8

How do you customize the UsernamePasswordAuthenticationFilter usernameParameter (j_username) and passwordParameter (j_password) properties when using the <http ... /> Spring Security 3 namespace? It's my understanding the <http ... /> creates the filter, but I don't see how to customize it.

Improve this question
1

3 Answers 3

Reset to default
4

Here is the solution I created based on axtavt's suggestion:

Spring configuration:

<beans:bean id="userPassAuthFilterBeanPostProcessor"
    class="com.my.package.UserPassAuthFilterBeanPostProcessor">
    <beans:property name="usernameParameter" value="username" />
    <beans:property name="passwordParameter" value="password" />
</beans:bean>

Java class:

package com.my.package;

import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.security.web.authentication.
    UsernamePasswordAuthenticationFilter;

public class UserPassAuthFilterBeanPostProcessor implements BeanPostProcessor {

    private String usernameParameter;
    private String passwordParameter;

    @Override
    public final Object postProcessAfterInitialization(final Object bean,
        final String beanName) {
        return bean;
    }

    @Override
    public final Object postProcessBeforeInitialization(final Object bean,
        final String beanName) {
        if (bean instanceof UsernamePasswordAuthenticationFilter) {
            final UsernamePasswordAuthenticationFilter filter =
                (UsernamePasswordAuthenticationFilter) bean;
            filter.setUsernameParameter(getUsernameParameter());
            filter.setPasswordParameter(getPasswordParameter());
        }

        return bean;
    }

    public final void setUsernameParameter(final String usernameParameter) {
        this.usernameParameter = usernameParameter;
    }

    public final String getUsernameParameter() {
        return usernameParameter;
    }

    public final void setPasswordParameter(final String passwordParameter) {
        this.passwordParameter = passwordParameter;
    }

    public final String getPasswordParameter() {
        return passwordParameter;
    }

}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Filter is configured using form-login element, but that element doesn't provide ability to set custom names for username and password.

You can configure directly, as describe in Spring Reference

Improve this answer

7 Comments

I'm using the <http ... /> namespace for almost all of my configuration so I don't want to move away from using it. I was hoping there was some clean way to configure it and still use the <http .. /> configuration.
You can report bug in spring JIRA to add required configuration.
Sounds like that is what I need to do. I'll submit a feature request.
@Taylor: There is a little workaround for configuring features missing in <http ... /> configuration - you can declare a BeanPostProcessor to apply a custom configuration to the beans being created.
Thanks. Posted solution based on your suggestion.
|
0

For those who are using http XML directive spring configuration the required configuration is below

    <form-login
     username-parameter="userId" password-parameter="password"  authentication-success-handler-ref="userAuthenticationSuccessHandler"
     authentication-failure-handler-ref="userAuthenticationFailureHandler"  />
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.