You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by jt...@apache.org on 2006/09/29 19:36:11 UTC

svn commit: r451356 - in /incubator/roller/trunk/src/org/apache/roller/webservices/adminapi: BasicAuthenticator.java WSSEAuthenticator.java

Author: jtb
Date: Fri Sep 29 10:36:10 2006
New Revision: 451356

URL: http://svn.apache.org/viewvc?view=rev&rev=451356
Log:
1. change to use org.apache.commons.codec.binary.Base64 instead of com.sun.syndication.io.impl.Base64. the latter was causing odd error when attempting to decode certain passwords. i don't really understand why though, but this is also what the APP endpoint uses.
2. check if user is disabled after auth
3. remove WSSE auth class. no use having that if it's not being kept up to date and not being unit tested. we can add it back in if we need it. 

Removed:
    incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/WSSEAuthenticator.java
Modified:
    incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java

Modified: incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java
URL: http://svn.apache.org/viewvc/incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java?view=diff&rev=451356&r1=451355&r2=451356
==============================================================================
--- incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java (original)
+++ incubator/roller/trunk/src/org/apache/roller/webservices/adminapi/BasicAuthenticator.java Fri Sep 29 10:36:10 2006
@@ -17,7 +17,7 @@
 
 import java.util.StringTokenizer;
 import javax.servlet.http.HttpServletRequest;
-import com.sun.syndication.io.impl.Base64;
+import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.roller.RollerException;
@@ -50,13 +50,16 @@
                 String basic = st.nextToken();
                 if (basic.equalsIgnoreCase("Basic")) {
                     String credentials = st.nextToken();
-                    String userPass = new String(Base64.decode(credentials));
+                    String userPass = new String(Base64.decodeBase64(credentials.getBytes()));
                     int p = userPass.indexOf(":");
                     if (p != -1) {
                         userName = userPass.substring(0, p);
                         UserData user = getRoller().getUserManager().getUserByUserName(userName);
                         if (user == null) {
                             throw new UnauthorizedException("ERROR: User does not exist: " + userName);
+                        }
+                        if (!user.getEnabled().booleanValue()) {
+                            throw new UnauthorizedException("ERROR: User is disabled: " + userName);                            
                         }
                         String realpassword = user.getPassword();
                         password = userPass.substring(p+1);