Sebastian Frey created SHIRO-887:
------------------------------------
Summary: FormAuthenticationFilter trims passwords which start
and/or end with one or more space character(s)
Key: SHIRO-887
URL: https://issues.apache.org/jira/browse/SHIRO-887
Project: Shiro
Issue Type: Bug
Affects Versions: 1.9.1, 2.0.0
Reporter: Sebastian Frey
The FormAuthenticationFilter trims passwords which start and/or end with one or
more space character(s).
Since spaces at the start and/or end of a password are totally legit, the
password param should not be trimmed, when processed by the
FormAuthenticationFilter.
The reason for that behavior is, that in the FormAuthenticationFilter `WebUtils.
getCleanParam()`is called, which than calls `StringUtils.clean()`, which trims
passed strings.
If desired, I would prepare a PR to fix that behavior.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
