SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec.

16 years ago · 4d8956a227
4 changed files with 11 additions and 11 deletions
--- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java
@ -43,11 +43,11 @@ import org.springframework.util.StringUtils;
 *
 * The user's OpenID identity is submitted via a login form, just as it would be for a normal form login. At this stage
 * the filter will extract the identity from the submitted request (by default, the parameter is called
- * <tt>j_username</tt>, as it is for form login. It then passes the identity to the configured <tt>OpenIDConsumer</tt>,
+ * <tt>openid_identifier</tt>, as recommended by the OpenID 2.0 Specification). It then passes the identity to the
- * which returns the URL to which the request should be redirected for authentication. A "return_to" URL is also supplied,
+ * configured <tt>OpenIDConsumer</tt>, which returns the URL to which the request should be redirected for authentication.
- * which matches the URL processed by this filter, to allow the filter to handle the request once the user has
+ * A "return_to" URL is also supplied, which matches the URL processed by this filter, to allow the filter to handle
- * been successfully authenticated. The OpenID server will then authenticate the user and redirect back to the
+ * the request once the user has been successfully authenticated. The OpenID server will then authenticate the user and
- * application.
+ * redirect back to the application.
 *
 * <h2>Processing the Redirect from the OpenID Server</h2>
 *
@ -66,7 +66,7 @@ import org.springframework.util.StringUtils;
 public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    //~ Static fields/initializers =====================================================================================
-    public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "j_username";
+    public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "openid_identifier";
    //~ Instance fields ================================================================================================
@ -224,7 +224,7 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
    /**
     * The name of the request parameter containing the OpenID identity, as submitted from the initial login form.
     *
-     * @param claimedIdentityFieldName defaults to "j_username"
+     * @param claimedIdentityFieldName defaults to "openid_identifier"
     */
    public void setClaimedIdentityFieldName(String claimedIdentityFieldName) {
        this.claimedIdentityFieldName = claimedIdentityFieldName;
--- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
+++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java
@ -45,7 +45,7 @@ public class OpenIDAuthenticationFilterTests {
        MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH);
        MockHttpServletResponse response = new MockHttpServletResponse();
-        req.setParameter("j_username", CLAIMED_IDENTITY_URL);
+        req.setParameter("openid_identifier", CLAIMED_IDENTITY_URL);
        req.setRemoteHost("www.example.com");
        filter.setConsumer(new MockOpenIDConsumer() {
--- a/samples/openid/src/main/webapp/openidlogin.jsp
+++ b/samples/openid/src/main/webapp/openidlogin.jsp
@ -21,7 +21,7 @@
    <form name="f" action="<c:url value='j_spring_openid_security_check'/>" method="POST">
      <table>
-        <tr><td>OpenID Identity:</td><td><input type='text' name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr>
+        <tr><td>OpenID Identity:</td><td><input type='text' name='openid_identifier' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr>
        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
@ -30,4 +30,4 @@
    </form>
  </body>
-</html>
+</html>
--- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
@ -66,7 +66,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
        if (openIDFilter != null) {
            openIdEnabled = true;
            openIDauthenticationUrl = openIDFilter.getFilterProcessesUrl();
-            openIDusernameParameter = "j_username";
+            openIDusernameParameter = "openid_identifier";
            if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
                openIDrememberMeParameter = ((AbstractRememberMeServices)openIDFilter.getRememberMeServices()).getParameter();