From 5e043c3a697bf93bd504c86d3fcca7259c4aa8fb Mon Sep 17 00:00:00 2001
From: Pekka Helenius <fincer89@hotmail.com>
Date: Wed, 7 Oct 2020 13:22:57 +0300
Subject: [PATCH] Consider too long user inputs for username login field

Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
---
 .../session/BookStoreAuthenticationFailureHandler.java | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationFailureHandler.java b/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationFailureHandler.java
index 0856855..3f848b6 100644
--- a/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationFailureHandler.java
+++ b/bookstore/src/main/java/com/fjordtek/bookstore/service/session/BookStoreAuthenticationFailureHandler.java
@@ -47,10 +47,12 @@ public class BookStoreAuthenticationFailureHandler implements AuthenticationFail
 		responseData.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 		httpServerLogger.log(requestData, responseData);
 
-		requestData
-			.setAttribute("username", requestData.getParameter(
-					env.getProperty("auth.field.username")
-					));
+		String username = requestData.getParameter(env.getProperty("auth.field.username"));
+		if (username.length() > 50) {
+			username = username.substring(0, 50) + " ...";
+		}
+
+		requestData.setAttribute("username", username);
 
 		requestData
 			.setAttribute("authfailure", msg.getMessage(