDE nnQVdJDH thQT
-
fL6PxBkqDzJVMV Z3SSYaVfvAowgXz2Xkqs

Popular posts from this blog

How to pass form data using jquery Ajax to insert data in database?

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 1 I have 4 tables namely stud, country_master_academic,master_state and master_city. The main problem is that my form consists of many different fields like textbox, radio buttons, dropdown and an image file, so i am getting really confused. I can't insert data in database. Please help me. I tried many times but its not working. Thanks for the help in advance. Modal in home.php page <div class="container"> <div class="modal fade" id="add_data_modal" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> ...
Read more

Guess what letter conforming each word

Image
6 $begingroup$ This is an entry in the Fortnightly Topic Challenge #41: Short and Sweet. 1 letter only could be mean anything . With an additional letter in front , could be used as medicine component and something you definitely learn or at least heard once. Add another letter in front , you would possibly hear that many times . Add an additional letter in front , you would found an independent country . With an additional letter, in the end , you would found something related to apple . Add another letter in the end , you would found something bad . Hint: Each letter is unique . word knowledge letters chemistry share | improve this question ...
Read more

Run scheduled task as local user group (not BUILTIN)

Image
0 I am trying to run a scheduled task with User Group (not a single user). This is working fine when I in the field "when running a task, use the following user account:" insert BUILTIN User Group (for example: Administrators or Users). But when I try it with the created Local User Group (example: TestGroup) it is not working. The Users in the TestGroup are the same as in the Administrators group. What could be the problem? Are there some restrictions to the Created User Group compared to BUILTINUsers? scheduled-tasks taskscheduler windowstaskschedule share | improve this question asked Nov 15 '18 at 15:36 Far...
Read more