[GERONIMO-3543] SQLLoginModule successfully authenticates non-existent users - ASF JIRA

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.0, 2.0.1, 2.0.2, 2.1
Fix Version/s: 2.0.3, 2.1
Component/s: security
Security Level: public (Regular issues)
Labels:
None

Patch Info:

Patch Available
Regression:

Regression

Description

Authentication succeeds with SQLLoginModule if logging in with an username that does not exist in the database.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

GERONIMO-3543.patch

22/Oct/07 06:03

3 kB

Vamsavardhana Reddy

Activity

Hide

Permalink

Vamsavardhana Reddy added a comment - 22/Oct/07 06:20

Completed: At revision: 587006
o Fixed the LoginModule to throw FailedLoginException for non-existent user
o Added a test to detect regression

**: This commit can use a thorough review.

Show

Vamsavardhana Reddy added a comment - 22/Oct/07 06:20 Completed: At revision: 587006 o Fixed the LoginModule to throw FailedLoginException for non-existent user o Added a test to detect regression **: This commit can use a thorough review.

People

Assignee:

Vamsavardhana Reddy

Reporter:

Jarek Gawor

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

22/Oct/07 04:51

Updated:

23/Jul/08 20:53

Resolved:

25/Oct/07 12:02

Development

Agile

View on Board