Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.0.0-alpha, 1.9.1
-
None
-
None
Description
The FormAuthenticationFilter trims passwords which start and/or end with one or more space character(s), which prevents login for users with such passwords.
Since spaces at the start and/or end of a password are totally legit, the password param should not be trimmed, when processed by the FormAuthenticationFilter.
The reason for that behavior is, that in the FormAuthenticationFilter WebUtils.
getCleanParam() is called, which than calls StringUtils.clean(), which trims passed strings.
If desired, I would prepare a PR to fix that behavior.
Attachments
Issue Links
- links to