Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-17 01:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-549: Merged fix from trunk (trim space from username).

Browse Source
This commit is contained in:
Luke Taylor 2007-09-14 14:32:19 +00:00
parent 0ff8662f12
commit e6e461d9a0
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
View File

@ -28,10 +28,12 @@ import javax.servlet.http.HttpServletRequest;
/** /**
* Processes an authentication form.<p>Login forms must present two parameters to this filter: a username and * Processes an authentication form.
* <p>Login forms must present two parameters to this filter: a username and
* password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} * password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
* and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p> * and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
* <P><B>Do not use this class directly.</B> Instead configure <code>web.xml</code> to use the {@link *
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.acegisecurity.util.FilterToBeanProxy}.</p> * org.acegisecurity.util.FilterToBeanProxy}.</p>
* *
* @author Ben Alex * @author Ben Alex
@ -47,8 +49,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public Authentication attemptAuthentication(HttpServletRequest request) public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
throws AuthenticationException {
String username = obtainUsername(request); String username = obtainUsername(request);
String password = obtainPassword(request); String password = obtainPassword(request);
@ -60,6 +61,8 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
password = ""; password = "";
} }
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
// Place the last username attempted into HttpSession for views // Place the last username attempted into HttpSession for views