[ACCUMULO-2700] SecurityOperation.authenticateSystemUser fails to properly validate system user - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.6.0
Component/s: None
Labels:
- 16_qa_bug
- findbugs

Description

FindBugs found in the 1.6.0-SNAPSHOT branch that SecurityOperation.authenticateSystemUser(TCredentials credentials) does an improper comparison (equals) between AuthenticationToken and byte array.

Additionally, upon visual inspection, it looks like the condition is not'd (missing a ! to throw the exception when the credentials don't match).

The result appears to be that the system user is always authenticated, even if the credentials don't match. I haven't checked 1.5 yet to see if the bug applies there also.

Attachments

Activity

People

Assignee:: Christopher Tubbs

Reporter:: Christopher Tubbs

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 18/Apr/14 20:52

Updated:: 23/Apr/14 16:45

Resolved:: 21/Apr/14 20:12