Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 75402 invoked from network); 11 Dec 2009 10:09:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 11 Dec 2009 10:09:44 -0000 Received: (qmail 86514 invoked by uid 500); 11 Dec 2009 10:09:42 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 86356 invoked by uid 500); 11 Dec 2009 10:09:41 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 86134 invoked by uid 99); 11 Dec 2009 10:09:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Dec 2009 10:09:41 +0000 X-ASF-Spam-Status: No, hits=-10.5 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Dec 2009 10:09:38 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 549B1234C1F2 for ; Fri, 11 Dec 2009 02:09:18 -0800 (PST) Message-ID: <763443418.1260526158345.JavaMail.jira@brutus> Date: Fri, 11 Dec 2009 10:09:18 +0000 (UTC) From: "Ashish Jain (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Created: (GERONIMO-4983) In debug mode Properties file login module reurns loginsucceeded as true for non existent users and null password MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 In debug mode Properties file login module reurns loginsucceeded as true for non existent users and null password ----------------------------------------------------------------------------------------------------------------- Key: GERONIMO-4983 URL: https://issues.apache.org/jira/browse/GERONIMO-4983 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Affects Versions: 2.1.4, 2.2 Environment: windows Xp, eclipse Reporter: Ashish Jain Fix For: 2.2.1 While debugging one of the login fallback code I see that PropertiesFileLoginModule.java returns loginsucceeded as true for a non-existent user and null password. This happens under the following use case. In the BasicAuthenticator Code I have the following String username=header.substring(10); String password=null; principal = context.getRealm().authenticate(username, password); In the login method of PropertiesFileLoginModule as per the above usecase we will have realPassword as null and password as null as a result "if (!checkPassword(realPassword, password))" will be skipped and hence resulting in loginSucceeded=true. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.