You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Brian Demers (JIRA)" <ji...@apache.org> on 2016/07/07 20:39:11 UTC
[jira] [Resolved] (SHIRO-483) passwordsMatch() returns false with
right plain password-encrypted password in JVM with default locale tr_TR
[ https://issues.apache.org/jira/browse/SHIRO-483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers resolved SHIRO-483.
--------------------------------
Resolution: Fixed
This was caused by an enum lookup.
In general there are a few locations in crypto/hash that do a 'toUpperCase()', we should probably set the locale on all of them, but there might be an edge case that I'm not thinking about.
If anything is found we should treat them individually with a new issue.
> passwordsMatch() returns false with right plain password-encrypted password in JVM with default locale tr_TR
> ------------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-483
> URL: https://issues.apache.org/jira/browse/SHIRO-483
> Project: Shiro
> Issue Type: Bug
> Components: Authentication (log-in)
> Affects Versions: 1.2.2
> Environment: JVM Locale tr_TR
> Reporter: Salih ERİKCİ
> Labels: password
> Fix For: 1.3.0
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> public static void main(String[] args) {
> PasswordService psd = new DefaultPasswordService();
> String password = "333";
> String enc = psd.encryptPassword(password);
> System.out.print(psd.passwordsMatch(password, enc));
>
> }
> The above code outputs "false" on JVM which has default locale tr_TR, the following outputs "true"
> public static void main(String[] args) {
> PasswordService psd = new DefaultPasswordService();
> String password = "333";
> String enc = psd.encryptPassword(password);
> Locale.setDefault(Locale.ENGLISH);
> System.out.print(psd.passwordsMatch(password, enc));
>
> }
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)