roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r451356 - in /incubator/roller/trunk/src/org/apache/roller/webservices/adminapi: BasicAuthenticator.java WSSEAuthenticator.java
Date Fri, 29 Sep 2006 17:36:11 GMT
Author: jtb
Date: Fri Sep 29 10:36:10 2006
New Revision: 451356

URL: http://svn.apache.org/viewvc?view=rev&rev=451356
Log:
1. change to use org.apache.commons.codec.binary.Base64 instead of com.sun.syndication.io.impl.Base64.
the latter was causing odd error when attempting to decode certain passwords. i don't really
understand why though, but this is also what the APP endpoint uses.
2. check if user is disabled after auth
3. remove WSSE auth class. no use having that if it's not being kept up to date and not being
unit tested. we can add it back in if we need it. 

Removed:
    incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/WSSEAuthenticator.java
Modified:
    incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java

Modified: incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java?view=diff&rev=451356&r1=451355&r2=451356
==============================================================================
--- incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java
(original)
+++ incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java
Fri Sep 29 10:36:10 2006
@@ -17,7 +17,7 @@
 
 import java.util.StringTokenizer;
 import javax.servlet.http.HttpServletRequest;
-import com.sun.syndication.io.impl.Base64;
+import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.roller.RollerException;
@@ -50,13 +50,16 @@
                 String basic = st.nextToken();
                 if (basic.equalsIgnoreCase("Basic")) {
                     String credentials = st.nextToken();
-                    String userPass = new String(Base64.decode(credentials));
+                    String userPass = new String(Base64.decodeBase64(credentials.getBytes()));
                     int p = userPass.indexOf(":");
                     if (p != -1) {
                         userName = userPass.substring(0, p);
                         UserData user = getRoller().getUserManager().getUserByUserName(userName);
                         if (user == null) {
                             throw new UnauthorizedException("ERROR: User does not exist:
" + userName);
+                        }
+                        if (!user.getEnabled().booleanValue()) {
+                            throw new UnauthorizedException("ERROR: User is disabled: " +
userName);                            
                         }
                         String realpassword = user.getPassword();
                         password = userPass.substring(p+1);



Mime
View raw message