For FTP clients logging-in to FTPServer, they of course must submit their usernames and passwords. These are then authenticated by the server.
I have FTPServer embedded and it is working properly. It properly authenticates when one logs in as "admin" with the password "admin" (admin,admin). If one tries to log in as "admin" using some other password, authentication fails, as it should. So that all works. However, I have no idea why-because I have provided FTPServer with no .properties file containing the correct usernames and passwords which Should be authenticated. In other words, how does FTPServer know? The default download of FTPServer employs PropertiesUserManager as its UserManager. The UserManager handles authentication for logins. However, PropertiesUserManager is designed to use a Properties file to store user passwords. However: I have not provided it a .properties file. It generates its own: user.gen. But this contains the comment: GENERATED FILE, DO NOT EDIT. In reading the source code for PropertiesUserManager, I see a paradox: from before it is even used, right after construction, PropertiesUserManager gets all the usernames and passwords, and all its other user properties, from that GENERATED file: user.gen. Other than user.gen, PropertiesUserManager references no other .properties file. But this is the file IT generates!! It creates user.gen-then writes the values of its BaseProperties map to that file it just created. So how does it know the values to write? Since it has not been populated from anything. It should be writing an empty Properties map (blank file). But it isn't! Somehow, it has values for those properties, without them ever being set anywhere. Specifically: the admin username and password, and any other usernames and passwords. This is a chicken-and-egg paradox. If you want to add a new User to the list of valid users, and provide their password so FTPServer will accept their login---how do you do this? Where do you register accepted users of FTPServer and their passwords? Further, since passwords are stored as their hashes, do you have to explicitly supply the hashed (Md5) value? If not, how do you supply the password?
