před 15 roky · 165cbb0d19
--- a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
@@ -29,6 +29,8 @@ public class FormLoginBeanDefinitionParser {
 
				     private static final String ATT_FORM_LOGIN_TARGET_URL = "default-target-url";
			
 
				     private static final String ATT_ALWAYS_USE_DEFAULT_TARGET_URL = "always-use-default-target";
			
 
				     private static final String DEF_FORM_LOGIN_TARGET_URL = "/";
			
 
				+    private static final String ATT_USERNAME_PARAMETER = "username-parameter";
			
 
				+    private static final String ATT_PASSWORD_PARAMETER = "password-parameter";
			
 
				 
			
 
				     private static final String ATT_FORM_LOGIN_AUTHENTICATION_FAILURE_URL = "authentication-failure-url";
			
 
				     private static final String DEF_FORM_LOGIN_AUTHENTICATION_FAILURE_URL =
			
@@ -63,6 +65,9 @@ public class FormLoginBeanDefinitionParser {
 
				         String alwaysUseDefault = null;
			
 
				         String successHandlerRef = null;
			
 
				         String failureHandlerRef = null;
			
 
				+        // Only available with form-login
			
 
				+        String usernameParameter = null;
			
 
				+        String passwordParameter = null;
			
 
				 
			
 
				         Object source = null;
			
 
				 
			
@@ -83,10 +88,20 @@ public class FormLoginBeanDefinitionParser {
 
				                 loginPage = null;
			
 
				             }
			
 
				             WebConfigUtils.validateHttpRedirect(loginPage, pc, source);
			
 
				+            usernameParameter = elt.getAttribute(ATT_USERNAME_PARAMETER);
			
 
				+            passwordParameter = elt.getAttribute(ATT_PASSWORD_PARAMETER);
			
 
				         }
			
 
				 
			
 
				         filterBean = createFilterBean(loginUrl, defaultTargetUrl, alwaysUseDefault, loginPage, authenticationFailureUrl,
			
 
				                 successHandlerRef, failureHandlerRef);
			
 
				+
			
 
				+        if (StringUtils.hasText(usernameParameter)) {
			
 
				+            filterBean.getPropertyValues().addPropertyValue("usernameParameter", usernameParameter);
			
 
				+        }
			
 
				+        if (StringUtils.hasText(passwordParameter)) {
			
 
				+            filterBean.getPropertyValues().addPropertyValue("passwordParameter", passwordParameter);
			
 
				+        }
			
 
				+
			
 
				         filterBean.setSource(source);
			
 
				 
			
 
				         BeanDefinitionBuilder entryPointBuilder =
			
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
@@ -350,6 +350,12 @@ form-login =
 
				 form-login.attlist &=
			
 
				     ## The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check.
			
 
				     attribute login-processing-url {xsd:token}?
			
 
				+form-login.attlist &=
			
 
				+    ## The name of the request parameter which contains the username. Defaults to 'j_username'.
			
 
				+    attribute username-parameter {xsd:token}?
			
 
				+form-login.attlist &=
			
 
				+    ## The name of the request parameter which contains the password. Defaults to 'j_password'. 
			
 
				+    attribute password-parameter {xsd:token}?    
			
 
				 form-login.attlist &=
			
 
				     ## The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.
			
 
				     attribute default-target-url {xsd:token}?
			
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
@@ -870,6 +870,16 @@
 
				         <xs:documentation>The URL that the login form is posted to. If unspecified, it defaults to /j_spring_security_check.</xs:documentation>
			
 
				       </xs:annotation>
			
 
				     </xs:attribute>
			
 
				+    <xs:attribute name="username-parameter" type="xs:token">
			
 
				+      <xs:annotation>
			
 
				+        <xs:documentation>The name of the request parameter which contains the username. Defaults to 'j_username'.</xs:documentation>
			
 
				+      </xs:annotation>
			
 
				+    </xs:attribute>
			
 
				+    <xs:attribute name="password-parameter" type="xs:token">
			
 
				+      <xs:annotation>
			
 
				+        <xs:documentation>The name of the request parameter which contains the password. Defaults to 'j_password'. </xs:documentation>
			
 
				+      </xs:annotation>
			
 
				+    </xs:attribute>
			
 
				     <xs:attribute name="default-target-url" type="xs:token">
			
 
				       <xs:annotation>
			
 
				         <xs:documentation>The URL that will be redirected to after successful authentication, if the user's previous action could not be resumed. This generally happens if the user visits a login page without having first requested a secured operation that triggers authentication. If unspecified, defaults to the root of the application.</xs:documentation>