You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2014/12/20 02:35:24 UTC

svn commit: r1646910 - /portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java

Author: taylor
Date: Sat Dec 20 01:35:23 2014
New Revision: 1646910

URL: http://svn.apache.org/r1646910
Log:
JS2-1308: Disabled user is never checked and new users can logon. patch from Martin Maidhof.

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java?rev=1646910&r1=1646909&r2=1646910&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java (original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/UserPasswordCredentialManagerImpl.java Sat Dec 20 01:35:23 2014
@@ -88,14 +88,14 @@ public class UserPasswordCredentialManag
                 {
                     upcsm.storePasswordCredential(credential);
                 }
-                if (!credential.isEnabled() || credential.isExpired())
-                {
-                    throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER, userName));
-                }
-                else if (credential.getAuthenticationFailures() != 0)
-                {
-                    throw new SecurityException(SecurityException.INVALID_PASSWORD);
-                }
+            }
+            if (!credential.isEnabled() || credential.isExpired())
+            {
+                throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER, userName));
+            }
+            else if (credential.getAuthenticationFailures() != 0)
+            {
+                throw new SecurityException(SecurityException.INVALID_PASSWORD);
             }
         }
         else



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org