Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-471: Allow names of username and password parameters to be customized in AuthenticationProcessingFilter.

This commit is contained in:
Luke Taylor 2007-09-11 12:12:14 +00:00
parent 3326525b65
commit c56b8c4117
2 changed files with 57 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
View File

@ -21,6 +21,7 @@ import org.acegisecurity.AuthenticationException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AbstractProcessingFilter;
import org.springframework.util.Assert;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
@ -28,10 +29,15 @@ import javax.servlet.http.HttpServletRequest;
/**
* Processes an authentication form.<p>Login forms must present two parameters to this filter: a username and
* password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
* and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
* <P><B>Do not use this class directly.</B> Instead configure <code>web.xml</code> to use the {@link
* Processes an authentication form.
* <p>Login forms must present two parameters to this filter: a username and
* password. The default parameter names to use are contained in the
* static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.
* The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
* properties.
* </p>
*
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.</p>
*
* @author Ben Alex
@ -45,10 +51,12 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
private String usernameParameter = ACEGI_SECURITY_FORM_USERNAME_KEY;
private String passwordParameter = ACEGI_SECURITY_FORM_PASSWORD_KEY;
//~ Methods ========================================================================================================
public Authentication attemptAuthentication(HttpServletRequest request)
throws AuthenticationException {
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
String username = obtainUsername(request);
String password = obtainPassword(request);
@ -94,7 +102,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
* <code>AuthenticationManager</code>
*/
protected String obtainPassword(HttpServletRequest request) {
return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
return request.getParameter(passwordParameter);
}
/**
@ -107,7 +115,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
* <code>AuthenticationManager</code>
*/
protected String obtainUsername(HttpServletRequest request) {
return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
return request.getParameter(usernameParameter);
}
/**
@ -120,4 +128,24 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}
/**
* Sets the parameter name which will be used to obtain the username from the login request.
*
* @param usernameParameter the parameter name. Defaults to "j_username".
*/
public void setUsernameParameter(String usernameParameter) {
Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
this.usernameParameter = usernameParameter;
}
/**
* Sets the parameter name which will be used to obtain the password from the login request..
*
* @param passwordParameter the parameter name. Defaults to "j_password".
*/
public void setPasswordParameter(String passwordParameter) {
Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
this.passwordParameter = passwordParameter;
}
}

39
core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java
View File

@ -24,6 +24,8 @@ import org.acegisecurity.ui.WebAuthenticationDetails;
import org.springframework.mock.web.MockHttpServletRequest;
import javax.servlet.ServletException;
/**
* Tests {@link AuthenticationProcessingFilter}.
@ -35,7 +37,6 @@ public class AuthenticationProcessingFilterTests extends TestCase {
//~ Constructors ===================================================================================================
public AuthenticationProcessingFilterTests() {
super();
}
public AuthenticationProcessingFilterTests(String arg0) {
@ -44,14 +45,6 @@ public class AuthenticationProcessingFilterTests extends TestCase {
//~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthenticationProcessingFilterTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testGetters() {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
assertEquals("/j_acegi_security_check", filter.getDefaultFilterProcessesUrl());
@ -62,10 +55,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(authMgr);
filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.init(null);
Authentication result = filter.attemptAuthentication(request);
@ -77,10 +68,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(authMgr);
filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.init(null);
Authentication result = filter.attemptAuthentication(request);
@ -91,13 +80,27 @@ public class AuthenticationProcessingFilterTests extends TestCase {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(authMgr);
filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.init(null);
Authentication result = filter.attemptAuthentication(request);
assertTrue(result != null);
}
public void testUsingDifferentParameterNamesWorksAsExpected() throws ServletException {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.setUsernameParameter("x");
filter.setPasswordParameter("y");
filter.init(null);
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter("x", "marissa");
request.addParameter("y", "koala");
Authentication result = filter.attemptAuthentication(request);
assertTrue(result != null);
assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
}
}