How to extract Username and Password in Spring Boot?

Question

I have a scenario where I am trying to connect my Frontend system (SAP UI5) to an OData Source for fetching the results.

However, there is a middleware layer in Java - Spring boot, which captures all the requests from the UI and forwards it to the OData services. The reason is, the OData services are not pubicly available. They are behind a firewall whereas the Spring Boot application is publicly available. So, I am using a reverse proxy to make the connection between Spring Boot and OData services, which works.

But the problem here is the OData services (API) require user authentication to access data. This user authentication is already done once on the UI layer.

There is App2Appp SSO enabled from UI -> SPring Boot application. So I can make use of Spring security to access the Principal object. I want to know, besides knowing the username of the logged in user, how do I get the password ?

Answer 1

When you have an application secured with Spring Security, either Spring Boot or normal Spring, you have an object that accesses the security of a particular authentication.

You can call and get the Principal (object of java security):

Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

This principal in spring is a UserDetails object, which is where we configure all user information in Spring.

Then to get the username and password and pass them to your OData services:

String username = ((UserDetails)principal).getUsername();
String password = ((UserDetails)principal).getPassword();