GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

1.0.x
Ben Alex 19 years ago
parent
07b2a5c673
commit
6ea8899134
2 changed files with 24 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
  2. 15
      core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java

10
core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
Unescape View File

@ -59,9 +59,17 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication @@ -59,9 +59,17 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
if (this.saltSource != null) {
salt = this.saltSource.getSalt(userDetails);
}
if (authentication.getCredentials() == null) {
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
includeDetailsObject ? userDetails : null);
}
String presentedPassword = authentication.getCredentials() == null ? "" : authentication.getCredentials().toString();
if (!passwordEncoder.isPasswordValid(
userDetails.getPassword(), authentication.getCredentials().toString(), salt)) {
userDetails.getPassword(), presentedPassword, salt)) {
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
includeDetailsObject ? userDetails : null);

15
core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java
Unescape View File

@ -78,6 +78,21 @@ public class DaoAuthenticationProviderTests extends TestCase { @@ -78,6 +78,21 @@ public class DaoAuthenticationProviderTests extends TestCase {
}
}
public void testReceivedBadCredentialsWhenCredentialsNotProvided() {
// Test related to SEC-434
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(new MockAuthenticationDaoUserMarissa());
provider.setUserCache(new MockUserCache());
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken("marissa", null);
try {
provider.authenticate(authenticationToken); // null pointer exception
fail("Expected BadCredenialsException");
} catch (BadCredentialsException expected) {
assertTrue(true);
}
}
public void testAuthenticateFailsIfAccountExpired() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal");

Write Preview
Loading…
Cancel
Save