我的网站的登录表单看起来像这样。
<h:panelGrid columns="3">
<p:outputLabel value="Username:" for="username"/>
<p:inputText id="username" autocomplete="off" />
<p:message for="username"/>
<p:outputLabel value="Password:" for="password"/>
<p:password id="password" />
<p:message for="password"/>
</h:panelGrid>
我们使用Spring安全性来验证密码,当我在Spring的UsernamePasswordAuthenticationFilter中抛出一个断点时,使用Safari的自动填充密码功能时密码始终为空。这会导致登录失败。
作为参考,以下是我的断点位于
中的Spring代码部分public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
}
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
//My breakpoint is here, but password = "" even though we have a user name
if (password == null) {
password = "";
}
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
我完全不知道我可以检查什么来解决这个问题。此密码问题仅影响Safari。其他浏览器,如IE,Chrome,FF也可以。
答案 0 :(得分:0)
确定。我发现了问题!
<p:defaultCommand target="ndaLoginButton" />
<h:panelGroup styleClass="errorText centered" rendered="#{authenticationBean.failedLogin}">
<h:outputText rendered="#{authenticationBean.isFailedLogin() and not authenticationBean.lockedAccount}"
value="Invalid username or password. Please try again." />
<h:outputText rendered="#{authenticationBean.lockedAccount}"
value="Account locked. You can reset account password below." />
</h:panelGroup>
#{authenticationBean.setFailedLogin(false)}
<h:form id="loginDialogForm" prependId="false">
<h:panelGrid columns="2" styleClass="ndaLoginDialogTable" columnClasses="ndaLoginDialogTop, ndaLoginDialogTop">
<h:panelGroup>
<h:panelGrid columns="3">
<p:outputLabel value="Username:" for="username"/>
<p:inputText id="username" autocomplete="off" />
<p:message for="username"/>
<p:outputLabel value="Password:" for="password"/>
<p:password id="password" autocomplete="off" />
<p:message for="password"/>
</h:panelGrid>
<input type="submit" style="visibility: hidden;" onclick="$j('#ndaLoginButton').click();"/>
<input type="hidden" id="loginDialogSubmit" name="loginDialogSubmit" value="loginDialogSubmit" />
<input type="hidden" id="loginDialogRedirect" name="loginDialogRedirect" />
</h:panelGroup>
<h:panelGroup>
<p:commandButton id="ndaLoginButton" value="NDA Login" type="submit" action="#{loginDialogPageBean.login}"
ajax="false" onclick="ndar.showPreloader()"/>
</h:panelGroup>
</h:panelGrid>
</h:form>
问题是<p:defaultCommand>标记。此标记用于指定当用户按下键盘上的enter键时按下哪个控件。讨厌的是Safari在填写表单上的密码字段之前发送虚拟输入键。我通过简单地删除此<p:defaultCommand>代码解决了这个问题,因为它无论如何都不是必需的。