geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vamsic...@apache.org
Subject svn commit: r587006 - in /geronimo/server: branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/ branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/ trunk/modules/geronimo...
Date Mon, 22 Oct 2007 06:17:34 GMT
Author: vamsic007
Date: Sun Oct 21 23:17:33 2007
New Revision: 587006

URL: http://svn.apache.org/viewvc?rev=587006&view=rev
Log:
**GERONIMO-3543 SQLLoginModule successfully authenticates non-existent users
 o Fixed the LoginModule to throw FailedLoginException for non-existent user
 o Added a test to detect regression
**: This commit can use a thorough review.

Modified:
    geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
    geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
    geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java

Modified: geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?rev=587006&r1=587005&r2=587006&view=diff
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
(original)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
Sun Oct 21 23:17:33 2007
@@ -221,16 +221,22 @@
                     ResultSet result = statement.executeQuery();
 
                     try {
+                        boolean found = false;
                         while (result.next()) {
                             String userName = result.getString(1);
                             String userPassword = result.getString(2);
 
                             if (cbUsername.equals(userName)) {
+                                found = true;
                                 if (!checkPassword(userPassword, cbPassword)) {
                                     throw new FailedLoginException();
                                 }
                                 break;
                             }
+                        }
+                        if(!found) {
+                            // User does not exist
+                            throw new FailedLoginException();
                         }
                     } finally {
                         result.close();

Modified: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java?rev=587006&r1=587005&r2=587006&view=diff
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
(original)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
Sun Oct 21 23:17:33 2007
@@ -161,12 +161,32 @@
         }
     }
 
+    public void testBadUserLogin() throws Exception {
+        LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("bad",
"starcraft"));
+    
+        try {
+            context.login();
+            fail("Should not allow this login with bad username");
+        } catch (LoginException e) {
+        }
+    }
+
     public void testNullPasswordLogin() throws Exception {
         LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan",
null));
 
         try {
             context.login();
             fail("Should not allow this login with null password");
+        } catch (LoginException e) {
+        }
+    }
+
+    public void testBadPasswordLogin() throws Exception {
+        LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan",
"bad"));
+
+        try {
+            context.login();
+            fail("Should not allow this login with bad password");
         } catch (LoginException e) {
         }
     }

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?rev=587006&r1=587005&r2=587006&view=diff
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
Sun Oct 21 23:17:33 2007
@@ -221,16 +221,22 @@
                     ResultSet result = statement.executeQuery();
 
                     try {
+                        boolean found = false;
                         while (result.next()) {
                             String userName = result.getString(1);
                             String userPassword = result.getString(2);
 
                             if (cbUsername.equals(userName)) {
+                                found = true;
                                 if (!checkPassword(userPassword, cbPassword)) {
                                     throw new FailedLoginException();
                                 }
                                 break;
                             }
+                        }
+                        if(!found) {
+                            // User does not exist
+                            throw new FailedLoginException();
                         }
                     } finally {
                         result.close();

Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java?rev=587006&r1=587005&r2=587006&view=diff
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
Sun Oct 21 23:17:33 2007
@@ -161,12 +161,32 @@
         }
     }
 
+    public void testBadUserLogin() throws Exception {
+        LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("bad",
"starcraft"));
+    
+        try {
+            context.login();
+            fail("Should not allow this login with bad username");
+        } catch (LoginException e) {
+        }
+    }
+
     public void testNullPasswordLogin() throws Exception {
         LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan",
null));
 
         try {
             context.login();
             fail("Should not allow this login with null password");
+        } catch (LoginException e) {
+        }
+    }
+
+    public void testBadPasswordLogin() throws Exception {
+        LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan",
"bad"));
+
+        try {
+            context.login();
+            fail("Should not allow this login with bad password");
         } catch (LoginException e) {
         }
     }



Mime
View raw message