geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dwo...@apache.org
Subject svn commit: r907685 - /geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
Date Mon, 08 Feb 2010 15:18:06 GMT
Author: dwoods
Date: Mon Feb  8 15:18:06 2010
New Revision: 907685

URL: http://svn.apache.org/viewvc?rev=907685&view=rev
Log:
GERONIMO-5132  In debug mode Properties file login module reurns loginsucceeded as true for
non existent users and null password.  Patch contributed by Ashish Jain.

Modified:
    geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java

Modified: geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java?rev=907685&r1=907684&r2=907685&view=diff
==============================================================================
--- geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
(original)
+++ geronimo/server/branches/2.1/framework/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/PropertiesFileLoginModule.java
Mon Feb  8 15:18:06 2010
@@ -192,8 +192,13 @@
             throw new FailedLoginException();
         }
         String realPassword = users.getProperty(username);
-        // Decrypt the password if needed, so we can compare it with the supplied one
-        if (realPassword != null) {
+        if (realPassword == null || realPassword.equals("")) {
+            // Clear out the private state
+            username = null;
+            password = null;
+            throw new FailedLoginException();
+        } else {
+            // Decrypt the password if needed, so we can compare it with the supplied one
             realPassword = (String) EncryptionManager.decrypt(realPassword);
         }
         char[] entered = ((PasswordCallback) callbacks[1]).getPassword();



Mime
View raw message