Uploaded image for project: 'FtpServer'
  1. FtpServer
  2. FTPSERVER-235

Documentation and code do not match for db user manager

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.0.0-M3, 1.0.0-M4
    • 1.0.0-RC1
    • Core
    • None

    Description

      In the examples on the website(http://cwiki.apache.org/FTPSERVER/database-user-manager.html) it shows:

      <authenticate>SELECT uid from FTP_USER WHERE uid='

      {uid}

      ' AND
      userpassword='

      {userpassword}

      '</authenticate>

      (uid is wrong, is actually userid in all three places)

      but the code will never set userpassword

      in DbUserManager.authenticate

      it does

      HashMap<String, Object> map = new HashMap<String, Object>();
      map.put(ATTR_LOGIN, escapeString(user));
      String sql = StringUtils.replaceString(authenticateStmt, map);
      LOG.info(sql);

      and after it compares the stored password with the one the user entered.

      is this designed to be this way or the way described in the documentation, i think allowing it the way it is in the documentation allows for greater flexibility.

      if it is not a bug and is a design feature I will make a custom user manager.

      a fix that would match the documentation would be

      public User authenticate(Authentication authentication) throws AuthenticationFailedException {
      if (authentication instanceof UsernamePasswordAuthentication) {
      UsernamePasswordAuthentication upauth = (UsernamePasswordAuthentication) authentication;
      String user = upauth.getUsername();
      String password = upauth.getPassword();
      if (user == null)

      { throw new AuthenticationFailedException("Authentication failed"); }

      if (password == null)

      { password = ""; }

      Statement stmt = null;
      ResultSet rs = null;
      try {
      // create the sql query
      HashMap<String, Object> map = new HashMap<String, Object>();
      map.put(ATTR_LOGIN, escapeString(user));
      map.put(ATTR_PASSWORD, escapeString(password));
      String sql = StringUtils.replaceString(authenticateStmt, map);
      LOG.info(sql);
      // execute query
      stmt = createConnection().createStatement();
      rs = stmt.executeQuery(sql);
      if (rs.next()) {
      try

      { return getUserByName(user); }

      catch (FtpException e)

      { throw new AuthenticationFailedException("Authentication failed", e); }

      } else

      { throw new AuthenticationFailedException("Authentication failed"); }
      } catch (SQLException ex) { LOG.error("DbUserManager.authenticate()", ex); throw new AuthenticationFailedException("Authentication failed", ex); } finally { closeQuitely(rs); closeQuitely(stmt); }
      } else if (authentication instanceof AnonymousAuthentication) {
      try {
      if (doesExist("anonymous")) { return getUserByName("anonymous"); } else { throw new AuthenticationFailedException("Authentication failed"); }

      } catch (AuthenticationFailedException e)

      { throw e; }

      catch (FtpException e)

      { throw new AuthenticationFailedException("Authentication failed", e); }

      } else

      { throw new IllegalArgumentException("Authentication not supported by this user manager"); }

      }

      Attachments

        Activity

          People

            niklas Niklas Therning
            nlmueng nathan longley
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: