Major Description
Using PropertiesUserManager, setting a user's "enableflag" to false does not prevent the user from logging in, downloading files, etc.
Here is the users.properties file:
=======
- Password is "admin"
ftpserver.user.admin.userpassword=21232F297A57A5A743894A0E4A801FC3
ftpserver.user.admin.homedirectory=./res/home
ftpserver.user.admin.enableflag=true
ftpserver.user.admin.writepermission=true
ftpserver.user.admin.maxloginnumber=0
ftpserver.user.admin.maxloginperip=0
ftpserver.user.admin.idletime=0
ftpserver.user.admin.uploadrate=0
ftpserver.user.admin.downloadrate=0
ftpserver.user.anonymous.userpassword=
ftpserver.user.anonymous.homedirectory=./res/home
ftpserver.user.anonymous.enableflag=true
ftpserver.user.anonymous.writepermission=false
ftpserver.user.anonymous.maxloginnumber=20
ftpserver.user.anonymous.maxloginperip=2
ftpserver.user.anonymous.idletime=300
ftpserver.user.anonymous.uploadrate=4800
ftpserver.user.anonymous.downloadrate=4800
- Password is "admin"
ftpserver.user.chris.userpassword=21232F297A57A5A743894A0E4A801FC3
ftpserver.user.chris.homedirectory=./res/home
ftpserver.user.chris.enableflag=false
ftpserver.user.chris.writepermission=false
ftpserver.user.chris.maxloginnumber=20
ftpserver.user.chris.maxloginperip=2
ftpserver.user.chris.idletime=300
ftpserver.user.chris.uploadrate=4800
ftpserver.user.chris.downloadrate=4800
=========
User 'chris' can successfully login and download a file, even though he is disabled.
The DESCUSER command shows the user as disabled:
=======
コマンド: SITE DESCUSER chris
応答: 200-
応答: userid : chris
応答: userpassword : ********
応答: homedirectory : ./res/home
応答: writepermission : false
応答: enableflag : false
応答: idletime : 300
応答: uploadrate : 0
応答: 200 downloadrate : 0
=======
I did a quick check of the source, and the only place I could find a check of org.apache.ftpserver.ftplet.User#getEnabled() was in the SITE_DESCUSER class. So it appears that at login time a user's enabled/disabled status is never checked.