[GERONIMO-4983] In debug mode Properties file login module reurns loginsucceeded as true for non existent users and null password - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Duplicate
Affects Version/s: 2.1.4, 2.2
Fix Version/s: 2.1.5, 2.2.1
Component/s: None
Security Level: public (Regular issues)
Labels:
None
Environment:

windows Xp, eclipse

Patch Info:

Patch Available

Description

While debugging one of the login fallback code I see that PropertiesFileLoginModule.java returns loginsucceeded as true for a non-existent user and null password.
This happens under the following use case.

In the BasicAuthenticator Code I have the following
String username=header.substring(10);
String password=null;
principal = context.getRealm().authenticate(username, password);

In the login method of PropertiesFileLoginModule as per the above usecase we will have
realPassword as null and password as null as a result "if (!checkPassword(realPassword, password))"
will be skipped and hence resulting in loginSucceeded=true.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

GERONIMO-4983.patch
11/Dec/09 10:13
1.0 kB
Ashish Jain

Activity

People

Assignee:: Lin Quan Jiang

Reporter:: Ashish Jain

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 11/Dec/09 10:08

Updated:: 09/Feb/10 08:05

Resolved:: 05/Feb/10 10:24