Fixed support for lowercase usernames and passwords.

2004-03-28 12:10:23 +00:00 · 2004-03-28 12:10:23 +00:00 · 3179f5f1e7
parent 1573491fbe
commit 3179f5f1e7
1 changed files with 17 additions and 3 deletions
--- a/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
@ -110,14 +110,28 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
                .getMessage());
        }

-        if (!user.isEnabled()) {
-            throw new DisabledException("User is disabled");
+        if ((!this.ignoreUsernameCase)
+            && (!user.getUsername().equals(authentication.getPrincipal()
+                                                         .toString()))) {
+            throw new BadCredentialsException("Bad credentials presented");
        }

-        if (!user.getPassword().equals(authentication.getCredentials().toString())) {
+        if (!user.getPassword().toLowerCase().equals(authentication.getCredentials()
+                                                                   .toString()
+                                                                   .toLowerCase())) {
            throw new BadCredentialsException("Bad credentials presented");
        }

+        if ((!this.ignorePasswordCase)
+            && (!user.getPassword().equals(authentication.getCredentials()
+                                                         .toString()))) {
+            throw new BadCredentialsException("Bad credentials presented");
+        }
+
+        if (!user.isEnabled()) {
+            throw new DisabledException("User is disabled");
+        }
+
        return new UsernamePasswordAuthenticationToken(user.getUsername(),
            user.getPassword(), user.getAuthorities());
    }