How do you customize the UsernamePasswordAuthenticationFilter usernameParameter (j_username) and passwordParameter (j_password) properties when using the <http ... /> Spring Security 3 namespace? It's my understanding the <http ... /> creates the filter, but I don't see how to customize it.
views:
378answers:
2
+1
A:
Filter is configured using form-login element, but that element doesn't provide ability to set custom names for username and password.
You can configure directly, as describe in Spring Reference
uthark
2010-03-20 17:32:16
I'm using the <http ... /> namespace for almost all of my configuration so I don't want to move away from using it. I was hoping there was some clean way to configure it and still use the <http .. /> configuration.
Taylor Leese
2010-03-20 17:41:15
You can report bug in spring JIRA to add required configuration.
uthark
2010-03-20 17:56:18
Sounds like that is what I need to do. I'll submit a feature request.
Taylor Leese
2010-03-20 17:58:11
@Taylor: There is a little workaround for configuring features missing in `<http ... />` configuration - you can declare a `BeanPostProcessor` to apply a custom configuration to the beans being created.
axtavt
2010-03-20 18:26:48
Thanks. Posted solution based on your suggestion.
Taylor Leese
2010-03-20 21:21:15
Good luck with getting the SpringSecurity guys to accept that request. In my experience, their usual response is "your requested feature is too specialized".
Stephen C
2010-03-21 00:58:27
Actually, they already completed the feature request. It will be in 3.1.0. See http://jira.springframework.org/browse/SEC-1445
Taylor Leese
2010-05-20 18:50:49
+2
A:
Here is the solution I created based on axtavt's suggestion:
Spring configuration:
<beans:bean id="userPassAuthFilterBeanPostProcessor"
class="com.my.package.UserPassAuthFilterBeanPostProcessor">
<beans:property name="usernameParameter" value="username" />
<beans:property name="passwordParameter" value="password" />
</beans:bean>
Java class:
package com.my.package;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.security.web.authentication.
UsernamePasswordAuthenticationFilter;
public class UserPassAuthFilterBeanPostProcessor implements BeanPostProcessor {
private String usernameParameter;
private String passwordParameter;
@Override
public final Object postProcessAfterInitialization(final Object bean,
final String beanName) {
return bean;
}
@Override
public final Object postProcessBeforeInitialization(final Object bean,
final String beanName) {
if (bean instanceof UsernamePasswordAuthenticationFilter) {
final UsernamePasswordAuthenticationFilter filter =
(UsernamePasswordAuthenticationFilter) bean;
filter.setUsernameParameter(getUsernameParameter());
filter.setPasswordParameter(getPasswordParameter());
}
return bean;
}
public final void setUsernameParameter(final String usernameParameter) {
this.usernameParameter = usernameParameter;
}
public final String getUsernameParameter() {
return usernameParameter;
}
public final void setPasswordParameter(final String passwordParameter) {
this.passwordParameter = passwordParameter;
}
public final String getPasswordParameter() {
return passwordParameter;
}
}
Taylor Leese
2010-03-20 21:20:56