[SWS-555] Check User's status in SpringDigestPasswordValidationCallbackHandler Created: 23/Aug/09  Updated: 04/May/12  Resolved: 23/Aug/09

Status: Closed
Project: Spring Web Services
Component/s: Security
Affects Version/s: None
Fix Version/s: 1.5.8

Type: Bug Priority: Major
Reporter: Tareq Abedrabbo Assignee: Tareq Abedrabbo
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


SpringDigestPasswordValidationCallbackHandler relies on a UserDetailsService, which simply loads a User and does not verify its status. A check should be added on the combination of isCredentialsNonExpired(), isEnabled(), isAccountNonExpired() and isAccountNonLocked() to reject invalid users.

Comment by Arjen Poutsma [ 04/May/12 ]

Closing old issues

Generated at Mon Feb 19 13:51:14 UTC 2018 using JIRA 6.4.14#64029-sha1:ae256fe0fbb912241490ff1cecfb323ea0905ca5.