From 4d8956a2277d4da896fc7f7cb22d0c8a0ccf5182 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 17 Nov 2009 22:05:38 +0000 Subject: [PATCH] SEC-1288: Changed claimedIdentityFieldName in OpenIDAuthenticationFilter to "openid_identifier", as recommended by the 2.0 spec. --- .../openid/OpenIDAuthenticationFilter.java | 14 +++++++------- .../openid/OpenIDAuthenticationFilterTests.java | 2 +- samples/openid/src/main/webapp/openidlogin.jsp | 4 ++-- .../ui/DefaultLoginPageGeneratingFilter.java | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java index 5a875bc90f..1a266e7b94 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java @@ -43,11 +43,11 @@ import org.springframework.util.StringUtils; * * The user's OpenID identity is submitted via a login form, just as it would be for a normal form login. At this stage * the filter will extract the identity from the submitted request (by default, the parameter is called - * j_username, as it is for form login. It then passes the identity to the configured OpenIDConsumer, - * which returns the URL to which the request should be redirected for authentication. A "return_to" URL is also supplied, - * which matches the URL processed by this filter, to allow the filter to handle the request once the user has - * been successfully authenticated. The OpenID server will then authenticate the user and redirect back to the - * application. + * openid_identifier, as recommended by the OpenID 2.0 Specification). It then passes the identity to the + * configured OpenIDConsumer, which returns the URL to which the request should be redirected for authentication. + * A "return_to" URL is also supplied, which matches the URL processed by this filter, to allow the filter to handle + * the request once the user has been successfully authenticated. The OpenID server will then authenticate the user and + * redirect back to the application. * *

Processing the Redirect from the OpenID Server

* @@ -66,7 +66,7 @@ import org.springframework.util.StringUtils; public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessingFilter { //~ Static fields/initializers ===================================================================================== - public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "j_username"; + public static final String DEFAULT_CLAIMED_IDENTITY_FIELD = "openid_identifier"; //~ Instance fields ================================================================================================ @@ -224,7 +224,7 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing /** * The name of the request parameter containing the OpenID identity, as submitted from the initial login form. * - * @param claimedIdentityFieldName defaults to "j_username" + * @param claimedIdentityFieldName defaults to "openid_identifier" */ public void setClaimedIdentityFieldName(String claimedIdentityFieldName) { this.claimedIdentityFieldName = claimedIdentityFieldName; diff --git a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java index ee7e2aa837..621f5dd84c 100644 --- a/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java +++ b/openid/src/test/java/org/springframework/security/openid/OpenIDAuthenticationFilterTests.java @@ -45,7 +45,7 @@ public class OpenIDAuthenticationFilterTests { MockHttpServletRequest req = new MockHttpServletRequest("GET", REQUEST_PATH); MockHttpServletResponse response = new MockHttpServletResponse(); - req.setParameter("j_username", CLAIMED_IDENTITY_URL); + req.setParameter("openid_identifier", CLAIMED_IDENTITY_URL); req.setRemoteHost("www.example.com"); filter.setConsumer(new MockOpenIDConsumer() { diff --git a/samples/openid/src/main/webapp/openidlogin.jsp b/samples/openid/src/main/webapp/openidlogin.jsp index 0fef1d1104..02aeebe4d0 100644 --- a/samples/openid/src/main/webapp/openidlogin.jsp +++ b/samples/openid/src/main/webapp/openidlogin.jsp @@ -21,7 +21,7 @@
- + @@ -30,4 +30,4 @@ - \ No newline at end of file + diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java index 88013c6e34..effbb4e170 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java @@ -66,7 +66,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean { if (openIDFilter != null) { openIdEnabled = true; openIDauthenticationUrl = openIDFilter.getFilterProcessesUrl(); - openIDusernameParameter = "j_username"; + openIDusernameParameter = "openid_identifier"; if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) { openIDrememberMeParameter = ((AbstractRememberMeServices)openIDFilter.getRememberMeServices()).getParameter();
OpenID Identity:
OpenID Identity: