From c56b8c4117cdfd04542ff6bc52ddd2e715d8a01c Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 11 Sep 2007 12:12:14 +0000 Subject: [PATCH] SEC-471: Allow names of username and password parameters to be customized in AuthenticationProcessingFilter. --- .../AuthenticationProcessingFilter.java | 44 +++++++++++++++---- .../AuthenticationProcessingFilterTests.java | 39 ++++++++-------- 2 files changed, 57 insertions(+), 26 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java index 05c17a9ed7..a867489462 100644 --- a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java +++ b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java @@ -21,6 +21,7 @@ import org.acegisecurity.AuthenticationException; import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.acegisecurity.ui.AbstractProcessingFilter; +import org.springframework.util.Assert; import javax.servlet.FilterConfig; import javax.servlet.ServletException; @@ -28,10 +29,15 @@ import javax.servlet.http.HttpServletRequest; /** - * Processes an authentication form.

Login forms must present two parameters to this filter: a username and - * password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} - * and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.

- *

Do not use this class directly. Instead configure web.xml to use the {@link + * Processes an authentication form. + *

Login forms must present two parameters to this filter: a username and + * password. The default parameter names to use are contained in the + * static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}. + * The parameter names can also be changed by setting the usernameParameter and passwordParameter + * properties. + *

+ * + *

Do not use this class directly. Instead configure web.xml to use the {@link * org.acegisecurity.util.FilterToBeanProxy}.

* * @author Ben Alex @@ -45,10 +51,12 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter { public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password"; public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME"; + private String usernameParameter = ACEGI_SECURITY_FORM_USERNAME_KEY; + private String passwordParameter = ACEGI_SECURITY_FORM_PASSWORD_KEY; + //~ Methods ======================================================================================================== - public Authentication attemptAuthentication(HttpServletRequest request) - throws AuthenticationException { + public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException { String username = obtainUsername(request); String password = obtainPassword(request); @@ -94,7 +102,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter { * AuthenticationManager */ protected String obtainPassword(HttpServletRequest request) { - return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY); + return request.getParameter(passwordParameter); } /** @@ -107,7 +115,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter { * AuthenticationManager */ protected String obtainUsername(HttpServletRequest request) { - return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY); + return request.getParameter(usernameParameter); } /** @@ -120,4 +128,24 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter { protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) { authRequest.setDetails(authenticationDetailsSource.buildDetails(request)); } + + /** + * Sets the parameter name which will be used to obtain the username from the login request. + * + * @param usernameParameter the parameter name. Defaults to "j_username". + */ + public void setUsernameParameter(String usernameParameter) { + Assert.hasText(usernameParameter, "Username parameter must not be empty or null"); + this.usernameParameter = usernameParameter; + } + + /** + * Sets the parameter name which will be used to obtain the password from the login request.. + * + * @param passwordParameter the parameter name. Defaults to "j_password". + */ + public void setPasswordParameter(String passwordParameter) { + Assert.hasText(passwordParameter, "Password parameter must not be empty or null"); + this.passwordParameter = passwordParameter; + } } diff --git a/core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java b/core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java index 05b45b9796..24b031ba77 100644 --- a/core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java +++ b/core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java @@ -24,6 +24,8 @@ import org.acegisecurity.ui.WebAuthenticationDetails; import org.springframework.mock.web.MockHttpServletRequest; +import javax.servlet.ServletException; + /** * Tests {@link AuthenticationProcessingFilter}. @@ -35,7 +37,6 @@ public class AuthenticationProcessingFilterTests extends TestCase { //~ Constructors =================================================================================================== public AuthenticationProcessingFilterTests() { - super(); } public AuthenticationProcessingFilterTests(String arg0) { @@ -44,14 +45,6 @@ public class AuthenticationProcessingFilterTests extends TestCase { //~ Methods ======================================================================================================== - public static void main(String[] args) { - junit.textui.TestRunner.run(AuthenticationProcessingFilterTests.class); - } - - public final void setUp() throws Exception { - super.setUp(); - } - public void testGetters() { AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); assertEquals("/j_acegi_security_check", filter.getDefaultFilterProcessesUrl()); @@ -62,10 +55,8 @@ public class AuthenticationProcessingFilterTests extends TestCase { request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa"); request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala"); - MockAuthenticationManager authMgr = new MockAuthenticationManager(true); - AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); - filter.setAuthenticationManager(authMgr); + filter.setAuthenticationManager(new MockAuthenticationManager(true)); filter.init(null); Authentication result = filter.attemptAuthentication(request); @@ -77,10 +68,8 @@ public class AuthenticationProcessingFilterTests extends TestCase { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa"); - MockAuthenticationManager authMgr = new MockAuthenticationManager(true); - AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); - filter.setAuthenticationManager(authMgr); + filter.setAuthenticationManager(new MockAuthenticationManager(true)); filter.init(null); Authentication result = filter.attemptAuthentication(request); @@ -91,13 +80,27 @@ public class AuthenticationProcessingFilterTests extends TestCase { MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala"); - MockAuthenticationManager authMgr = new MockAuthenticationManager(true); - AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); - filter.setAuthenticationManager(authMgr); + filter.setAuthenticationManager(new MockAuthenticationManager(true)); filter.init(null); Authentication result = filter.attemptAuthentication(request); assertTrue(result != null); } + + public void testUsingDifferentParameterNamesWorksAsExpected() throws ServletException { + AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); + filter.setAuthenticationManager(new MockAuthenticationManager(true)); + filter.setUsernameParameter("x"); + filter.setPasswordParameter("y"); + filter.init(null); + + MockHttpServletRequest request = new MockHttpServletRequest(); + request.addParameter("x", "marissa"); + request.addParameter("y", "koala"); + + Authentication result = filter.attemptAuthentication(request); + assertTrue(result != null); + assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()); + } }