[
https://issues.apache.org/jira/browse/JCR-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
angela resolved JCR-2527.
-------------------------
Resolution: Fixed
> Fix and simplify CryptedSimpleCredentials
> -----------------------------------------
>
> Key: JCR-2527
> URL: https://issues.apache.org/jira/browse/JCR-2527
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: jackrabbit-core
> Affects Versions: 2.0.0
> Reporter: angela
> Assignee: angela
> Fix For: 2.0.1
>
>
> the credentials retrieved from UserImpl and used to validate the
> simplecredentials passed to the repository login is overly complex
> and buggy as it tries to match all kind credentials variants with and without
> hashed password.
> in particular it contains the following problems:
> - simplecredentials containing the hashed pw are considered valid
> - passwords startign with {something} cause inconsistencies and may even
> prevent the user from login
> it should be improved as follows:
> - simplecredentials are always expected to contain the plain text password
> both for creation and
> comparison with the cryptedsimplecredentials.
> - creating cryptedsimplecredentials from uid/pw however is left unchanged:
> the specified pw is
> hashed with the default algorithm if it turns out not to be in the hashed
> format.
> - in addition the pw should also be hashed if it has the form
> {something}whatever but something
> is an invalid algorithm.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
