You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by va...@apache.org on 2007/10/22 08:17:34 UTC
svn commit: r587006 - in /geronimo/server:
branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/
branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/
trunk/modules/geronimo...
Author: vamsic007
Date: Sun Oct 21 23:17:33 2007
New Revision: 587006
URL: http://svn.apache.org/viewvc?rev=587006&view=rev
Log:
**GERONIMO-3543 SQLLoginModule successfully authenticates non-existent users
o Fixed the LoginModule to throw FailedLoginException for non-existent user
o Added a test to detect regression
**: This commit can use a thorough review.
Modified:
geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
Modified: geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?rev=587006&r1=587005&r2=587006&view=diff
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java (original)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java Sun Oct 21 23:17:33 2007
@@ -221,16 +221,22 @@
ResultSet result = statement.executeQuery();
try {
+ boolean found = false;
while (result.next()) {
String userName = result.getString(1);
String userPassword = result.getString(2);
if (cbUsername.equals(userName)) {
+ found = true;
if (!checkPassword(userPassword, cbPassword)) {
throw new FailedLoginException();
}
break;
}
+ }
+ if(!found) {
+ // User does not exist
+ throw new FailedLoginException();
}
} finally {
result.close();
Modified: geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java?rev=587006&r1=587005&r2=587006&view=diff
==============================================================================
--- geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java (original)
+++ geronimo/server/branches/2.0/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java Sun Oct 21 23:17:33 2007
@@ -161,12 +161,32 @@
}
}
+ public void testBadUserLogin() throws Exception {
+ LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("bad", "starcraft"));
+
+ try {
+ context.login();
+ fail("Should not allow this login with bad username");
+ } catch (LoginException e) {
+ }
+ }
+
public void testNullPasswordLogin() throws Exception {
LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan", null));
try {
context.login();
fail("Should not allow this login with null password");
+ } catch (LoginException e) {
+ }
+ }
+
+ public void testBadPasswordLogin() throws Exception {
+ LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan", "bad"));
+
+ try {
+ context.login();
+ fail("Should not allow this login with bad password");
} catch (LoginException e) {
}
}
Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java?rev=587006&r1=587005&r2=587006&view=diff
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/SQLLoginModule.java Sun Oct 21 23:17:33 2007
@@ -221,16 +221,22 @@
ResultSet result = statement.executeQuery();
try {
+ boolean found = false;
while (result.next()) {
String userName = result.getString(1);
String userPassword = result.getString(2);
if (cbUsername.equals(userName)) {
+ found = true;
if (!checkPassword(userPassword, cbPassword)) {
throw new FailedLoginException();
}
break;
}
+ }
+ if(!found) {
+ // User does not exist
+ throw new FailedLoginException();
}
} finally {
result.close();
Modified: geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java?rev=587006&r1=587005&r2=587006&view=diff
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java (original)
+++ geronimo/server/trunk/modules/geronimo-security/src/test/java/org/apache/geronimo/security/jaas/LoginSQLTest.java Sun Oct 21 23:17:33 2007
@@ -161,12 +161,32 @@
}
}
+ public void testBadUserLogin() throws Exception {
+ LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("bad", "starcraft"));
+
+ try {
+ context.login();
+ fail("Should not allow this login with bad username");
+ } catch (LoginException e) {
+ }
+ }
+
public void testNullPasswordLogin() throws Exception {
LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan", null));
try {
context.login();
fail("Should not allow this login with null password");
+ } catch (LoginException e) {
+ }
+ }
+
+ public void testBadPasswordLogin() throws Exception {
+ LoginContext context = new LoginContext("sql-realm", new UsernamePasswordCallback("alan", "bad"));
+
+ try {
+ context.login();
+ fail("Should not allow this login with bad password");
} catch (LoginException e) {
}
}