Announcement Announcement Module
Collapse
No announcement yet.
server validations on login page Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • server validations on login page

    I went through a earlier thread on this topic which said that form validations can be used but in that case the AuthenticationProcessingFilter will have to be junked. But wont that mean that the entire acegi framework is sidelined.
    I want to use a SimpleFormController for doing the validations etc, in the onsubmit of the controller I want to redirect to say j_acegi_security_check or some url which can do the authentication and all that just like it happens normally.
    How do I go about this?
    Rather, instead of roundabout ways for doing this, isnt this a vital part of the framework missing??

  • #2
    What kind of validation do you want to do ?
    Because acegi offers you the complete set of authentication validations on your userDetails :
    - is user existing ?
    - is username/password pair correct ?
    - is user enabled ?

    etc

    and provides you with a rich set of Authentication event triggerd for each case.

    Comment


    • #3
      i want validations for things like is this a valid username (email format etc).

      Comment


      • #4
        Are sql injection attacks possible?

        Comment


        • #5
          well i guess so, but that is not my immediate concern. I am looking at how to integrate my authentication filters with the validation framework provided by the simpleformcontroller.

          Comment


          • #6
            You'd don't need to use Spring's Validator interface with AuthenticationProcessingFilter. Handling SQL Injection is a concern of your AuthenticationDao (and, more generally, whatever underlaying persistence engine you are running).

            Comment


            • #7
              actually what I want to do is take care of simple checks that I need for the username/password fields when the form is posted to /j_acegi_security_check.

              Comment


              • #8
                Perhaps you could reimplement a XXXXXXXProcessingFilter and do your validation programmaticly before doing authentication? Ben doesn't encourage that way.

                Comment


                • #9
                  As long as you populate SecurityContextHolder in some reliable fashion, I don't mind how you do it. But at a conceptual level I cannot see the reason you'd need a Validator for two properties (username and password).

                  Comment

                  Working...
                  X