[jboss-cvs] JBossAS SVN: r84646 - projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Feb 23 12:30:27 EST 2009 

Author: sguilhen at redhat.com
Date: 2009-02-23 12:30:26 -0500 (Mon, 23 Feb 2009)
New Revision: 84646

Modified:
   projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
Log:
SECURITY-370: added the throwValidateError flag that indicates whether the validation errors should be exposed to clients or not. It is disabled by default. When this flag is set to true, the validation error is set as the cause for the FailedLoginException that is thrown by login()

Modified: projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java	2009-02-23 16:50:24 UTC (rev 84645)
+++ projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java	2009-02-23 17:30:26 UTC (rev 84646)
@@ -76,11 +76,14 @@
    /** A flag indicating if the store password should be hashed using the hashAlgorithm  */
    private boolean hashStorePassword;
 
-   /** A flag indicating if the user inputted password should be hashed using the hashAlgorithm */
+   /** A flag indicating if the user supplied password should be hashed using the hashAlgorithm */
    private boolean hashUserPassword = true;
    /** A flag that restores the ability to override the createPasswordHash(String,String) */
    private boolean legacyCreatePasswordHash;
-   /** */
+   
+   /** A flag that indicates whether validation errors should be exposed to clients or not */
+   private boolean throwValidateError = false;
+   /** A {@code Throwable} representing the validation error */
    private Throwable validateError; 
 
    /** Override the superclass method to look for the following options after
@@ -105,6 +108,7 @@
       the store/expected password. Only used if hashStorePassword or hashUserPassword is true and
       hashAlgorithm has been specified.
     */
+   @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler,
       Map<String,?> sharedState, Map<String,?> options)
    {
@@ -139,10 +143,14 @@
       flag = (String) options.get("legacyCreatePasswordHash");
       if( flag != null )
          legacyCreatePasswordHash = Boolean.valueOf(flag).booleanValue();
+      flag = (String) options.get("throwValidateError");
+      if(flag != null)
+         this.throwValidateError = Boolean.valueOf(flag).booleanValue();
    }
 
    /** Perform the authentication of the username and password.
     */
+   @Override
    @SuppressWarnings("unchecked")
    public boolean login() throws LoginException
    {
@@ -211,7 +219,7 @@
          {
             Throwable ex = getValidateError();
             FailedLoginException fle = new FailedLoginException("Password Incorrect/Password Required");
-            if( ex != null )
+            if( ex != null && this.throwValidateError == true)
             {
                log.debug("Bad password for username="+username, ex);
                fle.initCause(ex);
@@ -234,10 +242,12 @@
       return true;
    }
 
+   @Override
    protected Principal getIdentity()
    {
       return identity;
    }
+   @Override
    protected Principal getUnauthenticatedIdentity()
    {
       return unauthenticatedIdentity;

More information about the jboss-cvs-commits mailing list