SEC-2455: Fix XML default login generation

config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java

@@ -128,6 +128,9 @@ final class AuthenticationConfigBuilder {
     private final BeanReference portResolver;
     private final BeanMetadataElement csrfLogoutHandler;
 
+    private String loginProcessingUrl;
+    private String openidLoginProcessingUrl;
+
     public AuthenticationConfigBuilder(Element element, ParserContext pc, SessionCreationPolicy sessionPolicy,
             BeanReference requestCache, BeanReference authenticationManager, BeanReference sessionStrategy, BeanReference portMapper, BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) {
         this.httpElt = element;
@@ -197,6 +200,7 @@ final class AuthenticationConfigBuilder {
             parser.parse(formLoginElt, pc);
             formFilter = parser.getFilterBean();
             formEntryPoint = parser.getEntryPointBean();
+            loginProcessingUrl = parser.getLoginProcessingUrl();
         }
 
         if (formFilter != null) {
@@ -221,6 +225,7 @@ final class AuthenticationConfigBuilder {
             parser.parse(openIDLoginElt, pc);
             openIDFilter = parser.getFilterBean();
             openIDEntryPoint = parser.getEntryPointBean();
+            openidLoginProcessingUrl = parser.getLoginProcessingUrl();
 
             List<Element> attrExElts = DomUtils.getChildElementsByTagName(openIDLoginElt, Elements.OPENID_ATTRIBUTE_EXCHANGE);
 
@@ -473,10 +478,12 @@ final class AuthenticationConfigBuilder {
 
             if (formFilterId != null) {
                 loginPageFilter.addConstructorArgReference(formFilterId);
+                loginPageFilter.addPropertyValue("authenticationUrl", loginProcessingUrl);
             }
 
             if (openIDFilterId != null) {
                 loginPageFilter.addConstructorArgReference(openIDFilterId);
+                loginPageFilter.addPropertyValue("openIDauthenticationUrl", openidLoginProcessingUrl);
             }
 
             loginPageGenerationFilter = loginPageFilter.getBeanDefinition();

config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java

@@ -66,6 +66,7 @@ public class FormLoginBeanDefinitionParser {
     private RootBeanDefinition filterBean;
     private RootBeanDefinition entryPointBean;
     private String loginPage;
+    private String loginProcessingUrl;
 
     FormLoginBeanDefinitionParser(String defaultLoginProcessingUrl, String filterClassName,
             BeanReference requestCache, BeanReference sessionStrategy, boolean allowSessionCreation, BeanReference portMapper, BeanReference portResolver) {
@@ -148,6 +149,8 @@ public class FormLoginBeanDefinitionParser {
             loginUrl = defaultLoginProcessingUrl;
         }
 
+        this.loginProcessingUrl = loginUrl;
+
         BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.logout.LogoutFilter$FilterProcessUrlRequestMatcher");
         matcherBuilder.addConstructorArgValue(loginUrl);
 
@@ -204,4 +207,8 @@ public class FormLoginBeanDefinitionParser {
     String getLoginPage() {
         return loginPage;
     }
+
+    String getLoginProcessingUrl() {
+        return loginProcessingUrl;
+    }
 }

config/src/test/groovy/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.groovy

@@ -0,0 +1,109 @@
+package org.springframework.security.config.http
+
+import org.springframework.mock.web.MockFilterChain
+import org.springframework.mock.web.MockHttpServletRequest
+import org.springframework.mock.web.MockHttpServletResponse
+
+/**
+ *
+ * @author Luke Taylor
+ */
+class FormLoginBeanDefinitionParserTests extends AbstractHttpConfigTests {
+
+    def 'form-login default login page'() {
+        setup:
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
+            MockHttpServletResponse response = new MockHttpServletResponse()
+            MockFilterChain chain = new MockFilterChain()
+            httpAutoConfig {
+            }
+            createAppContext()
+        when:
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then:
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
+<h3>Login with Username and Password</h3><form name='f' action='/j_spring_security_check' method='POST'>
+ <table>
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
+    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form></body></html>"""
+    }
+
+    def 'form-login default login page custom attributes'() {
+        setup:
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
+            MockHttpServletResponse response = new MockHttpServletResponse()
+            MockFilterChain chain = new MockFilterChain()
+            httpAutoConfig {
+                'form-login'('login-processing-url':'/login_custom','username-parameter':'custom_user','password-parameter':'custom_password')
+            }
+            createAppContext()
+        when:
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then:
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.custom_user.focus();'>
+<h3>Login with Username and Password</h3><form name='f' action='/login_custom' method='POST'>
+ <table>
+    <tr><td>User:</td><td><input type='text' name='custom_user' value=''></td></tr>
+    <tr><td>Password:</td><td><input type='password' name='custom_password'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form></body></html>"""
+    }
+
+    def 'openid-login default login page'() {
+        setup:
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
+            MockHttpServletResponse response = new MockHttpServletResponse()
+            MockFilterChain chain = new MockFilterChain()
+            httpAutoConfig {
+                'openid-login'()
+            }
+            createAppContext()
+        when:
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then:
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
+<h3>Login with Username and Password</h3><form name='f' action='/j_spring_security_check' method='POST'>
+ <table>
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
+    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form><h3>Login with OpenID Identity</h3><form name='oidf' action='/j_spring_openid_security_check' method='POST'>
+ <table>
+    <tr><td>Identity:</td><td><input type='text' size='30' name='openid_identifier'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form></body></html>"""
+    }
+
+    def 'openid-login default login page custom attributes'() {
+        setup:
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
+            MockHttpServletResponse response = new MockHttpServletResponse()
+            MockFilterChain chain = new MockFilterChain()
+            httpAutoConfig {
+                'openid-login'('login-processing-url':'/login_custom')
+            }
+            createAppContext()
+        when:
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then:
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
+<h3>Login with Username and Password</h3><form name='f' action='/j_spring_security_check' method='POST'>
+ <table>
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
+    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form><h3>Login with OpenID Identity</h3><form name='oidf' action='/login_custom' method='POST'>
+ <table>
+    <tr><td>Identity:</td><td><input type='text' size='30' name='openid_identifier'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form></body></html>"""
+    }
+}