diff --git a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
index 3357c18871..bfe266cd09 100644
--- a/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
+++ b/core/src/main/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilter.java
@@ -66,7 +66,7 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
public Authentication attemptAuthentication(HttpServletRequest request)
throws AuthenticationException {
- String username = request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
+ String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
@@ -127,4 +127,18 @@ public class AuthenticationProcessingFilter extends AbstractProcessingFilter {
protected String obtainPassword(HttpServletRequest request) {
return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
}
+
+ /**
+ * Enables subclasses to override the composition of the username, such as
+ * by including additional values and a separator.
+ *
+ * @param request so that request attributes can be retrieved
+ *
+ * @return the username that will be presented in the
+ * Authentication request token to the
+ * AuthenticationManager
+ */
+ protected String obtainUsername(HttpServletRequest request) {
+ return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
+ }
}
diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml
index fca5cbecca..4a67347582 100644
--- a/doc/xdocs/changes.xml
+++ b/doc/xdocs/changes.xml
@@ -33,6 +33,7 @@
Update commons-codec dependency to 1.3
AbstractProcessingFilter no longer has setters for failures, it uses the exceptionMappings property
Update to match Spring 1.2 RC 1 official JAR dependencies
+ AuthenticationProcessingFilter now provides an obtainUsername method
X509 (certificate-based) authentication support