[SWS-555] Check User's status in SpringDigestPasswordValidationCallbackHandler Created: 23/Aug/09  Updated: 04/May/12  Resolved: 23/Aug/09

Status: Closed
Project: Spring Web Services
Component/s: Security
Affects Version/s: None
Fix Version/s: 1.5.8

Type: Bug Priority: Major
Reporter: Tareq Abedrabbo Assignee: Tareq Abedrabbo
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


SpringDigestPasswordValidationCallbackHandler relies on a UserDetailsService, which simply loads a User and does not verify its status. A check should be added on the combination of isCredentialsNonExpired(), isEnabled(), isAccountNonExpired() and isAccountNonLocked() to reject invalid users.

Comment by Arjen Poutsma [ 04/May/12 ]

Closing old issues

Generated at Tue Aug 14 14:12:28 UTC 2018 using JIRA 7.9.0#79000-sha1:3ca552e944c2fe83b21589bc06f155b9b428cc2b.