Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-158

password is not added in sharedState of login modules

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • 2.0.2.CR4
    • 2.0.2-BETA4
    • JBossSX
    • None
    • Low

      In class UsernamePasswordLoginModule method login:

      at the end of the login method, if useFirstPass is set to true username and credential should be added in the sharedState. credential is always null. Password get from the callbackhandler has never been copied from password to credential

      To fix that bug
      Replace
      if( getUseFirstPass() == true )

      { // Add the username and password to the shared state map sharedState.put("javax.security.auth.login.name", username); sharedState.put("javax.security.auth.login.password", credential); }

      With
      if( getUseFirstPass() == true )

      { // Add the username and password to the shared state map sharedState.put("javax.security.auth.login.name", username); sharedState.put("javax.security.auth.login.password", password); }

          1.
          		 Review SECURITY-158 changes Sub-task Closed Major Marcus Moyses (Inactive)
          2.
          		 Backport SECURITY-158 to JBoss AS 4.x Sub-task Closed Major Marcus Moyses (Inactive)

              anil.saldhana Anil Saldanha (Inactive)
              jc7442 J-C jc (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 1 minute
                  1m
                  Remaining:
                  Remaining Estimate - 1 minute
                  1m
                  Logged:
                  Time Spent - Not Specified
                  Not Specified