Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
github
/
spring-security
kopia lustrzana https://github.com/spring-projects/spring-security
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

SEC-549: Trim whitespace from username submitted with login form.

Luke Taylor 18 lat temu
rodzic
8398e940cf
commit
56deb3dd83
2 zmienionych plików z 18 dodań i 3 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 3 1
      core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
  2. 15 2
      core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java

+ 3 - 1
core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
Wyświetl plik 

@@ -68,6 +68,8 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
 
             password = "";
 
         }
 
 
+        username = username.trim();
 
+
 
         UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
 
 
         // Place the last username attempted into HttpSession for views
 
@@ -145,7 +147,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
 
      * @param passwordParameter the parameter name. Defaults to "j_password".
 
      */
 
     public void setPasswordParameter(String passwordParameter) {
 
-        Assert.hasText(passwordParameter, "Password parameter must not be empty or null");        
+        Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
 
         this.passwordParameter = passwordParameter;
 
     }
 
 }

+ 15 - 2
core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java
Wyświetl plik 

@@ -92,7 +92,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
 
         filter.setAuthenticationManager(new MockAuthenticationManager(true));
 
         filter.setUsernameParameter("x");
 
-        filter.setPasswordParameter("y");        
+        filter.setPasswordParameter("y");
 
         filter.init(null);
 
 
         MockHttpServletRequest request = new MockHttpServletRequest();
 
@@ -101,6 +101,19 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
 
         Authentication result = filter.attemptAuthentication(request);
 
         assertTrue(result != null);
 
-        assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());        
+        assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
 
+    }
 
+
 
+    public void testSpacesAreTrimmedCorrectlyFromUsername() throws Exception {
 
+        MockHttpServletRequest request = new MockHttpServletRequest();
 
+        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, " marissa ");
 
+        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
 
+
 
+        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
 
+        filter.setAuthenticationManager(new MockAuthenticationManager(true));
 
+        filter.init(null);
 
+
 
+        Authentication result = filter.attemptAuthentication(request);
 
+        assertEquals("marissa", result.getName());
 
     }
 
 }