Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-56

Digest passwords are never accepted in the SimplePasswordValidationCallbackHandler

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0 M2
    • Fix Version/s: 1.0 M3
    • Component/s: Security
    • Labels:
      None

      Description

      Digest passwords are never accepted by the SimplePasswordValidationCallbackHandler, because the setValidator is called twice.

      protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
      if (callback instanceof PasswordValidationCallback) {
      PasswordValidationCallback passwordCallback = (PasswordValidationCallback) callback;
      if (passwordCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest)

      { passwordCallback.setValidator(new SimplePlainTextPasswordValidator()); }

      else if (passwordCallback.getRequest() instanceof PasswordValidationCallback.DigestPasswordRequest)

      { PasswordValidationCallback.DigestPasswordRequest digestPasswordRequest = (PasswordValidationCallback.DigestPasswordRequest) passwordCallback.getRequest(); String password = users.getProperty(digestPasswordRequest.getUsername()); digestPasswordRequest.setPassword(password); passwordCallback.setValidator(new PasswordValidationCallback.DigestPasswordValidator()); }

      passwordCallback.setValidator(new SimplePlainTextPasswordValidator());

        Attachments

          Activity

            People

            • Assignee:
              arjen.poutsma Arjen Poutsma
              Reporter:
              res1st Ingo
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: