Author: schultz
Date: Mon Oct 5 03:59:52 2015
New Revision: 1706744
URL: http://svn.apache.org/viewvc?rev=1706744&view=rev
Log:
Perform null-checking on input and stored credentials before passing them off
to CredentialHandlers for matching.
Modified:
tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
Modified: tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?rev=1706744&r1=1706743&r2=1706744&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java Mon Oct 5
03:59:52 2015
@@ -293,6 +293,14 @@ public class DataSourceRealm extends Rea
String dbCredentials = getPassword(dbConnection, username);
+ if (credentials == null || dbCredentials == null) {
+ if (containerLog.isTraceEnabled())
+ containerLog.trace(
+ sm.getString("dataSourceRealm.authenticateFailure",
+ username));
+ return null;
+ }
+
// Validate the user's credentials
boolean validated = getCredentialHandler().matches(credentials,
dbCredentials);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
