8

How do you customize the UsernamePasswordAuthenticationFilter usernameParameter (j_username) and passwordParameter (j_password) properties when using the <http ... /> Spring Security 3 namespace? It's my understanding the <http ... /> creates the filter, but I don't see how to customize it.

Taylor Leese
  • 51,004
  • 28
  • 112
  • 141

2 Answers2

4

Here is the solution I created based on axtavt's suggestion:

Spring configuration:

<beans:bean id="userPassAuthFilterBeanPostProcessor"
    class="com.my.package.UserPassAuthFilterBeanPostProcessor">
    <beans:property name="usernameParameter" value="username" />
    <beans:property name="passwordParameter" value="password" />
</beans:bean>

Java class:

package com.my.package;

import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.security.web.authentication.
    UsernamePasswordAuthenticationFilter;

public class UserPassAuthFilterBeanPostProcessor implements BeanPostProcessor {

    private String usernameParameter;
    private String passwordParameter;

    @Override
    public final Object postProcessAfterInitialization(final Object bean,
        final String beanName) {
        return bean;
    }

    @Override
    public final Object postProcessBeforeInitialization(final Object bean,
        final String beanName) {
        if (bean instanceof UsernamePasswordAuthenticationFilter) {
            final UsernamePasswordAuthenticationFilter filter =
                (UsernamePasswordAuthenticationFilter) bean;
            filter.setUsernameParameter(getUsernameParameter());
            filter.setPasswordParameter(getPasswordParameter());
        }

        return bean;
    }

    public final void setUsernameParameter(final String usernameParameter) {
        this.usernameParameter = usernameParameter;
    }

    public final String getUsernameParameter() {
        return usernameParameter;
    }

    public final void setPasswordParameter(final String passwordParameter) {
        this.passwordParameter = passwordParameter;
    }

    public final String getPasswordParameter() {
        return passwordParameter;
    }

}
Taylor Leese
  • 51,004
  • 28
  • 112
  • 141
1

Filter is configured using form-login element, but that element doesn't provide ability to set custom names for username and password.

You can configure directly, as describe in Spring Reference

uthark
  • 5,333
  • 2
  • 43
  • 59
  • I'm using the namespace for almost all of my configuration so I don't want to move away from using it. I was hoping there was some clean way to configure it and still use the configuration. – Taylor Leese Mar 20 '10 at 17:41
  • You can report bug in spring JIRA to add required configuration. – uthark Mar 20 '10 at 17:56
  • Sounds like that is what I need to do. I'll submit a feature request. – Taylor Leese Mar 20 '10 at 17:58
  • 3
    @Taylor: There is a little workaround for configuring features missing in `` configuration - you can declare a `BeanPostProcessor` to apply a custom configuration to the beans being created. – axtavt Mar 20 '10 at 18:26
  • Thanks. Posted solution based on your suggestion. – Taylor Leese Mar 20 '10 at 21:21
  • Good luck with getting the SpringSecurity guys to accept that request. In my experience, their usual response is "your requested feature is too specialized". – Stephen C Mar 21 '10 at 00:58
  • Actually, they already completed the feature request. It will be in 3.1.0. See http://jira.springframework.org/browse/SEC-1445 – Taylor Leese May 20 '10 at 18:50