1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.springframework.security.ui.webapp;
17
18 import org.springframework.security.Authentication;
19 import org.springframework.security.AuthenticationException;
20
21 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
22
23 import org.springframework.security.ui.AbstractProcessingFilter;
24 import org.springframework.security.ui.FilterChainOrder;
25 import org.springframework.security.util.TextUtils;
26 import org.springframework.util.Assert;
27
28 import javax.servlet.http.HttpServletRequest;
29 import javax.servlet.http.HttpSession;
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44 public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
45
46
47 public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
48 public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
49 public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
50
51 private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
52 private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
53
54
55
56 public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException {
57 String username = obtainUsername(request);
58 String password = obtainPassword(request);
59
60 if (username == null) {
61 username = "";
62 }
63
64 if (password == null) {
65 password = "";
66 }
67
68 username = username.trim();
69
70 UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
71
72
73 HttpSession session = request.getSession(false);
74
75 if (session != null || getAllowSessionCreation()) {
76 request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, TextUtils.escapeEntities(username));
77 }
78
79
80 setDetails(request, authRequest);
81
82 return this.getAuthenticationManager().authenticate(authRequest);
83 }
84
85
86
87
88
89
90 public String getDefaultFilterProcessesUrl() {
91 return "/j_spring_security_check";
92 }
93
94
95
96
97
98
99
100
101
102
103
104
105 protected String obtainPassword(HttpServletRequest request) {
106 return request.getParameter(passwordParameter);
107 }
108
109
110
111
112
113
114
115
116
117
118 protected String obtainUsername(HttpServletRequest request) {
119 return request.getParameter(usernameParameter);
120 }
121
122
123
124
125
126
127
128
129 protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
130 authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
131 }
132
133
134
135
136
137
138 public void setUsernameParameter(String usernameParameter) {
139 Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
140 this.usernameParameter = usernameParameter;
141 }
142
143
144
145
146
147
148 public void setPasswordParameter(String passwordParameter) {
149 Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
150 this.passwordParameter = passwordParameter;
151 }
152
153 public int getOrder() {
154 return FilterChainOrder.AUTHENTICATION_PROCESSING_FILTER;
155 }
156
157 String getUsernameParameter() {
158 return usernameParameter;
159 }
160
161 String getPasswordParameter() {
162 return passwordParameter;
163 }
164 }