GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-471: Allow names of username and password parameters to be customized in AuthenticationProcessingFilter.

2.0.x
Luke Taylor 19 years ago
parent
3326525b65
commit
c56b8c4117
2 changed files with 56 additions and 25 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 44
      core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
  2. 37
      core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java

44
core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
Unescape View File

@ -21,6 +21,7 @@ import org.acegisecurity.AuthenticationException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AbstractProcessingFilter; import org.acegisecurity.ui.AbstractProcessingFilter;
import org.springframework.util.Assert;
import javax.servlet.FilterConfig; import javax.servlet.FilterConfig;
import javax.servlet.ServletException; import javax.servlet.ServletException;
@ -28,10 +29,15 @@ import javax.servlet.http.HttpServletRequest;
/** /**
* Processes an authentication form.<p>Login forms must present two parameters to this filter: a username and * Processes an authentication form.
* password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} * <p>Login forms must present two parameters to this filter: a username and
* and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p> * password. The default parameter names to use are contained in the
* <P><B>Do not use this class directly.</B> Instead configure <code>web.xml</code> to use the {@link * static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.
* The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
* properties.
* </p>
*
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.</p> * org.acegisecurity.util.FilterToBeanProxy}.</p>
* *
* @author Ben Alex * @author Ben Alex
@ -45,10 +51,12 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password"; public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME"; public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
private String usernameParameter = ACEGI_SECURITY_FORM_USERNAME_KEY;
private String passwordParameter = ACEGI_SECURITY_FORM_PASSWORD_KEY;
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public Authentication attemptAuthentication(HttpServletRequest request) public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
throws AuthenticationException {
String username = obtainUsername(request); String username = obtainUsername(request);
String password = obtainPassword(request); String password = obtainPassword(request);
@ -94,7 +102,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
* <code>AuthenticationManager</code> * <code>AuthenticationManager</code>
*/ */
protected String obtainPassword(HttpServletRequest request) { protected String obtainPassword(HttpServletRequest request) {
return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY); return request.getParameter(passwordParameter);
} }
/** /**
@ -107,7 +115,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
* <code>AuthenticationManager</code> * <code>AuthenticationManager</code>
*/ */
protected String obtainUsername(HttpServletRequest request) { protected String obtainUsername(HttpServletRequest request) {
return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY); return request.getParameter(usernameParameter);
} }
/** /**
@ -120,4 +128,24 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) { protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request)); authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
} }
/**
* Sets the parameter name which will be used to obtain the username from the login request.
*
* @param usernameParameter the parameter name. Defaults to "j_username".
*/
public void setUsernameParameter(String usernameParameter) {
Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
this.usernameParameter = usernameParameter;
}
/**
* Sets the parameter name which will be used to obtain the password from the login request..
*
* @param passwordParameter the parameter name. Defaults to "j_password".
*/
public void setPasswordParameter(String passwordParameter) {
Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
this.passwordParameter = passwordParameter;
}
} }

37
core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java
Unescape View File

@ -24,6 +24,8 @@ import org.acegisecurity.ui.WebAuthenticationDetails;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import javax.servlet.ServletException;
/** /**
* Tests {@link AuthenticationProcessingFilter}. * Tests {@link AuthenticationProcessingFilter}.
@ -35,7 +37,6 @@ public class AuthenticationProcessingFilterTests extends TestCase {
//~ Constructors =================================================================================================== //~ Constructors ===================================================================================================
public AuthenticationProcessingFilterTests() { public AuthenticationProcessingFilterTests() {
super();
} }
public AuthenticationProcessingFilterTests(String arg0) { public AuthenticationProcessingFilterTests(String arg0) {
@ -44,14 +45,6 @@ public class AuthenticationProcessingFilterTests extends TestCase {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthenticationProcessingFilterTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testGetters() { public void testGetters() {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
assertEquals("/j_acegi_security_check", filter.getDefaultFilterProcessesUrl()); assertEquals("/j_acegi_security_check", filter.getDefaultFilterProcessesUrl());
@ -62,10 +55,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa"); request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala"); request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(authMgr); filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.init(null); filter.init(null);
Authentication result = filter.attemptAuthentication(request); Authentication result = filter.attemptAuthentication(request);
@ -77,10 +68,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa"); request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(authMgr); filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.init(null); filter.init(null);
Authentication result = filter.attemptAuthentication(request); Authentication result = filter.attemptAuthentication(request);
@ -91,13 +80,27 @@ public class AuthenticationProcessingFilterTests extends TestCase {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala"); request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
MockAuthenticationManager authMgr = new MockAuthenticationManager(true); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.init(null);
Authentication result = filter.attemptAuthentication(request);
assertTrue(result != null);
}
public void testUsingDifferentParameterNamesWorksAsExpected() throws ServletException {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(authMgr); filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.setUsernameParameter("x");
filter.setPasswordParameter("y");
filter.init(null); filter.init(null);
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter("x", "marissa");
request.addParameter("y", "koala");
Authentication result = filter.attemptAuthentication(request); Authentication result = filter.attemptAuthentication(request);
assertTrue(result != null); assertTrue(result != null);
assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
} }
} }

Write Preview
Loading…
Cancel
Save