You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Siegfried Goeschl (JIRA)" <ji...@apache.org> on 2008/12/29 18:40:44 UTC
[jira] Resolved: (EMAIL-70) Email.setMailSession() discards
provided session if using authentication
[ https://issues.apache.org/jira/browse/EMAIL-70?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Siegfried Goeschl resolved EMAIL-70.
------------------------------------
Resolution: Fixed
When mail authentication is required and no username/password is supplied than the provided mail session is used. If a username/password is found the implementation creates a new mail session and a DefaultAuthenticator as convinence implementation.
> Email.setMailSession() discards provided session if using authentication
> ------------------------------------------------------------------------
>
> Key: EMAIL-70
> URL: https://issues.apache.org/jira/browse/EMAIL-70
> Project: Commons Email
> Issue Type: Bug
> Affects Versions: 1.1
> Environment: All
> Reporter: F. Andy Seidl
> Assignee: Siegfried Goeschl
> Priority: Minor
> Fix For: 1.2
>
>
> The Email.setSession(Session aSession) method does NOT use the provided session value if the provided session is an authenticated session. In that case, a new Session instance is created and used instead. The newly created session uses a DefaultAuthenticator based on the username/password properties provided in the original session.
> This is a problem because the original session may have been created with a valid authenticator but without placing the password in the session properties. In this case, the newly constructed session will not work. Or, the original session may have been created with a custom authenticator, so again, the newly constructed session will not work.
> It seems to me that setSession() should simply set the provided session and not attempt to be smart about authentication. However, for backward compatibility, an improvement would be to offer a setRawSession() that simply sets this.session. Another improvement would be to also check for the presence of username and password properties before deciding to create a new session instance. If either of those properties is missing, use the provided session as-is.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.