1. 首页
  2. 问答
  3. Safari Autopassword为空字符串

Safari Autopassword为空字符串

2017-05-31 77 views
0

我有一个网站,其登录表单看起来像这样。Safari Autopassword为空字符串

<h:panelGrid columns="3"> 
    <p:outputLabel value="Username:" for="username"/> 
    <p:inputText id="username" autocomplete="off" /> 
    <p:message for="username"/> 

    <p:outputLabel value="Password:" for="password"/> 
    <p:password id="password" /> 
    <p:message for="password"/> 
</h:panelGrid>

我们正在使用Spring安全来验证密码,当我在春天的UsernamePasswordAuthenticationFilter抛出一个破发点,使用Safari的自动填充密码功能时,密码总是空白。这会导致登录失败。

仅供参考,这里是我的破发点位于

public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { 
    if (postOnly && !request.getMethod().equals("POST")) { 
     throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod()); 
    } 

    String username = obtainUsername(request); 
    String password = obtainPassword(request); 

    if (username == null) { 
     username = ""; 
    } 

    //My breakpoint is here, but password = "" even though we have a user name 
    if (password == null) { 
     password = ""; 
    } 

    username = username.trim(); 

    UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); 

    // Allow subclasses to set the "details" property 
    setDetails(request, authRequest); 

    return this.getAuthenticationManager().authenticate(authRequest); 
}

我在一个总损失什么,我可以检查来解决这个Spring的代码部分。此密码问题仅影响Safari。其他浏览器,如IE,Chrome,FF工作得很好。

来源

2017-05-31 user2980252

+1

你如何提交你的表单?,你正在处理你的'p:password'吗? –

回答

0

好的。我发现了问题!

<p:defaultCommand target="ndaLoginButton" /> 
    <h:panelGroup styleClass="errorText centered" rendered="#{authenticationBean.failedLogin}"> 
     <h:outputText rendered="#{authenticationBean.isFailedLogin() and not authenticationBean.lockedAccount}" 
        value="Invalid username or password. Please try again." /> 
     <h:outputText rendered="#{authenticationBean.lockedAccount}" 
        value="Account locked. You can reset account password below." /> 
    </h:panelGroup> 
    #{authenticationBean.setFailedLogin(false)} 


    <h:form id="loginDialogForm" prependId="false"> 
     <h:panelGrid columns="2" styleClass="ndaLoginDialogTable" columnClasses="ndaLoginDialogTop, ndaLoginDialogTop"> 
      <h:panelGroup> 
       <h:panelGrid columns="3"> 
        <p:outputLabel value="Username:" for="username"/> 
        <p:inputText id="username" autocomplete="off" /> 
        <p:message for="username"/> 

        <p:outputLabel value="Password:" for="password"/> 
        <p:password id="password" autocomplete="off" /> 
        <p:message for="password"/> 
       </h:panelGrid> 
       <input type="submit" style="visibility: hidden;" onclick="$j('#ndaLoginButton').click();"/> 
       <input type="hidden" id="loginDialogSubmit" name="loginDialogSubmit" value="loginDialogSubmit" /> 
       <input type="hidden" id="loginDialogRedirect" name="loginDialogRedirect" /> 
      </h:panelGroup> 

      <h:panelGroup> 
       <p:commandButton id="ndaLoginButton" value="NDA Login" type="submit" action="#{loginDialogPageBean.login}" 
           ajax="false" onclick="ndar.showPreloader()"/> 
      </h:panelGroup> 
     </h:panelGrid> 
    </h:form>

问题是<p:defaultCommand>标记。该标签用于指定当用户敲击键盘上的回车键时按下哪个控件。发生什么事情是Safari在填写表单上的密码字段之前发送了一个虚拟回车键。我通过简单地删除这个<p:defaultCommand>标签解决了问题,因为它不是必需的。

来源

2017-06-01 13:33:32 user2980252

相关问题

 相关问题