You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Siegfried Goeschl (JIRA)" <ji...@apache.org> on 2008/12/29 18:40:44 UTC

[jira] Resolved: (EMAIL-70) Email.setMailSession() discards provided session if using authentication

     [ https://issues.apache.org/jira/browse/EMAIL-70?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Siegfried Goeschl resolved EMAIL-70.
------------------------------------

    Resolution: Fixed

When mail authentication is required and no username/password is supplied than the provided mail session is used. If a username/password is found the implementation creates a new mail session and a DefaultAuthenticator as convinence implementation.



> Email.setMailSession() discards provided session if using authentication
> ------------------------------------------------------------------------
>
>                 Key: EMAIL-70
>                 URL: https://issues.apache.org/jira/browse/EMAIL-70
>             Project: Commons Email
>          Issue Type: Bug
>    Affects Versions: 1.1
>         Environment: All
>            Reporter: F. Andy Seidl
>            Assignee: Siegfried Goeschl
>            Priority: Minor
>             Fix For: 1.2
>
>
> The Email.setSession(Session aSession) method does NOT use the provided session value if the provided session is an authenticated session.  In that case, a new Session instance is created and used instead.  The newly created session uses a DefaultAuthenticator based on the username/password properties provided in the original session.
> This is a problem because the original session may have been created with a valid authenticator but without placing the password in the session properties.  In this case, the newly constructed session will not work.  Or, the original session may have been created with a custom authenticator, so again, the newly constructed session will not work.
> It seems to me that setSession() should simply set the provided session and not attempt to be smart about authentication.  However, for backward compatibility, an improvement would be to offer a setRawSession() that simply sets this.session.   Another improvement would be to also check for the presence of username and password properties before deciding to create a new session instance.  If either of those properties is missing, use the provided session as-is.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.