[
https://issues.apache.org/jira/browse/SHIRO-887?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers resolved SHIRO-887.
--------------------------------
Fix Version/s: (was: 2.0.0)
Resolution: Fixed
> FormAuthenticationFilter trims passwords which start and/or end with one or
> more space character(s)
> ---------------------------------------------------------------------------------------------------
>
> Key: SHIRO-887
> URL: https://issues.apache.org/jira/browse/SHIRO-887
> Project: Shiro
> Issue Type: Bug
> Affects Versions: 2.0.0, 1.9.1
> Reporter: Sebastian Frey
> Priority: Minor
> Fix For: 1.10.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> The FormAuthenticationFilter trims passwords which start and/or end with one
> or more space character(s), which prevents login for users with such
> passwords.
> Since spaces at the start and/or end of a password are totally legit, the
> password param should not be trimmed, when processed by the
> FormAuthenticationFilter.
> The reason for that behavior is, that in the FormAuthenticationFilter
> WebUtils.
> getCleanParam() is called, which than calls StringUtils.clean(), which trims
> passed strings.
>
> If desired, I would prepare a PR to fix that behavior.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
