: What does mask spring authentication nginx configuration do? I have the following setting in my nginx.conf but I am not sure what it does. I copied it from a Google search. location
I have the following setting in my nginx.conf but I am not sure what it does. I copied it from a Google search.
location / {
set $tempRequest $request;
if ($tempRequest ~ (.*)j_password=[^&]*(.*)) {
# Mask spring authentication password param.
set $tempRequest j_password=****;
}
Can someone explain what it does? I am using nginx as a proxy server for a grails application running on Tomcat.
I thought this setting would not show j_password parameter when users submit the password at authentication time but I can see the value of j_password using Chrome Inspect when the form is submitted.
More posts by @Sue5673885
1 Comments
Sorted by latest first Latest Oldest Best
I don't know what it exactly does, but I assume you want to rename the parameters. The parameters have to be POSTed anyway, so there's no way around that, but if you want to rename to something else, you the following (in resources.xml):
<beans:bean class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="usernameParameter" value="user_name">
<beans:property name="passwordParameter" value="passwd">
< !-- other properties which you also use in the -login element -->
</beans:bean>
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.