开发者

Spring Security : About the names j_username and j_password in the form

开发者 https://www.devze.com 2023-02-20 16:50 出处:网络
Hi I am reading this book on Spring Security . It talks about the specific names j_username and j_password .

Hi I am reading this book on Spring Security . It talks about the specific names j_username and j_password .

The form field names are specified by UsernamePasswordAuthenticationFilter
itself, and take their cue fro开发者_运维技巧m the Java EE Servlet 2.x specification (in section
SRV.12.5.3), which requires that login forms use these specific field names, plus
the special form action j_security_check. This design pattern was intended to
allow authors of Java EE servlet-based applications to tie into the servlet container's
security configuration in a standard way.

I am not able to understand the above statement . What does this "This design pattern was intended to allow authors of Java EE servlet-based applications to tie into the servlet container's security configuration in a standard way" mean ?


Since these form field names are part of the servlet specification, the intention of the authors of the specification was that you could swap out the underlying security provider (e.g. move from Spring Security to a Java EE application server's security infrastructure) without requiring that any change be made to the login form field names.

Whether or not this works in practice, however, is an entirely different story ;)

-- Peter (Author, Spring Security 3 (book))

0

精彩评论

暂无评论...
验证码 换一张
取 消