Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-30 22:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-549: Trim whitespace from username submitted with login form.

Browse Source
This commit is contained in:
Luke Taylor 2007-09-14 14:25:21 +00:00
parent 8398e940cf
commit 56deb3dd83
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
View File

@ -68,6 +68,8 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
password = "";
}
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
// Place the last username attempted into HttpSession for views
@ -145,7 +147,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
* @param passwordParameter the parameter name. Defaults to "j_password".
*/
public void setPasswordParameter(String passwordParameter) {
Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
this.passwordParameter = passwordParameter;
}
}

17
core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java
View File

@ -92,7 +92,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.setUsernameParameter("x");
filter.setPasswordParameter("y");
filter.setPasswordParameter("y");
filter.init(null);
MockHttpServletRequest request = new MockHttpServletRequest();
@ -101,6 +101,19 @@ public class AuthenticationProcessingFilterTests extends TestCase {
Authentication result = filter.attemptAuthentication(request);
assertTrue(result != null);
assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
}
public void testSpacesAreTrimmedCorrectlyFromUsername() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, " marissa ");
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.init(null);
Authentication result = filter.attemptAuthentication(request);
assertEquals("marissa", result.getName());
}
}