Mobile app version of vmapp.org
Login or Join
Sue5673885

: What does mask spring authentication nginx configuration do? I have the following setting in my nginx.conf but I am not sure what it does. I copied it from a Google search. location

@Sue5673885

Posted in: #Configuration #Nginx #Password

I have the following setting in my nginx.conf but I am not sure what it does. I copied it from a Google search.

location / {
set $tempRequest $request;
if ($tempRequest ~ (.*)j_password=[^&]*(.*)) {
# Mask spring authentication password param.
set $tempRequest j_password=****;
}


Can someone explain what it does? I am using nginx as a proxy server for a grails application running on Tomcat.

I thought this setting would not show j_password parameter when users submit the password at authentication time but I can see the value of j_password using Chrome Inspect when the form is submitted.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Sue5673885

1 Comments

Sorted by latest first Latest Oldest Best

 

@Barnes591

I don't know what it exactly does, but I assume you want to rename the parameters. The parameters have to be POSTed anyway, so there's no way around that, but if you want to rename to something else, you the following (in resources.xml):

<beans:bean class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="usernameParameter" value="user_name">
<beans:property name="passwordParameter" value="passwd">
< !-- other properties which you also use in the -login element -->
</beans:bean>

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme