[jboss-jira] [JBoss JIRA] (SECURITY-896) Parsing username works incorrectly in LdapExtLoginModule
Ondrej Lukas (JIRA)
issues at jboss.org
Thu Jun 25 06:36:02 EDT 2015
[ https://issues.jboss.org/browse/SECURITY-896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas moved JBEAP-365 to SECURITY-896:
---------------------------------------------
Project: PicketBox (was: JBoss Enterprise Application Platform)
Key: SECURITY-896 (was: JBEAP-365)
Workflow: classic default workflow (was: CDW v1)
Affects Version/s: PicketBox_4_9_2.Final
(was: EAP 7.0.0.DR4)
Component/s: PicketBox
(was: Security)
Target Release: (was: EAP 7.0.0.GA)
> Parsing username works incorrectly in LdapExtLoginModule
> --------------------------------------------------------
>
> Key: SECURITY-896
> URL: https://issues.jboss.org/browse/SECURITY-896
> Project: PicketBox
> Issue Type: Bug
> Components: PicketBox
> Affects Versions: PicketBox_4_9_2.Final
> Reporter: Ondrej Lukas
>
> Option parseUsername from LdapExtLoginModule provides usernameBeginString and usernameEndString which using in code is wrongly implemented in getUsername() method. This method contains several issues related to this parsing:
> 1) Even if value of usernameBeginString is not found in username then first part of username with length usernameBeginString.length()-1 is removed.
> 2) Everything what is in username before first occurrence of usernameBeginString is removed. IMHO usernameBeginString should be first part of username and only then it should be removed.
> 3) End index of substring from username is obtained from first occurrence of usernameEndString value. IMHO usernameEndString should be last occurrence in username and also it should be end of username and only then it should be removed.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list