Documentation and code do not match for db user manager
-------------------------------------------------------
Key: FTPSERVER-235
URL: https://issues.apache.org/jira/browse/FTPSERVER-235
Project: FtpServer
Issue Type: Bug
Components: Core
Affects Versions: 1.0.0-M3
Reporter: nathan longley
Priority: Minor
In the examples on the
website(http://cwiki.apache.org/FTPSERVER/database-user-manager.html) it shows:
<authenticate>SELECT uid from FTP_USER WHERE uid='{uid}' AND
userpassword='{userpassword}'</authenticate>
(uid is wrong, is actually userid in all three places)
but the code will never set userpassword
in DbUserManager.authenticate
it does
HashMap<String, Object> map = new HashMap<String, Object>();
map.put(ATTR_LOGIN, escapeString(user));
String sql = StringUtils.replaceString(authenticateStmt, map);
LOG.info(sql);
and after it compares the stored password with the one the user entered.
is this designed to be this way or the way described in the documentation, i
think allowing it the way it is in the documentation allows for greater
flexibility.
if it is not a bug and is a design feature I will make a custom user manager.
a fix that would match the documentation would be
public User authenticate(Authentication authentication) throws
AuthenticationFailedException {
if (authentication instanceof UsernamePasswordAuthentication) {
UsernamePasswordAuthentication upauth =
(UsernamePasswordAuthentication) authentication;
String user = upauth.getUsername();
String password = upauth.getPassword();
if (user == null) {
throw new AuthenticationFailedException("Authentication
failed");
}
if (password == null) {
password = "";
}
Statement stmt = null;
ResultSet rs = null;
try {
// create the sql query
HashMap<String, Object> map = new HashMap<String, Object>();
map.put(ATTR_LOGIN, escapeString(user));
map.put(ATTR_PASSWORD, escapeString(password));
String sql = StringUtils.replaceString(authenticateStmt, map);
LOG.info(sql);
// execute query
stmt = createConnection().createStatement();
rs = stmt.executeQuery(sql);
if (rs.next()) {
try {
return getUserByName(user);
} catch (FtpException e) {
throw new AuthenticationFailedException("Authentication
failed", e);
}
} else {
throw new AuthenticationFailedException("Authentication
failed");
}
} catch (SQLException ex) {
LOG.error("DbUserManager.authenticate()", ex);
throw new AuthenticationFailedException("Authentication
failed", ex);
} finally {
closeQuitely(rs);
closeQuitely(stmt);
}
} else if (authentication instanceof AnonymousAuthentication) {
try {
if (doesExist("anonymous")) {
return getUserByName("anonymous");
} else {
throw new AuthenticationFailedException("Authentication
failed");
}
} catch (AuthenticationFailedException e) {
throw e;
} catch (FtpException e) {
throw new AuthenticationFailedException("Authentication
failed", e);
}
} else {
throw new IllegalArgumentException("Authentication not supported by
this user manager");
}
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
