ate 2004/10/17 18:35:48
Modified: components/security/src/java/org/apache/jetspeed/security/spi/impl
DefaultCredentialHandler.java
Log:
Added setPassword security checks
Revision Changes Path
1.5 +23 -0
jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java
Index: DefaultCredentialHandler.java
===================================================================
RCS file:
/home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- DefaultCredentialHandler.java 11 Oct 2004 23:25:29 -0000 1.4
+++ DefaultCredentialHandler.java 18 Oct 2004 01:35:48 -0000 1.5
@@ -159,6 +159,29 @@
{
credentials.remove(oldInternalCredential);
}
+ else
+ {
+ // supplied PasswordCredential not defined for this user
+ throw new SecurityException(SecurityException.INVALID_PASSWORD);
+ }
+ }
+ else
+ {
+ Iterator iter = credentials.iterator();
+ while (iter.hasNext())
+ {
+ InternalCredential credential = (InternalCredential) iter.next();
+ if (credential.getType() == type)
+ {
+ if ((null != credential.getClassname())
+ &&
(credential.getClassname().equals((PasswordCredential.class).getName())))
+ {
+ // User *has* an PasswordCredential: setting a new
Credential without supplying
+ // its current one is not allowed
+ throw new
SecurityException(SecurityException.PASSWORD_REQUIRED);
+ }
+ }
+ }
}
InternalCredential newInternalCredential = new
InternalCredentialImpl(internalUser.getPrincipalId(),
new String(newPwdCredential.getPassword()), type,
newPwdCredential.getClass().getName());
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
