[JBoss-dev] CVS update: contrib/tomcat/src/main/org/jboss/tomcat/security JBossSecurityMgrRealm.java

Sat, 28 Jul 2001 10:59:41 -0700 

  User: starksm 
  Date: 01/07/28 11:22:47

  Modified:    tomcat/src/main/org/jboss/tomcat/security Tag: Branch_2_4
                        JBossSecurityMgrRealm.java
  Log:
  The password passed to securityMgr.isValid() should be a char[] to be
  compatible with the cached credential.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.4.2.5   +7 -6      
contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java
  
  Index: JBossSecurityMgrRealm.java
  ===================================================================
  RCS file: 
/cvsroot/jboss/contrib/tomcat/src/main/org/jboss/tomcat/security/JBossSecurityMgrRealm.java,v
  retrieving revision 1.4.2.4
  retrieving revision 1.4.2.5
  diff -u -r1.4.2.4 -r1.4.2.5
  --- JBossSecurityMgrRealm.java        2001/07/27 03:51:33     1.4.2.4
  +++ JBossSecurityMgrRealm.java        2001/07/28 18:22:47     1.4.2.5
  @@ -37,7 +37,7 @@
   @see org.jboss.security.SubjectSecurityManager
   
   @author [EMAIL PROTECTED]
  -@version $Revision: 1.4.2.4 $
  +@version $Revision: 1.4.2.5 $
   */
   public class JBossSecurityMgrRealm extends BaseInterceptor
   {
  @@ -120,7 +120,10 @@
               // Get the JBoss security manager from the ENC context
               EJBSecurityManager securityMgr = (EJBSecurityManager) 
securityCtx.lookup("securityMgr");
               SimplePrincipal principal = new SimplePrincipal(username);
  -            if( securityMgr.isValid(principal, password) )
  +            char[] passwordChars = null;
  +            if( password != null )
  +               passwordChars = password.toCharArray();
  +            if( securityMgr.isValid(principal, passwordChars) )
               {
                   request.setRemoteUser(username);
                   request.setUserPrincipal(principal);
  @@ -129,10 +132,7 @@
                       request.setAuthType(ctx.getAuthMethod());
                   category.debug("User: "+username+" is authenticated");
                   SecurityAssociation.setPrincipal(principal);
  -                char[] pass = null;
  -                if( password != null )
  -                   pass = password.toCharArray();
  -                SecurityAssociation.setCredential(pass);
  +                SecurityAssociation.setCredential(passwordChars);
                   if( useJAAS == true && securityMgr instanceof 
SubjectSecurityManager )
                   {
                       SubjectSecurityManager subjectMgr = (SubjectSecurityManager) 
securityMgr;
  @@ -242,3 +242,4 @@
       }
   
   }
  +
  
  
  

_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to