[ https://issues.apache.org/jira/browse/FTPSERVER-235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson updated FTPSERVER-235: ---------------------------------------- Fix Version/s: (was: 1.0.0-M4) 1.0.0-RC1 Affects Version/s: 1.0.0-M4 > Documentation and code do not match for db user manager > ------------------------------------------------------- > > Key: FTPSERVER-235 > URL: https://issues.apache.org/jira/browse/FTPSERVER-235 > Project: FtpServer > Issue Type: Bug > Components: Core > Affects Versions: 1.0.0-M3, 1.0.0-M4 > Reporter: nathan longley > Assignee: Niklas Gustavsson > Priority: Minor > Fix For: 1.0.0-RC1 > > > In the examples on the > website(http://cwiki.apache.org/FTPSERVER/database-user-manager.html) it > shows: > <authenticate>SELECT uid from FTP_USER WHERE uid='{uid}' AND > userpassword='{userpassword}'</authenticate> > (uid is wrong, is actually userid in all three places) > but the code will never set userpassword > in DbUserManager.authenticate > it does > HashMap<String, Object> map = new HashMap<String, Object>(); > map.put(ATTR_LOGIN, escapeString(user)); > String sql = StringUtils.replaceString(authenticateStmt, map); > LOG.info(sql); > and after it compares the stored password with the one the user entered. > is this designed to be this way or the way described in the documentation, i > think allowing it the way it is in the documentation allows for greater > flexibility. > if it is not a bug and is a design feature I will make a custom user manager. > a fix that would match the documentation would be > public User authenticate(Authentication authentication) throws > AuthenticationFailedException { > if (authentication instanceof UsernamePasswordAuthentication) { > UsernamePasswordAuthentication upauth = > (UsernamePasswordAuthentication) authentication; > String user = upauth.getUsername(); > String password = upauth.getPassword(); > if (user == null) { > throw new AuthenticationFailedException("Authentication > failed"); > } > if (password == null) { > password = ""; > } > Statement stmt = null; > ResultSet rs = null; > try { > // create the sql query > HashMap<String, Object> map = new HashMap<String, Object>(); > map.put(ATTR_LOGIN, escapeString(user)); > map.put(ATTR_PASSWORD, escapeString(password)); > String sql = StringUtils.replaceString(authenticateStmt, map); > LOG.info(sql); > // execute query > stmt = createConnection().createStatement(); > rs = stmt.executeQuery(sql); > if (rs.next()) { > try { > return getUserByName(user); > } catch (FtpException e) { > throw new > AuthenticationFailedException("Authentication failed", e); > } > } else { > throw new AuthenticationFailedException("Authentication > failed"); > } > } catch (SQLException ex) { > LOG.error("DbUserManager.authenticate()", ex); > throw new AuthenticationFailedException("Authentication > failed", ex); > } finally { > closeQuitely(rs); > closeQuitely(stmt); > } > } else if (authentication instanceof AnonymousAuthentication) { > try { > if (doesExist("anonymous")) { > return getUserByName("anonymous"); > } else { > throw new AuthenticationFailedException("Authentication > failed"); > } > } catch (AuthenticationFailedException e) { > throw e; > } catch (FtpException e) { > throw new AuthenticationFailedException("Authentication > failed", e); > } > } else { > throw new IllegalArgumentException("Authentication not supported > by this user manager"); > } > } -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.