karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <gma...@talend.com>
Subject Re: svn commit: r1188029...
Date Mon, 24 Oct 2011 14:11:10 GMT
Oh, I wasn't paying attention to that setting.  My bad, never mind.

Glen

On 10/24/2011 10:09 AM, Guillaume Nodet wrote:
> I think that's why detailedLoginExcepion is false by default now.
>
> On Mon, Oct 24, 2011 at 15:55, Glen Mazza<gmazza@talend.com>  wrote:
>
>> Are you sure on this Freeman?  Normally you don't want to give Bad Guy a
>> hint that he's found a correct Username -- so any username/password failure
>> should return a generic "authentication failed" error.
>>
>> Glen
>>
>> On 10/24/2011 02:32 AM, ffang@apache.org wrote:
>>
>>> Author: ffang
>>> Date: Mon Oct 24 06:32:56 2011
>>> New Revision: 1188029
>>>
>>> URL: http://svn.apache.org/viewvc?**rev=1188029&view=rev<http://svn.apache.org/viewvc?rev=1188029&view=rev>
>>> Log:
>>> [KARAF-956]jaas module by default should throw generic
>>> FailedLoginException
>>>
>>> Modified:
>>>      karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**AbstractKarafLoginModule.java
>>>      karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**jdbc/JDBCLoginModule.java
>>>      karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**osgi/OsgiConfigLoginModule.**java
>>>      karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**properties/**PropertiesLoginModule.java
>>>      karaf/branches/karaf-2.2.x/**jaas/modules/src/main/**
>>> resources/OSGI-INF/blueprint/**karaf-jaas-module.xml
>>>
>>>
>>> Modified: karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**jdbc/JDBCLoginModule.java
>>> URL: http://svn.apache.org/viewvc/**karaf/branches/karaf-2.2.x/**
>>> jaas/modules/src/main/java/**org/apache/karaf/jaas/modules/**
>>> jdbc/JDBCLoginModule.java?rev=**1188029&r1=1188028&r2=1188029&**view=diff<http://svn.apache.org/viewvc/karaf/branches/karaf-2.2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java?rev=1188029&r1=1188028&r2=1188029&view=diff>
>>> ==============================**==============================**
>>> ==================
>>> --- karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**jdbc/JDBCLoginModule.java (original)
>>> +++ karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**jdbc/JDBCLoginModule.java Mon Oct 24
>>> 06:32:56 2011
>>> @@ -118,12 +118,20 @@ public class JDBCLoginModule extends Abs
>>>               passwordResultSet = passwordStatement.**executeQuery();
>>>
>>>               if (!passwordResultSet.next()) {
>>> -                throw new LoginException("User " + user + " does not
>>> exist");
>>> +               if (!this.detailedLoginExcepion) {
>>> +                       throw new LoginException("login failed");
>>> +               } else {
>>> +                       throw new LoginException("User " + user + " does
>>> not exist");
>>> +               }
>>>               } else {
>>>                   String storedPassword = passwordResultSet.getString(1)**
>>> ;
>>>
>>>                   if (!checkPassword(password, storedPassword)) {
>>> -                    throw new LoginException("Password for " + user + "
>>> does not match");
>>> +                       if (!this.detailedLoginExcepion) {
>>> +                               throw new LoginException("login failed");
>>> +                       } else {
>>> +                               throw new LoginException("Password for " +
>>> user + " does not match");
>>> +                       }
>>>                   }
>>>                   principals.add(new UserPrincipal(user));
>>>               }
>>>
>>> Modified: karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**osgi/OsgiConfigLoginModule.**java
>>> URL: http://svn.apache.org/viewvc/**karaf/branches/karaf-2.2.x/**
>>> jaas/modules/src/main/java/**org/apache/karaf/jaas/modules/**
>>> osgi/OsgiConfigLoginModule.**java?rev=1188029&r1=1188028&**
>>> r2=1188029&view=diff<http://svn.apache.org/viewvc/karaf/branches/karaf-2.2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java?rev=1188029&r1=1188028&r2=1188029&view=diff>
>>> ==============================**==============================**
>>> ==================
>>> --- karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**osgi/OsgiConfigLoginModule.**java
>>> (original)
>>> +++ karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**osgi/OsgiConfigLoginModule.**java Mon Oct
>>> 24 06:32:56 2011
>>> @@ -68,14 +68,22 @@ public class OsgiConfigLoginModule exten
>>>
>>>               String userInfos = (String) properties.get(USER_PREFIX +
>>> user);
>>>               if (userInfos == null) {
>>> -                throw new FailedLoginException("User does not exist");
>>> +               if (!this.detailedLoginExcepion) {
>>> +                       throw new FailedLoginException("login failed");
>>> +               } else {
>>> +                       throw new FailedLoginException("User does not
>>> exist");
>>> +               }
>>>               }
>>>               String[] infos = userInfos.split(",");
>>>               String storedPassword = infos[0];
>>>
>>>               // check the provided password
>>>               if (!checkPassword(password, storedPassword)) {
>>> -                throw new FailedLoginException("Password for " + user + "
>>> does not match");
>>> +               if (!this.detailedLoginExcepion) {
>>> +                       throw new FailedLoginException("login failed");
>>> +               } else {
>>> +                       throw new FailedLoginException("Password for " +
>>> user + " does not match");
>>> +               }
>>>               }
>>>
>>>               principals = new HashSet<Principal>();
>>>
>>> Modified: karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**properties/**PropertiesLoginModule.java
>>> URL: http://svn.apache.org/viewvc/**karaf/branches/karaf-2.2.x/**
>>> jaas/modules/src/main/java/**org/apache/karaf/jaas/modules/**properties/*
>>> *PropertiesLoginModule.java?**rev=1188029&r1=1188028&r2=**
>>> 1188029&view=diff<http://svn.apache.org/viewvc/karaf/branches/karaf-2.2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java?rev=1188029&r1=1188028&r2=1188029&view=diff>
>>> ==============================**==============================**
>>> ==================
>>> --- karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**properties/**PropertiesLoginModule.java
>>> (original)
>>> +++ karaf/branches/karaf-2.2.x/**jaas/modules/src/main/java/**
>>> org/apache/karaf/jaas/modules/**properties/**PropertiesLoginModule.java
>>> Mon Oct 24 06:32:56 2011
>>> @@ -95,7 +95,11 @@ public class PropertiesLoginModule exten
>>>               //error handled in the next statement
>>>           }
>>>           if (userInfos == null) {
>>> -            throw new FailedLoginException("User " + user + " does not
>>> exist");
>>> +               if (!this.detailedLoginExcepion) {
>>> +                       throw new FailedLoginException("login failed");
>>> +               } else {
>>> +                       throw new FailedLoginException("User " + user + "
>>> does not exist");
>>> +               }
>>>           }
>>>
>>>           // the password is in the first position
>>> @@ -136,7 +140,11 @@ public class PropertiesLoginModule exten
>>>
>>>           // check the provided password
>>>           if (!checkPassword(password, storedPassword)) {
>>> -            throw new FailedLoginException("Password for " + user + "
>>> does not match");
>>> +               if (!this.detailedLoginExcepion) {
>>> +                       throw new FailedLoginException("login failed");
>>> +               } else {
>>> +                       throw new FailedLoginException("Password for " +
>>> user + " does not match");
>>> +               }
>>>           }
>>>
>>>           principals = new HashSet<Principal>();
>>>
>>> Modified: karaf/branches/karaf-2.2.x/**jaas/modules/src/main/**
>>> resources/OSGI-INF/blueprint/**karaf-jaas-module.xml
>>> URL: http://svn.apache.org/viewvc/**karaf/branches/karaf-2.2.x/**
>>> jaas/modules/src/main/**resources/OSGI-INF/blueprint/**
>>> karaf-jaas-module.xml?rev=**1188029&r1=1188028&r2=1188029&**view=diff<http://svn.apache.org/viewvc/karaf/branches/karaf-2.2.x/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml?rev=1188029&r1=1188028&r2=1188029&view=diff>
>>> ==============================**==============================**
>>> ==================
>>> --- karaf/branches/karaf-2.2.x/**jaas/modules/src/main/**
>>> resources/OSGI-INF/blueprint/**karaf-jaas-module.xml (original)
>>> +++ karaf/branches/karaf-2.2.x/**jaas/modules/src/main/**
>>> resources/OSGI-INF/blueprint/**karaf-jaas-module.xml Mon Oct 24 06:32:56
>>> 2011
>>> @@ -32,6 +32,7 @@
>>>       <!-- AdminConfig property place holder for the org.apache.karaf.jaas
>>>   -->
>>>       <cm:property-placeholder persistent-id="org.apache.**karaf.jaas"
>>> update-strategy="reload">
>>>           <cm:default-properties>
>>> +<cm:property name="detailed.login.**exception" value="false"/>
>>>               <cm:property name="encryption.name" value=""/>
>>>               <cm:property name="encryption.enabled" value="false"/>
>>>               <cm:property name="encryption.prefix" value="{CRYPT}"/>
>>> @@ -44,6 +45,7 @@
>>>       <jaas:config name="karaf">
>>>           <jaas:module className="org.apache.karaf.**
>>> jaas.modules.properties.**PropertiesLoginModule" flags="required">
>>>               users = $[karaf.base]/etc/users.**properties
>>> +            detailed.login.exception = ${detailed.login.exception}
>>>               encryption.name = ${encryption.name}
>>>               encryption.enabled = ${encryption.enabled}
>>>               encryption.prefix = ${encryption.prefix}
>>>
>>>
>>>
>> --
>> Glen Mazza
>> Talend - http://www.talend.com/apache
>> Blog - http://tinyurl.com/glen-blog-**index<http://tinyurl.com/glen-blog-index>
>> Twitter - glenmazza
>>
>>
>


-- 
Glen Mazza
Talend - http://www.talend.com/apache
Blog - http://tinyurl.com/glen-blog-index
Twitter - glenmazza


Mime
View raw message