[jboss-jira] [JBoss JIRA] Created: (SECURITY-158) password is not added in sharedState of login modules
J-C jc (JIRA)
jira-events at lists.jboss.org
Thu Mar 27 13:51:40 EDT 2008
password is not added in sharedState of login modules
-----------------------------------------------------
Key: SECURITY-158
URL: http://jira.jboss.com/jira/browse/SECURITY-158
Project: JBoss Security and Identity Management
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: JBossSX
Affects Versions: 2.0.2-BETA4
Reporter: J-C jc
Assigned To: Anil Saldhana
In class UsernamePasswordLoginModule method login:
at the end of the login method, if useFirstPass is set to true username and credential should be added in the sharedState. credential is always null. Password get from the callbackhandler has never been copied from password to credential
To fix that bug
Replace
if( getUseFirstPass() == true )
{ // Add the username and password to the shared state map
sharedState.put("javax.security.auth.login.name", username);
sharedState.put("javax.security.auth.login.password", credential);
}
With
if( getUseFirstPass() == true )
{ // Add the username and password to the shared state map
sharedState.put("javax.security.auth.login.name", username);
sharedState.put("javax.security.auth.login.password", password);
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list