Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 23:02:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed support for lowercase usernames and passwords.

Browse Source
This commit is contained in:
Ben Alex 2004-03-28 12:10:23 +00:00
parent 1573491fbe
commit 3179f5f1e7
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
View File

@ -110,14 +110,28 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
.getMessage()); .getMessage());
} }
if (!user.isEnabled()) { if ((!this.ignoreUsernameCase)
throw new DisabledException("User is disabled"); && (!user.getUsername().equals(authentication.getPrincipal()
.toString()))) {
throw new BadCredentialsException("Bad credentials presented");
} }
if (!user.getPassword().equals(authentication.getCredentials().toString())) { if (!user.getPassword().toLowerCase().equals(authentication.getCredentials()
.toString()
.toLowerCase())) {
throw new BadCredentialsException("Bad credentials presented"); throw new BadCredentialsException("Bad credentials presented");
} }
if ((!this.ignorePasswordCase)
&& (!user.getPassword().equals(authentication.getCredentials()
.toString()))) {
throw new BadCredentialsException("Bad credentials presented");
}
if (!user.isEnabled()) {
throw new DisabledException("User is disabled");
}
return new UsernamePasswordAuthenticationToken(user.getUsername(), return new UsernamePasswordAuthenticationToken(user.getUsername(),
user.getPassword(), user.getAuthorities()); user.getPassword(), user.getAuthorities());
} }