Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-56

Digest passwords are never accepted in the SimplePasswordValidationCallbackHandler

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0 M2
    • Fix Version/s: 1.0 M3
    • Component/s: Security
    • Labels:
      None

      Description

      Digest passwords are never accepted by the SimplePasswordValidationCallbackHandler, because the setValidator is called twice.

      protected void handleInternal(Callback callback) throws IOException, UnsupportedCallbackException {
      if (callback instanceof PasswordValidationCallback) {
      PasswordValidationCallback passwordCallback = (PasswordValidationCallback) callback;
      if (passwordCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest)

      { passwordCallback.setValidator(new SimplePlainTextPasswordValidator()); }

      else if (passwordCallback.getRequest() instanceof PasswordValidationCallback.DigestPasswordRequest)

      { PasswordValidationCallback.DigestPasswordRequest digestPasswordRequest = (PasswordValidationCallback.DigestPasswordRequest) passwordCallback.getRequest(); String password = users.getProperty(digestPasswordRequest.getUsername()); digestPasswordRequest.setPassword(password); passwordCallback.setValidator(new PasswordValidationCallback.DigestPasswordValidator()); }

      passwordCallback.setValidator(new SimplePlainTextPasswordValidator());

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            arjen.poutsma Arjen Poutsma
            Reporter:
            res1st Ingo
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: