You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Ashish Jain (JIRA)" <ji...@apache.org> on 2009/12/11 11:09:18 UTC
[jira] Updated: (GERONIMO-4983) In debug mode Properties file login
module reurns loginsucceeded as true for non existent users and null
password
[ https://issues.apache.org/jira/browse/GERONIMO-4983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashish Jain updated GERONIMO-4983:
----------------------------------
Fix Version/s: 2.1.5
> In debug mode Properties file login module reurns loginsucceeded as true for non existent users and null password
> -----------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-4983
> URL: https://issues.apache.org/jira/browse/GERONIMO-4983
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Affects Versions: 2.1.4, 2.2
> Environment: windows Xp, eclipse
> Reporter: Ashish Jain
> Assignee: Ashish Jain
> Fix For: 2.1.5, 2.2.1
>
>
> While debugging one of the login fallback code I see that PropertiesFileLoginModule.java returns loginsucceeded as true for a non-existent user and null password.
> This happens under the following use case.
> In the BasicAuthenticator Code I have the following
> String username=header.substring(10);
> String password=null;
> principal = context.getRealm().authenticate(username, password);
> In the login method of PropertiesFileLoginModule as per the above usecase we will have
> realPassword as null and password as null as a result "if (!checkPassword(realPassword, password))"
> will be skipped and hence resulting in loginSucceeded=true.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.