Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-887

FormAuthenticationFilter trims passwords which start and/or end with one or more space character(s)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.0.0-alpha, 1.9.1
    • 1.10.0
    • None
    • None

    Description

      The FormAuthenticationFilter trims passwords which start and/or end with one or more space character(s), which prevents login for users with such passwords.

      Since spaces at the start and/or end of a password are totally legit, the password param should not be trimmed, when processed by the FormAuthenticationFilter.

      The reason for that behavior is, that in the FormAuthenticationFilter WebUtils.
      getCleanParam() is called, which than calls StringUtils.clean(), which trims passed strings.
       
      If desired, I would prepare a PR to fix that behavior.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #369

          Activity

            People

              Unassigned Unassigned
              sebastianfrey Sebastian Frey
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 40m
                  1h 40m