Handle usernames that are empty Strings.

2025-10-31 06:38:42 +00:00 · 2004-12-03 06:41:02 +00:00 · 2004-12-03 06:41:02 +00:00 · 1b660d4d5b
commit 1b660d4d5b
parent ab6df6cfce
1 changed files with 3 additions and 2 deletions
--- a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
@ -226,8 +226,9 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
                if (this.context != null) {
                    context.publishEvent(new AuthenticationFailureUsernameNotFoundEvent(
                            authentication,
-                            new User(username, "*****", false,
-                                new GrantedAuthority[0])));
+                            new User("".equals(username)
+                                ? "EMPTY_STRING_PROVIDED" : username, "*****",
+                                false, new GrantedAuthority[0])));
                }

                throw ex;