From e6e461d9a0f66cf1bda219149b9aa8e3ad17dba4 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Fri, 14 Sep 2007 14:32:19 +0000
Subject: [PATCH] SEC-549: Merged fix from trunk (trim space from username).

---
 .../ui/webapp/AuthenticationProcessingFilter.java     | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
index 05c17a9ed7..c71d246d5d 100644
--- a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
@@ -28,10 +28,12 @@ import javax.servlet.http.HttpServletRequest;
 
 
 /**
- * Processes an authentication form.<p>Login forms must present two parameters to this filter: a username and
+ * Processes an authentication form.
+ * <p>Login forms must present two parameters to this filter: a username and
  * password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
  * and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
- *  <P><B>Do not use this class directly.</B> Instead configure <code>web.xml</code> to use the {@link
+ *
+ * <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
  * org.acegisecurity.util.FilterToBeanProxy}.</p>
  *
  * @author Ben Alex
@@ -47,8 +49,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
 
     //~ Methods ========================================================================================================
 
-    public Authentication attemptAuthentication(HttpServletRequest request)
-        throws AuthenticationException {
+    public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
         String username = obtainUsername(request);
         String password = obtainPassword(request);
 
@@ -60,6 +61,8 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
             password = "";
         }
 
+        username = username.trim();
+
         UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
 
         // Place the last username attempted into HttpSession for views