Details
Description
While debugging one of the login fallback code I see that PropertiesFileLoginModule.java returns loginsucceeded as true for a non-existent user and null password.
This happens under the following use case.
In the BasicAuthenticator Code I have the following
String username=header.substring(10);
String password=null;
principal = context.getRealm().authenticate(username, password);
In the login method of PropertiesFileLoginModule as per the above usecase we will have
realPassword as null and password as null as a result "if (!checkPassword(realPassword, password))"
will be skipped and hence resulting in loginSucceeded=true.