[jboss-jira] [JBoss JIRA] (ELY-100) Digest-MD5 authorization check is incorrect
David Lloyd (JIRA)
issues at jboss.org
Wed Oct 15 11:33:35 EDT 2014
David Lloyd created ELY-100:
-------------------------------
Summary: Digest-MD5 authorization check is incorrect
Key: ELY-100
URL: https://issues.jboss.org/browse/ELY-100
Project: WildFly Elytron
Issue Type: Bug
Components: SASL
Reporter: David Lloyd
Assignee: Peter Skopek
In MD5DigestSaslServer.java line 232-233 we have this code:
{code}
byte[] authzid = parsedDigestResponse.get("authzid");
String authorizationId = (authzid==null || authzid.equals(userName)) ? null : new String(authzid, Charsets.UTF_8);
{code}
The {{equals}} compare between {{authzid}} (a byte array) and {{userName}} (a String) is invalid. However if I fix it in the obvious manner, tests fail.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the jboss-jira
mailing list