Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-555

Check User's status in SpringDigestPasswordValidationCallbackHandler

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.5.8
    • Component/s: Security
    • Labels:
      None

      Description

      SpringDigestPasswordValidationCallbackHandler relies on a UserDetailsService, which simply loads a User and does not verify its status. A check should be added on the combination of isCredentialsNonExpired(), isEnabled(), isAccountNonExpired() and isAccountNonLocked() to reject invalid users.

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        10h 58m 1 Tareq Abedrabbo 23/Aug/09 9:51 PM
        Resolved Resolved Closed Closed
        984d 9h 12m 1 Arjen Poutsma 04/May/12 7:03 AM

          People

          • Assignee:
            tareq Tareq Abedrabbo
            Reporter:
            tareq Tareq Abedrabbo
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: