diff --git a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
index 05c17a9ed7..c71d246d5d 100644
--- a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
@@ -28,10 +28,12 @@ import javax.servlet.http.HttpServletRequest;
/**
- * Processes an authentication form.Login forms must present two parameters to this filter: a username and
+ * Processes an authentication form.
+ *
Login forms must present two parameters to this filter: a username and
* password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
* and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.
- * Do not use this class directly. Instead configure web.xml to use the {@link
+ *
+ *
Do not use this class directly. Instead configure web.xml to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.
*
* @author Ben Alex
@@ -47,8 +49,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
//~ Methods ========================================================================================================
- public Authentication attemptAuthentication(HttpServletRequest request)
- throws AuthenticationException {
+ public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
String username = obtainUsername(request);
String password = obtainPassword(request);
@@ -60,6 +61,8 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
password = "";
}
+ username = username.trim();
+
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
// Place the last username attempted into HttpSession for views