server validations on login page

**grasshopper** · Aug 22nd, 2005, 12:20 PM

I went through a earlier thread on this topic which said that form validations can be used but in that case the AuthenticationProcessingFilter will have to be junked. But wont that mean that the entire acegi framework is sidelined.
I want to use a SimpleFormController for doing the validations etc, in the onsubmit of the controller I want to redirect to say j_acegi_security_check or some url which can do the authentication and all that just like it happens normally.
How do I go about this?
Rather, instead of roundabout ways for doing this, isnt this a vital part of the framework missing??

**paskos** · Aug 22nd, 2005, 01:43 PM

What kind of validation do you want to do ?
Because acegi offers you the complete set of authentication validations on your userDetails :
- is user existing ?
- is username/password pair correct ?
- is user enabled ?

etc

and provides you with a rich set of Authentication event triggerd for each case.

**grasshopper** · Aug 22nd, 2005, 02:06 PM

i want validations for things like is this a valid username (email format etc).

**schrepfler** · Aug 22nd, 2005, 03:45 PM

Are sql injection attacks possible?

**grasshopper** · Aug 23rd, 2005, 03:27 PM

well i guess so, but that is not my immediate concern. I am looking at how to integrate my authentication filters with the validation framework provided by the simpleformcontroller.

**Ben Alex** · Aug 23rd, 2005, 08:00 PM

You'd don't need to use Spring's Validator interface with AuthenticationProcessingFilter. Handling SQL Injection is a concern of your AuthenticationDao (and, more generally, whatever underlaying persistence engine you are running).

**grasshopper** · Aug 24th, 2005, 02:34 AM

actually what I want to do is take care of simple checks that I need for the username/password fields when the form is posted to /j_acegi_security_check.

**schrepfler** · Aug 24th, 2005, 04:39 AM

Perhaps you could reimplement a XXXXXXXProcessingFilter and do your validation programmaticly before doing authentication? Ben doesn't encourage that way.

**Ben Alex** · Sep 8th, 2005, 04:51 AM

As long as you populate SecurityContextHolder in some reliable fashion, I don't mind how you do it. But at a conceptual level I cannot see the reason you'd need a Validator for two properties (username and password).

Thread: server validations on login page

Thread Tools

Display

server validations on login page

Similar Threads

Pageable data list with Hibernate

how to register EJB into OC4J JNDI tree on app server start

Redirecting someone to the referral page after they login.

Open the login page in case that the user is not logged in.

Unable to login to Sun Server admin console

Posting Permissions