Hi Devs, Noticed that we trim the username when performing authentication in LDAP and AD Userstore Managers[1]. But we do not do trim the username in JDBCUserStoreManager[2]?
IMO we should have the similar behaviour for all the user stores, ie. either we trim the username in each of them or we don't trim in any of them? On the other hand, I think we shouldn't trim the username at all since it leads to issue like[3], where the authentication was successful because of trimming the spaces silently but claims retrieval etc. fails due to the incorrect username with extra spaces. Appreciate your thoughts! [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/ldap/ReadOnlyLDAPUserStoreManager.java#L357 [2] https://github.com/wso2/carbon-kernel/blob/f551d3530300a43ca1afc2a56d62be34f2d72320/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/jdbc/JDBCUserStoreManager.java#L1152-L1235 [3] https://wso2.org/jira/browse/IDENTITY-5864 Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
