SEC-549: Trim whitespace from username submitted with login form.

core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java

@@ -68,6 +68,8 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
             password = "";
         }
 
+        username = username.trim();
+
         UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
 
         // Place the last username attempted into HttpSession for views

core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java

@@ -103,4 +103,17 @@ public class AuthenticationProcessingFilterTests extends TestCase {
         assertTrue(result != null);
         assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
     }
+
+    public void testSpacesAreTrimmedCorrectlyFromUsername() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, " marissa ");
+        request.addParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, "koala");
+
+        AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
+        filter.setAuthenticationManager(new MockAuthenticationManager(true));
+        filter.init(null);
+
+        Authentication result = filter.attemptAuthentication(request);
+        assertEquals("marissa", result.getName());
+    }
 }