mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Latorre (JIRA)" <j...@apache.org>
Subject [jira] Updated: (FTPSERVER-183) DBUserManager and PropertiesUserManager are not storing the password in the User object after in "authenticate()"
Date Wed, 24 Sep 2008 10:03:44 GMT

     [ https://issues.apache.org/jira/browse/FTPSERVER-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Latorre updated FTPSERVER-183:
------------------------------------

    Attachment: UserManagers.patch

Patch for the NullPointerException issue in DBUserManager - authenticate() will add the unencrypted
password to the  User object.




> DBUserManager and PropertiesUserManager are not storing the password in the User object
after in "authenticate()" 
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: FTPSERVER-183
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-183
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.0-M4
>            Reporter: David Latorre
>            Priority: Minor
>         Attachments: UserManagers.patch
>
>
> I suppose that as a result of the change in the strategy to encrypt passwords in DBUserManager,
getUserByName()  -called by the authenticate() method - returns an User object with the password
field unset.
> When trying to use the "save" method , this line throws  a NullPointerException
>   map.put(ATTR_PASSWORD, escapeString(passwordEncryptor.encrypt(user.getPassword())));
> My reason to use this method is that I call  DBUserManager.save() to update the user
in the database with last-login information. 
> I'm providing a patch although maybe there's a more elegant solution.   The same modification
is done in PropertiesUserManager for coherence.
> Important Note: with my provided path , the user's password should not be included in
the WHERE query of "updateStatement" as there's a chance that for a  PasswordEncryptor, the
result of   passwordEncryptor.encrypt  is not the same as the stored password even if matches()
returns true.
>  
>  

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message