You are viewing a plain text version of this content. The canonical link for it is here.

Posted to ftpserver-users@mina.apache.org by nlmueng <nl...@yahoo.com> on 2008/12/03 21:48:57 UTC

Authenticate with database

In the examples on the website(http://cwiki.apache.org/FTPSERVER/database-user-manager.html) it shows:

<authenticate>SELECT uid from FTP_USER WHERE uid='{uid}' AND
userpassword='{userpassword}'</authenticate>

(uid is wrong, is actually userid in all three places)

but the code will never set userpassword

in DbUserManager.authenticate

it does 

HashMap<String, Object> map = new HashMap<String, Object>();
map.put(ATTR_LOGIN, escapeString(user));
String sql = StringUtils.replaceString(authenticateStmt, map);
LOG.info(sql);

and after it compares the stored password with the one the user entered.

is this designed to be this way or the way described in the documentation, i think allowing it the way it is in the documentation allows for greater flexibility.  

if it is not a bug and is a design feature I will make a custom user manager.  

thanks
Nathan

Re: Authenticate with database

Posted by Niklas Gustavsson <ni...@protocol7.com>.

Hi

Could you please open a JIRA issue just to make sure we don't loose the issue:
https://issues.apache.org/jira/browse/FTPSERVER

/niklas

On Wed, Dec 3, 2008 at 9:48 PM, nlmueng <nl...@yahoo.com> wrote:
> In the examples on the website(http://cwiki.apache.org/FTPSERVER/database-user-manager.html) it shows:
>
> <authenticate>SELECT uid from FTP_USER WHERE uid='{uid}' AND
> userpassword='{userpassword}'</authenticate>
>
> (uid is wrong, is actually userid in all three places)
>
> but the code will never set userpassword
>
> in DbUserManager.authenticate
>
> it does
>
> HashMap<String, Object> map = new HashMap<String, Object>();
> map.put(ATTR_LOGIN, escapeString(user));
> String sql = StringUtils.replaceString(authenticateStmt, map);
> LOG.info(sql);
>
> and after it compares the stored password with the one the user entered.
>
> is this designed to be this way or the way described in the documentation, i think allowing it the way it is in the documentation allows for greater flexibility.
>
> if it is not a bug and is a design feature I will make a custom user manager.
>
> thanks
> Nathan
>
>
>
>