private SubmitUserAttributes getSubmittedAttributes(HttpServletRequest req) throws AuthnErrorException, AuthnAdapterException
{
	if (apiSupport.isApiRequest(req))
	{
		try
		{
			return apiSupport.deserializeAsModel(req, SubmitUserAttributes.class);
		}
		catch (IOException e)
		{
			throw new AuthnAdapterException(e);
		}
	}
	else
	{
		SubmitUserAttributes result = new SubmitUserAttributes();
		result.setUsername(req.getParameter("username"));
 
		for (String key : extendedAttr)
		{
			result.getUserAttributes().put(key, req.getParameter(key));
		}
		return result;
	}
}

The deserializeAsModel() method also does some validation on the incoming JSON. This includes checking for fields flagged as required in the model, using the @Schema annotation. If a validation error occurs during this step, the method throws an AuthnErrorException, which the adapter can convert to an API error response. For more information, see Handling authentication error exceptions.