Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-08 19:42:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1445: Added support for custom username and password parameters in form-login.

Browse Source
This commit is contained in:
Luke Taylor 2010-04-30 18:14:50 +01:00
parent 47ab2655d0
commit 165cbb0d19
3 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
View File

@ -29,6 +29,8 @@ public class FormLoginBeanDefinitionParser {
private static final String ATT_FORM_LOGIN_TARGET_URL = "default-target-url"; private static final String ATT_FORM_LOGIN_TARGET_URL = "default-target-url";
private static final String ATT_ALWAYS_USE_DEFAULT_TARGET_URL = "always-use-default-target"; private static final String ATT_ALWAYS_USE_DEFAULT_TARGET_URL = "always-use-default-target";
private static final String DEF_FORM_LOGIN_TARGET_URL = "/"; private static final String DEF_FORM_LOGIN_TARGET_URL = "/";
private static final String ATT_USERNAME_PARAMETER = "username-parameter";
private static final String ATT_PASSWORD_PARAMETER = "password-parameter";
private static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = "authentication-failure-url"; private static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = "authentication-failure-url";
private static final String DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = private static final String DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL =
@ -63,6 +65,9 @@ public class FormLoginBeanDefinitionParser {
String alwaysUseDefault = null; String alwaysUseDefault = null;
String successHandlerRef = null; String successHandlerRef = null;
String failureHandlerRef = null; String failureHandlerRef = null;
// Only available with form-login
String usernameParameter = null;
String passwordParameter = null;
Object source = null; Object source = null;
@ -83,10 +88,20 @@ public class FormLoginBeanDefinitionParser {
loginPage = null; loginPage = null;
} }
WebConfigUtils.validateHttpRedirect(loginPage, pc, source); WebConfigUtils.validateHttpRedirect(loginPage, pc, source);
usernameParameter = elt.getAttribute(ATT_USERNAME_PARAMETER);
passwordParameter = elt.getAttribute(ATT_PASSWORD_PARAMETER);
} }
filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, loginPage, authenticationFailureUrl, filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, loginPage, authenticationFailureUrl,
successHandlerRef, failureHandlerRef); successHandlerRef, failureHandlerRef);
if (StringUtils.hasText(usernameParameter)) {
filterBean.getPropertyValues().addPropertyValue("usernameParameter", usernameParameter);
}
if (StringUtils.hasText(passwordParameter)) {
filterBean.getPropertyValues().addPropertyValue("passwordParameter", passwordParameter);
}
filterBean.setSource(source); filterBean.setSource(source);
BeanDefinitionBuilder entryPointBuilder = BeanDefinitionBuilder entryPointBuilder =

6
config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
View File

@ -350,6 +350,12 @@ form-login =
form-login.attlist &= form-login.attlist &=
## The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check. ## The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check.
attribute login-processing-url {xsd:token}? attribute login-processing-url {xsd:token}?
form-login.attlist &=
## The name of the request parameter which contains the username. Defaults to 'j_username'.
attribute username-parameter {xsd:token}?
form-login.attlist &=
## The name of the request parameter which contains the password. Defaults to 'j_password'.
attribute password-parameter {xsd:token}?
form-login.attlist &= form-login.attlist &=
## The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application. ## The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.
attribute default-target-url {xsd:token}? attribute default-target-url {xsd:token}?

10
config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
View File

@ -870,6 +870,16 @@
<xs:documentation>The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check.</xs:documentation> <xs:documentation>The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check.</xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>
<xs:attribute name="username-parameter" type="xs:token">
<xs:annotation>
<xs:documentation>The name of the request parameter which contains the username. Defaults to 'j_username'.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="password-parameter" type="xs:token">
<xs:annotation>
<xs:documentation>The name of the request parameter which contains the password. Defaults to 'j_password'. </xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="default-target-url" type="xs:token"> <xs:attribute name="default-target-url" type="xs:token">
<xs:annotation> <xs:annotation>
<xs:documentation>The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.</xs:documentation> <xs:documentation>The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.</xs:documentation>