[FIXED HUDSON-3586] add autocomplete="off" for LDAP managerDN and managerPassword fields,

to avoid unintended data being saved there.
Convert f:password to use MorphTagLibrary (like f:textbox does) so it can accept
arbitrary fields, like autocomplete.


git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@31540 71c3de6d-444a-0410-be80-ed276b4c234a

core/src/main/resources/hudson/security/LDAPSecurityRealm/config.jelly

 <!--
 The MIT License
 
-Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
+Copyright (c) 2004-2010, Sun Microsystems, Inc., Kohsuke Kawaguchi
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -41,12 +41,12 @@ THE SOFTWARE.
       <f:textbox name="ldap.groupSearchBase" value="${instance.groupSearchBase}" />
     </f:entry>
     <f:entry title="${%Manager DN}" help="/help/security/ldap/managerDN.html">
-      <f:textbox name="ldap.managerDN" value="${instance.managerDN}"
+      <f:textbox name="ldap.managerDN" value="${instance.managerDN}" autocomplete="off"
       checkUrl="'${rootURL}/securityRealms/LDAPSecurityRealm/serverCheck?field=managerDN&amp;server='+encodeURIComponent(this.form.elements['ldap.server'].value)+'&amp;managerDN='+encodeURIComponent(this.value)+'&amp;managerPassword='+encodeURIComponent(this.form.elements['ldap.managerPassword'].value)"
       />
     </f:entry>
     <f:entry title="${%Manager Password}" help="/help/security/ldap/managerPassword.html">
-      <f:password name="ldap.managerPassword" value="${instance.managerPassword}"
+      <f:password name="ldap.managerPassword" value="${instance.managerPassword}" autocomplete="off"
       checkUrl="'${rootURL}/securityRealms/LDAPSecurityRealm/serverCheck?field=password&amp;server='+encodeURIComponent(this.form.elements['ldap.server'].value)+'&amp;managerDN='+encodeURIComponent(this.form.elements['ldap.managerDN'].value)+'&amp;managerPassword='+encodeURIComponent(this.value)" 
       />
     </f:entry>

core/src/main/resources/lib/form/password.jelly

 <!--
 The MIT License
 
-Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
+Copyright (c) 2004-2010, Sun Microsystems, Inc., Kohsuke Kawaguchi
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -39,6 +39,10 @@ THE SOFTWARE.
       will be set as the initial value automatically,
       which is the recommended approach.
     </st:attribute>
+    <st:attribute name="clazz">
+      Additional CSS class(es) to add (such as client-side validation clazz="required",
+      "number" or "positive-number"; these may be combined, as clazz="required number").
+    </st:attribute>
     <st:attribute name="checkUrl">
       If specified, the value entered in this input field will be checked (via AJAX)
       against this URL, and errors will be rendered under the text field.
@@ -48,11 +52,10 @@ THE SOFTWARE.
     </st:attribute>
   </st:documentation>
   <f:prepareDatabinding />
-  <input class="setting-input ${attrs.checkUrl!=null?'validated':''}"
+  <m:input xmlns:m="jelly:hudson.util.jelly.MorphTagLibrary"
+         class="setting-input ${attrs.checkUrl!=null?'validated ':''}${attrs.clazz}"
          name ="${attrs.name ?: '_.'+attrs.field}"
          value="${attrs.value ?: instance[attrs.field]}"
-         id="${attrs.id}"
          type="password"
-         checkUrl="${attrs.checkUrl}" checkMethod="${attrs.checkMethod}"
-         onchange="${attrs.onchange}" onkeyup="${attrs.onkeyup}"/>
-</j:jelly>
\ No newline at end of file
+         ATTRIBUTES="${attrs}" EXCEPT="field clazz" />
+</j:jelly>