SEC-471: Allow names of username and password parameters to be customized in AuthenticationProcessingFilter.
This commit is contained in:
Luke Taylor
parent
3326525b65
commit
c56b8c4117
|
|
@ -21,6 +21,7 @@ import org.acegisecurity.AuthenticationException;
|
||||||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
|
||||||
|
|
||||||
import org.acegisecurity.ui.AbstractProcessingFilter;
|
import org.acegisecurity.ui.AbstractProcessingFilter;
|
||||||
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
import javax.servlet.FilterConfig;
|
import javax.servlet.FilterConfig;
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
|
|
@ -28,10 +29,15 @@ import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Processes an authentication form.<p>Login forms must present two parameters to this filter: a username and
|
* Processes an authentication form.
|
||||||
* password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
|
* <p>Login forms must present two parameters to this filter: a username and
|
||||||
* and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
|
* password. The default parameter names to use are contained in the
|
||||||
* <P><B>Do not use this class directly.</B> Instead configure <code>web.xml</code> to use the {@link
|
* static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.
|
||||||
|
* The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
|
||||||
|
* properties.
|
||||||
|
* </p>
|
||||||
|
*
|
||||||
|
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
|
||||||
* org.acegisecurity.util.FilterToBeanProxy}.</p>
|
* org.acegisecurity.util.FilterToBeanProxy}.</p>
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
|
@ -45,10 +51,12 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
|
||||||
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
|
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
|
||||||
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
|
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
|
||||||
|
|
||||||
|
private String usernameParameter = ACEGI_SECURITY_FORM_USERNAME_KEY;
|
||||||
|
private String passwordParameter = ACEGI_SECURITY_FORM_PASSWORD_KEY;
|
||||||
|
|
||||||
//~ Methods ========================================================================================================
|
//~ Methods ========================================================================================================
|
||||||
|
|
||||||
public Authentication attemptAuthentication(HttpServletRequest request)
|
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
|
||||||
throws AuthenticationException {
|
|
||||||
String username = obtainUsername(request);
|
String username = obtainUsername(request);
|
||||||
String password = obtainPassword(request);
|
String password = obtainPassword(request);
|
||||||
|
|
||||||
|
|
@ -94,7 +102,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
|
||||||
* <code>AuthenticationManager</code>
|
* <code>AuthenticationManager</code>
|
||||||
*/
|
*/
|
||||||
protected String obtainPassword(HttpServletRequest request) {
|
protected String obtainPassword(HttpServletRequest request) {
|
||||||
return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
|
return request.getParameter(passwordParameter);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -107,7 +115,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
|
||||||
* <code>AuthenticationManager</code>
|
* <code>AuthenticationManager</code>
|
||||||
*/
|
*/
|
||||||
protected String obtainUsername(HttpServletRequest request) {
|
protected String obtainUsername(HttpServletRequest request) {
|
||||||
return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
|
return request.getParameter(usernameParameter);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -120,4 +128,24 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
|
||||||
protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
|
protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
|
||||||
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the parameter name which will be used to obtain the username from the login request.
|
||||||
|
*
|
||||||
|
* @param usernameParameter the parameter name. Defaults to "j_username".
|
||||||
|
*/
|
||||||
|
public void setUsernameParameter(String usernameParameter) {
|
||||||
|
Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
|
||||||
|
this.usernameParameter = usernameParameter;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the parameter name which will be used to obtain the password from the login request..
|
||||||
|
*
|
||||||
|
* @param passwordParameter the parameter name. Defaults to "j_password".
|
||||||
|
*/
|
||||||
|
public void setPasswordParameter(String passwordParameter) {
|
||||||
|
Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
|
||||||
|
this.passwordParameter = passwordParameter;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,8 @@ import org.acegisecurity.ui.WebAuthenticationDetails;
|
||||||
|
|
||||||
import org.springframework.mock.web.MockHttpServletRequest;
|
import org.springframework.mock.web.MockHttpServletRequest;
|
||||||
|
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests {@link AuthenticationProcessingFilter}.
|
* Tests {@link AuthenticationProcessingFilter}.
|
||||||
|
|
@ -35,7 +37,6 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||||
//~ Constructors ===================================================================================================
|
//~ Constructors ===================================================================================================
|
||||||
|
|
||||||
public AuthenticationProcessingFilterTests() {
|
public AuthenticationProcessingFilterTests() {
|
||||||
super();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthenticationProcessingFilterTests(String arg0) {
|
public AuthenticationProcessingFilterTests(String arg0) {
|
||||||
|
|
@ -44,14 +45,6 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||||
|
|
||||||
//~ Methods ========================================================================================================
|
//~ Methods ========================================================================================================
|
||||||
|
|
||||||
public static void main(String[] args) {
|
|
||||||
junit.textui.TestRunner.run(AuthenticationProcessingFilterTests.class);
|
|
||||||
}
|
|
||||||
|
|
||||||
public final void setUp() throws Exception {
|
|
||||||
super.setUp();
|
|
||||||
}
|
|
||||||
|
|
||||||
public void testGetters() {
|
public void testGetters() {
|
||||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||||
assertEquals("/j_acegi_security_check", filter.getDefaultFilterProcessesUrl());
|
assertEquals("/j_acegi_security_check", filter.getDefaultFilterProcessesUrl());
|
||||||
|
|
@ -62,10 +55,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||||
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
|
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
|
||||||
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
|
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
|
||||||
|
|
||||||
MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
|
|
||||||
|
|
||||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||||
filter.setAuthenticationManager(authMgr);
|
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||||
filter.init(null);
|
filter.init(null);
|
||||||
|
|
||||||
Authentication result = filter.attemptAuthentication(request);
|
Authentication result = filter.attemptAuthentication(request);
|
||||||
|
|
@ -77,10 +68,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
|
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
|
||||||
|
|
||||||
MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
|
|
||||||
|
|
||||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||||
filter.setAuthenticationManager(authMgr);
|
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||||
filter.init(null);
|
filter.init(null);
|
||||||
|
|
||||||
Authentication result = filter.attemptAuthentication(request);
|
Authentication result = filter.attemptAuthentication(request);
|
||||||
|
|
@ -91,13 +80,27 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
|
request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
|
||||||
|
|
||||||
MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
|
|
||||||
|
|
||||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||||
filter.setAuthenticationManager(authMgr);
|
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||||
filter.init(null);
|
filter.init(null);
|
||||||
|
|
||||||
Authentication result = filter.attemptAuthentication(request);
|
Authentication result = filter.attemptAuthentication(request);
|
||||||
assertTrue(result != null);
|
assertTrue(result != null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testUsingDifferentParameterNamesWorksAsExpected() throws ServletException {
|
||||||
|
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||||
|
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||||
|
filter.setUsernameParameter("x");
|
||||||
|
filter.setPasswordParameter("y");
|
||||||
|
filter.init(null);
|
||||||
|
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||||
|
request.addParameter("x", "marissa");
|
||||||
|
request.addParameter("y", "koala");
|
||||||
|
|
||||||
|
Authentication result = filter.attemptAuthentication(request);
|
||||||
|
assertTrue(result != null);
|
||||||
|
assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue