Announcement Announcement Module
Collapse
No announcement yet.
Prepopulating username using form based authentication Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Prepopulating username using form based authentication

    How do I prepopulate the user name (from say a cookie value) using form based authentication? It's not clear to me where the developer "hook" is for this. I'm using a custom AuthenticationProcessingFilter and overriding the onSuccessfulAuthentication method to create the cookie once the user has succesfylly logged in. However, I don't know how to populate the form with this value. Here is the velocity template I'm using to capture the username and password:

    <form action="j_spring_security_check" method="post">
    <table border="0" cellpadding="0" cellspacing="0">
    <tr>
    <td>User ID: </td>
    <td>
    <input type="text" name="j_username" value="$!default_username">
    </td>
    </tr>
    <tr>
    <td>Password:</td>
    <td>
    <input type="password" name="j_password">
    </td>
    </tr>
    <tr class="lastRow">
    <td>
    <input type="submit" value="Login" style="width:60px">
    </td>
    </tr>
    </table>
    </form>


    Where can I set the $default_username in the http request?

  • #2
    If you're using an MVC framework (like Struts or Spring Web MVC), you can set a default username value in the controller before forwarding to the view.

    Comment


    • #3
      What controller? I'm using Spring MVC but there isn't a controller with form based authentication. Here are my security settings:

      <bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
      <security:filter-chain-map path-type="ant">
      <security:filter-chain pattern="/**" filters="httpSessionContextIntegrationFilter,formA uthenticationProcessingFilter,exceptionTranslation Filter,filterSecurityInterceptor"/>
      </security:filter-chain-map>
      </bean>

      <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSe ssionContextIntegrationFilter"/>

      <bean id="formAuthenticationProcessingFilter" class="com.sonybmg.csa.web.security.CsaAuthenticat ionProcessingFilter">
      <property name="filterProcessesUrl" value="/j_spring_security_check"/>
      <property name="authenticationFailureUrl" value="/loginFailed.htm"/>
      <property name="defaultTargetUrl" value="/index.htm"/>
      <property name="authenticationManager" ref="authenticationManager"/>
      </bean>


      <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTr anslationFilter">
      <property name="authenticationEntryPoint" ref="formLoginAuthenticationEntryPoint"/>
      </bean>

      <bean id="formLoginAuthenticationEntryPoint" class="org.springframework.security.ui.webapp.Auth enticationProcessingFilterEntryPoint">
      <property name="loginFormUrl" value="/login.htm"/>
      <property name="forceHttps" value="false"/>
      </bean>

      <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web. FilterSecurityInterceptor">
      <property name="authenticationManager" ref="authenticationManager"/>
      <property name="accessDecisionManager" ref="accessDecisionManager"/>
      <property name="objectDefinitionSource">
      <value>
      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
      PATTERN_TYPE_APACHE_ANT
      /secure/**=ROLE_USER
      /index.htm=ROLE_USER
      /admin/**=ROLE_ADMIN
      </value>
      </property>
      </bean>

      <bean id="authenticationManager" class="org.springframework.security.providers.Prov iderManager">
      <property name="providers">
      <list>
      <!-- use this to encrypt/decrypt passwords -->
      <ref local="csaAuthenticationProvider" />

      <!-- use this to encode passwords -->
      <!-- <ref local="daoAuthenticationProvider" /> -->
      </list>
      </property>
      </bean>

      <bean id="csaAuthenticationProvider" class="com.sonybmg.csa.service.impl.CsaAuthenticat ionProvider">
      <property name="adminFacade" ref="adminFacade"/>
      <property name="passwordEncoder" ref="passwordEncoder"/>
      </bean>

      <bean id="accessDecisionManager" class="org.springframework.security.vote.Unanimous Based">
      <property name="decisionVoters">
      <list>
      <ref local="roleVoter" />
      </list>
      </property>
      </bean>

      <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter ">
      <property name="rolePrefix" value="ROLE"/>
      </bean>


      I thought there would be a place in the formAuthenticationProcessingFilter to prepopulate this value, but from what I can tell there isn't.
      Last edited by [email protected]; Oct 1st, 2008, 04:58 PM.

      Comment


      • #4
        Hi BotC. In your AuthenticationProcessingFilterEntryPoint bean, there is a property you've set called loginFormUrl. Point that at a Spring Web MVC controller instead of at a static HTML page. Then inside the controller set the default username.

        Comment


        • #5
          Thanks for your response...pointing the loginFormUrl to a controller did the trick! Thanks again.

          Comment


          • #6
            No prob at all. Glad it helped. ;-)

            Comment

            Working...
            X