SEC-471: Allow names of username and password parameters to be customized in AuthenticationProcessingFilter.

core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java

@@ -21,6 +21,7 @@ import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 
 import org.acegisecurity.ui.AbstractProcessingFilter;
+import org.springframework.util.Assert;
 
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
@@ -28,10 +29,15 @@ import javax.servlet.http.HttpServletRequest;
 
 
 /**
- * Processes an authentication form.<p>Login forms must present two parameters to this filter: a username and
- * password. The parameter names to use are contained in the static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY}
- * and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.</p>
- *  <P><B>Do not use this class directly.</B> Instead configure <code>web.xml</code> to use the {@link
+ * Processes an authentication form.
+ * <p>Login forms must present two parameters to this filter: a username and
+ * password. The default parameter names to use are contained in the
+ * static fields {@link #ACEGI_SECURITY_FORM_USERNAME_KEY} and {@link #ACEGI_SECURITY_FORM_PASSWORD_KEY}.
+ * The parameter names can also be changed by setting the <tt>usernameParameter</tt> and <tt>passwordParameter</tt>
+ * properties.
+ * </p>
+ *
+ * <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
  * org.acegisecurity.util.FilterToBeanProxy}.</p>
  *
  * @author Ben Alex
@@ -45,10 +51,12 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
     public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
     public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
 
+    private String usernameParameter = ACEGI_SECURITY_FORM_USERNAME_KEY;
+    private String passwordParameter = ACEGI_SECURITY_FORM_PASSWORD_KEY;
+
     //~ Methods ========================================================================================================
 
-    public Authentication attemptAuthentication(HttpServletRequest request)
-        throws AuthenticationException {
+    public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
         String username = obtainUsername(request);
         String password = obtainPassword(request);
 
@@ -94,7 +102,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
      *         <code>AuthenticationManager</code>
      */
     protected String obtainPassword(HttpServletRequest request) {
-        return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
+        return request.getParameter(passwordParameter);
     }
 
     /**
@@ -107,7 +115,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
      *         <code>AuthenticationManager</code>
      */
     protected String obtainUsername(HttpServletRequest request) {
-        return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
+        return request.getParameter(usernameParameter);
     }
 
     /**
@@ -120,4 +128,24 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
     protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
         authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
     }
+
+    /**
+     * Sets the parameter name which will be used to obtain the username from the login request.
+     *
+     * @param usernameParameter the parameter name. Defaults to "j_username".
+     */
+    public void setUsernameParameter(String usernameParameter) {
+        Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
+        this.usernameParameter = usernameParameter;
+    }
+
+    /**
+     * Sets the parameter name which will be used to obtain the password from the login request..
+     *
+     * @param passwordParameter the parameter name. Defaults to "j_password".
+     */
+    public void setPasswordParameter(String passwordParameter) {
+        Assert.hasText(passwordParameter, "Password parameter must not be empty or null");        
+        this.passwordParameter = passwordParameter;
+    }
 }

core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java

@@ -24,6 +24,8 @@ import org.acegisecurity.ui.WebAuthenticationDetails;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 
+import javax.servlet.ServletException;
+
 
 /**
  * Tests {@link AuthenticationProcessingFilter}.
@@ -35,7 +37,6 @@ public class AuthenticationProcessingFilterTests extends TestCase {
     //~ Constructors ===================================================================================================
 
     public AuthenticationProcessingFilterTests() {
-        super();
     }
 
     public AuthenticationProcessingFilterTests(String arg0) {
@@ -44,14 +45,6 @@ public class AuthenticationProcessingFilterTests extends TestCase {
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(AuthenticationProcessingFilterTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testGetters() {
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
         assertEquals("/j_acegi_security_check", filter.getDefaultFilterProcessesUrl());
@@ -62,10 +55,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
         request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
 
-        MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
-
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-        filter.setAuthenticationManager(authMgr);
+        filter.setAuthenticationManager(new MockAuthenticationManager(true));
         filter.init(null);
 
         Authentication result = filter.attemptAuthentication(request);
@@ -77,10 +68,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, "marissa");
 
-        MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
-
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-        filter.setAuthenticationManager(authMgr);
+        filter.setAuthenticationManager(new MockAuthenticationManager(true));
         filter.init(null);
 
         Authentication result = filter.attemptAuthentication(request);
@@ -91,13 +80,27 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
 
-        MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
+        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        filter.setAuthenticationManager(new MockAuthenticationManager(true));
+        filter.init(null);
 
+        Authentication result = filter.attemptAuthentication(request);
+        assertTrue(result != null);
+    }
+
+    public void testUsingDifferentParameterNamesWorksAsExpected() throws ServletException {
         AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
-        filter.setAuthenticationManager(authMgr);
+        filter.setAuthenticationManager(new MockAuthenticationManager(true));
+        filter.setUsernameParameter("x");
+        filter.setPasswordParameter("y");        
         filter.init(null);
 
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("x", "marissa");
+        request.addParameter("y", "koala");
+
         Authentication result = filter.attemptAuthentication(request);
         assertTrue(result != null);
+        assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());        
     }
 }