0

I'm trying to understand a Spring 3.0 application which contains the following BeanPostProcessor implementation. What is this code needed for? I thought the UserDetailsService was sufficient for getting and setting the User account information.

@Service
public class UserPassAuthFilterBeanPostProcessor implements BeanPostProcessor
{

    /**
     * The username parameter.
     */
    private String usernameParameter;

    /**
     * The password parameter.
     */
    private String passwordParameter;

    @Override
    public final Object postProcessAfterInitialization(final Object bean, final String beanName)
    {
        return bean;
    }

    @Override
    public final Object postProcessBeforeInitialization(final Object bean, final String beanName)
    {
        if (bean instanceof UsernamePasswordAuthenticationFilter)
        {
            final UsernamePasswordAuthenticationFilter filter = (UsernamePasswordAuthenticationFilter) bean;
            filter.setUsernameParameter(getUsernameParameter());
            filter.setPasswordParameter(getPasswordParameter());
        }

        return bean;
    }

    /**
     * Sets the username parameter.
     * 
     * @param usernameParameter
     *         the username parameter
     */
    public final void setUsernameParameter(final String usernameParameter)
    {
        this.usernameParameter = usernameParameter;
    }

    /**
     * Gets the username parameter.
     * 
     * @return the username parameter
     */
    public final String getUsernameParameter()
    {
        return usernameParameter;
    }

    /**
     * Sets the password parameter.
     * 
     * @param passwordParameter
     *         the password parameter
     */
    public final void setPasswordParameter(final String passwordParameter)
    {
        this.passwordParameter = passwordParameter;
    }

    /**
     * Gets the password parameter.
     * 
     * @return the password parameter
     */
    public final String getPasswordParameter()
    {
        return passwordParameter;
    }

}
skaffman
  • 398,947
  • 96
  • 818
  • 769
pnut butter
  • 367
  • 2
  • 5
  • 13

2 Answers2

2

Yes, UserDetailsService is sufficient.

This BeanPostProcessor changes the names of username and password parameters in login request (i.e. names of fields in login form) - these properties can't be configured via namespace configuration, and using BeanPostProcessorss in order to customize such properties is an ugly but quite common practice.

axtavt
  • 239,438
  • 41
  • 511
  • 482
  • Sorry if this is a stupid question but how do you know the parameter names are being changed? – pnut butter Aug 09 '10 at 13:36
  • @pnut: From the documentation of UsernamePasswordAuthenticationFilter (http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/UsernamePasswordAuthenticationFilter.html), properties of which is changed after instantiation by this postprocessor. – axtavt Aug 09 '10 at 14:40
1

This postProcessBeforeInitialization() method is implemented from BeanPostProcessor interface which automatically executes after your getter and setter methods finish executing and once the postProcessBeforeInitialization() method finish execution, objects are initialized and then postProcessAfterInitialization() will execute.

These are something like life cycle methods.

Piotr Nowicki
  • 17,914
  • 8
  • 63
  • 82
shanur
  • 11
  • 1