Issue Details (XML | Word | Printable)

Key: EMAIL-70
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Minor Minor
Assignee: Siegfried Goeschl
Reporter: F. Andy Seidl
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Commons Email

Email.setMailSession() discards provided session if using authentication

Created: 21/Nov/07 07:33 PM   Updated: 29/Dec/08 05:40 PM
Return to search
Component/s: None
Affects Version/s: 1.1
Fix Version/s: 1.2

Time Tracking:
Not Specified

Environment: All

Resolution Date: 29/Dec/08 05:40 PM


 Description  « Hide
The Email.setSession(Session aSession) method does NOT use the provided session value if the provided session is an authenticated session. In that case, a new Session instance is created and used instead. The newly created session uses a DefaultAuthenticator based on the username/password properties provided in the original session.

This is a problem because the original session may have been created with a valid authenticator but without placing the password in the session properties. In this case, the newly constructed session will not work. Or, the original session may have been created with a custom authenticator, so again, the newly constructed session will not work.

It seems to me that setSession() should simply set the provided session and not attempt to be smart about authentication. However, for backward compatibility, an improvement would be to offer a setRawSession() that simply sets this.session. Another improvement would be to also check for the presence of username and password properties before deciding to create a new session instance. If either of those properties is missing, use the provided session as-is.

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Ben Speakmon added a comment - 21/Nov/07 08:03 PM
Thanks for the report – can you provide a test case and a patch? That'll make it much easier to get this addressed.

[ Permlink | « Hide ]
Bjorn Townsend added a comment - 12/Dec/07 08:30 AM
I've looked into this a bit, and it looks difficult to test. Andy, any chance you could provide a test?

[ Permlink | « Hide ]
Siegfried Goeschl added a comment - 29/Dec/08 05:40 PM
When mail authentication is required and no username/password is supplied than the provided mail session is used. If a username/password is found the implementation creates a new mail session and a DefaultAuthenticator as convinence implementation.


Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators