Set default password properly in security manager

The current Security Manager implementation was returning the username
instead of the default password when validating  the default user.

This patch returns the correct value and cleans up the validate method.

artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java

@@ -23,6 +23,7 @@ import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
 import org.apache.activemq.artemis.core.security.CheckType;
 import org.apache.activemq.artemis.core.security.Role;
 import org.apache.activemq.artemis.core.security.User;
+import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
 
 /**
  * A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by
@@ -32,6 +33,8 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager
 {
    private final SecurityConfiguration configuration;
 
+   private ActiveMQServerLogger logger = ActiveMQServerLogger.LOGGER;
+
    public ActiveMQSecurityManagerImpl()
    {
       configuration = new SecurityConfiguration();
@@ -44,19 +47,24 @@ public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager
 
    // Public ---------------------------------------------------------------------
 
-   public boolean validateUser(final String user, final String password)
+   public boolean validateUser(final String username, final String password)
    {
-      if (user == null && configuration.getDefaultUser() == null)
+      if (username != null)
       {
-         return false;
+         User user = configuration.getUser(username);
+         return user != null && user.isValid(username, password);
+      }
+      else if (username == null && password == null)
+      {
+         return configuration.getDefaultUser() != null;
+      }
+      else // the only possible case here is user == null, password != null
+      {
+         logger.debug("Validating default user against a provided password.  This happens when username=null, password!=null");
+         String defaultUsername = configuration.getDefaultUser();
+         User defaultUser = configuration.getUser(defaultUsername);
+         return defaultUser != null && defaultUser.isValid(defaultUsername, password);
       }
-
-      String defaultUser = configuration.getDefaultUser();
-      User theUser = configuration.getUser(user == null ? defaultUser : user);
-
-      boolean ok = theUser != null && theUser.isValid(user == null ? defaultUser : user, password == null ? defaultUser
-                                                                                                         : password);
-      return ok;
    }
 
    public boolean validateUserAndRole(final String user,

tests/unit-tests/src/test/java/org/apache/activemq/artemis/tests/unit/core/security/impl/ActiveMQSecurityManagerImplTest.java

@@ -57,11 +57,12 @@ public class ActiveMQSecurityManagerImplTest extends ActiveMQTestBase
    @Test
    public void testDefaultSecurity()
    {
-      securityManager.getConfiguration().addUser("guest", "guest");
+      securityManager.getConfiguration().addUser("guest", "password");
       securityManager.getConfiguration().addRole("guest", "guest");
       securityManager.getConfiguration().setDefaultUser("guest");
       Assert.assertTrue(securityManager.validateUser(null, null));
-      Assert.assertTrue(securityManager.validateUser("guest", "guest"));
+      Assert.assertTrue(securityManager.validateUser("guest", "password"));
+      Assert.assertFalse(securityManager.validateUser(null, "wrongpass"));
       HashSet<Role> roles = new HashSet<Role>();
       roles.add(new Role("guest", true, true, true, true, true, true, true));
       Assert.assertTrue(securityManager.validateUserAndRole(null, null, roles, CheckType.CREATE_DURABLE_QUEUE));