You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shiro.apache.org by "Brian Demers (Jira)" <ji...@apache.org> on 2022/10/07 15:19:00 UTC
[jira] [Resolved] (SHIRO-887) FormAuthenticationFilter trims passwords which start and/or end with one or more space character(s)
[ https://issues.apache.org/jira/browse/SHIRO-887?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers resolved SHIRO-887.
--------------------------------
Fix Version/s: (was: 2.0.0)
Resolution: Fixed
> FormAuthenticationFilter trims passwords which start and/or end with one or more space character(s)
> ---------------------------------------------------------------------------------------------------
>
> Key: SHIRO-887
> URL: https://issues.apache.org/jira/browse/SHIRO-887
> Project: Shiro
> Issue Type: Bug
> Affects Versions: 2.0.0, 1.9.1
> Reporter: Sebastian Frey
> Priority: Minor
> Fix For: 1.10.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> The FormAuthenticationFilter trims passwords which start and/or end with one or more space character(s), which prevents login for users with such passwords.
> Since spaces at the start and/or end of a password are totally legit, the password param should not be trimmed, when processed by the FormAuthenticationFilter.
> The reason for that behavior is, that in the FormAuthenticationFilter WebUtils.
> getCleanParam() is called, which than calls StringUtils.clean(), which trims passed strings.
>
> If desired, I would prepare a PR to fix that behavior.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@shiro.apache.org
For additional commands, e-mail: issues-help@shiro.apache.org