[jboss-jira] [JBoss JIRA] Closed: (SECURITY-158) password is not added in sharedState of login modules
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Mon Jun 16 18:34:33 EDT 2008
[ http://jira.jboss.com/jira/browse/SECURITY-158?page=all ]
Anil Saldhana closed SECURITY-158.
----------------------------------
Resolution: Done
LoginModulesUnitTestCase has a test for sharedmap.
> password is not added in sharedState of login modules
> -----------------------------------------------------
>
> Key: SECURITY-158
> URL: http://jira.jboss.com/jira/browse/SECURITY-158
> Project: JBoss Security and Identity Management
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: 2.0.2-BETA4
> Reporter: J-C jc
> Assigned To: Anil Saldhana
> Fix For: 2.0.2.CR4
>
> Original Estimate: 1 minute
> Remaining Estimate: 1 minute
>
> In class UsernamePasswordLoginModule method login:
> at the end of the login method, if useFirstPass is set to true username and credential should be added in the sharedState. credential is always null. Password get from the callbackhandler has never been copied from password to credential
> To fix that bug
> Replace
> if( getUseFirstPass() == true )
> { // Add the username and password to the shared state map
> sharedState.put("javax.security.auth.login.name", username);
> sharedState.put("javax.security.auth.login.password", credential);
> }
> With
> if( getUseFirstPass() == true )
> { // Add the username and password to the shared state map
> sharedState.put("javax.security.auth.login.name", username);
> sharedState.put("javax.security.auth.login.password", password);
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list