Author: kaushalye
Date: Sun Feb 24 21:31:19 2008
New Revision: 630735
URL: http://svn.apache.org/viewvc?rev=630735&view=rev
Log:
If the wrong username is provided with a correct username, there will be a no
failure. It's a BUG.
Now validating the username too if the password is directly available in the
rampart context.
Not relavent to password callbacks, as we always use the username to get the
passowrd. There a wrong username will always return a wrong password.
Modified:
webservices/rampart/trunk/c/src/util/rampart_username_token.c
Modified: webservices/rampart/trunk/c/src/util/rampart_username_token.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_username_token.c?rev=630735&r1=630734&r2=630735&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_username_token.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_username_token.c Sun Feb 24
21:31:19 2008
@@ -487,6 +487,21 @@
password_from_svr = rampart_context_get_password(
rampart_context, env);
+ /*If the direct passowrd is available, then chk for the username too
in the context. We need to compare it with the message's:
+ The reason is here we do not use callbacks. Thus there will be no
failure if the username is wrong and the password is correct*/
+ if(password_from_svr){
+ axis2_char_t *context_usr = NULL;
+
+ context_usr = rampart_context_get_user(rampart_context, env);
+ if(0 != axutil_strcmp(context_usr, username)){
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+ "Username is not valid",
RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_usernametoken] Username id
not valid");
+ return AXIS2_FAILURE;
+ }
+ }
+
/*If not then check the call back function*/
if(!password_from_svr)
{
