subject:"\[jira\] Updated\: \(FTPSERVER\-235\) Documentation and code do not match for db user manager"

[jira] Updated: (FTPSERVER-235) Documentation and code do not match for db user manager

2008-12-04 Thread Niklas Gustavsson (JIRA)


 [ 
https://issues.apache.org/jira/browse/FTPSERVER-235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Niklas Gustavsson updated FTPSERVER-235:


Fix Version/s: 1.0.0-M4
 Assignee: Niklas Gustavsson

> Documentation and code do not match for db user manager
> ---
>
> Key: FTPSERVER-235
> URL: https://issues.apache.org/jira/browse/FTPSERVER-235
> Project: FtpServer
>  Issue Type: Bug
>  Components: Core
>Affects Versions: 1.0.0-M3
>Reporter: nathan longley
>Assignee: Niklas Gustavsson
>Priority: Minor
> Fix For: 1.0.0-M4
>
>
> In the examples on the 
> website(http://cwiki.apache.org/FTPSERVER/database-user-manager.html) it 
> shows:
>  SELECT uid from FTP_USER WHERE uid='{uid}' AND
>  userpassword='{userpassword}'
>  (uid is wrong, is actually userid in all three places)
>  but the code will never set userpassword
>  in DbUserManager.authenticate
>  it does
>  HashMap map = new HashMap();
>  map.put(ATTR_LOGIN, escapeString(user));
>  String sql = StringUtils.replaceString(authenticateStmt, map);
>  LOG.info(sql);
>  and after it compares the stored password with the one the user entered.
>  is this designed to be this way or the way described in the documentation, i 
> think allowing it the way it is in the documentation allows for greater 
> flexibility.
>  if it is not a bug and is a design feature I will make a custom user manager.
> a fix that would match the documentation would be 
> public User authenticate(Authentication authentication) throws 
> AuthenticationFailedException {
> if (authentication instanceof UsernamePasswordAuthentication) {
> UsernamePasswordAuthentication upauth = 
> (UsernamePasswordAuthentication) authentication;
> String user = upauth.getUsername();
> String password = upauth.getPassword();
> if (user == null) {
> throw new AuthenticationFailedException("Authentication 
> failed");
> }
> if (password == null) {
> password = "";
> }
> Statement stmt = null;
> ResultSet rs = null;
> try {
> // create the sql query
> HashMap map = new HashMap();
> map.put(ATTR_LOGIN, escapeString(user));
> map.put(ATTR_PASSWORD, escapeString(password));
> String sql = StringUtils.replaceString(authenticateStmt, map);
> LOG.info(sql);
> // execute query
> stmt = createConnection().createStatement();
> rs = stmt.executeQuery(sql);
> if (rs.next()) {
> try {
> return getUserByName(user);
> } catch (FtpException e) {
> throw new 
> AuthenticationFailedException("Authentication failed", e);
> }
> } else {
> throw new AuthenticationFailedException("Authentication 
> failed");
> }
> } catch (SQLException ex) {
> LOG.error("DbUserManager.authenticate()", ex);
> throw new AuthenticationFailedException("Authentication 
> failed", ex);
> } finally {
> closeQuitely(rs);
> closeQuitely(stmt);
> }
> } else if (authentication instanceof AnonymousAuthentication) {
> try {
> if (doesExist("anonymous")) {
> return getUserByName("anonymous");
> } else {
> throw new AuthenticationFailedException("Authentication 
> failed");
> }
> } catch (AuthenticationFailedException e) {
> throw e;
> } catch (FtpException e) {
> throw new AuthenticationFailedException("Authentication 
> failed", e);
> }
> } else {
> throw new IllegalArgumentException("Authentication not supported 
> by this user manager");
> }
> }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (FTPSERVER-235) Documentation and code do not match for db user manager

2008-12-04 Thread Niklas Gustavsson (JIRA)


 [ 
https://issues.apache.org/jira/browse/FTPSERVER-235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Niklas Gustavsson updated FTPSERVER-235:


Fix Version/s: (was: 1.0.0-M4)
   1.0.0-RC1
Affects Version/s: 1.0.0-M4

> Documentation and code do not match for db user manager
> ---
>
> Key: FTPSERVER-235
> URL: https://issues.apache.org/jira/browse/FTPSERVER-235
> Project: FtpServer
>  Issue Type: Bug
>  Components: Core
>Affects Versions: 1.0.0-M3, 1.0.0-M4
>Reporter: nathan longley
>Assignee: Niklas Gustavsson
>Priority: Minor
> Fix For: 1.0.0-RC1
>
>
> In the examples on the 
> website(http://cwiki.apache.org/FTPSERVER/database-user-manager.html) it 
> shows:
>  SELECT uid from FTP_USER WHERE uid='{uid}' AND
>  userpassword='{userpassword}'
>  (uid is wrong, is actually userid in all three places)
>  but the code will never set userpassword
>  in DbUserManager.authenticate
>  it does
>  HashMap map = new HashMap();
>  map.put(ATTR_LOGIN, escapeString(user));
>  String sql = StringUtils.replaceString(authenticateStmt, map);
>  LOG.info(sql);
>  and after it compares the stored password with the one the user entered.
>  is this designed to be this way or the way described in the documentation, i 
> think allowing it the way it is in the documentation allows for greater 
> flexibility.
>  if it is not a bug and is a design feature I will make a custom user manager.
> a fix that would match the documentation would be 
> public User authenticate(Authentication authentication) throws 
> AuthenticationFailedException {
> if (authentication instanceof UsernamePasswordAuthentication) {
> UsernamePasswordAuthentication upauth = 
> (UsernamePasswordAuthentication) authentication;
> String user = upauth.getUsername();
> String password = upauth.getPassword();
> if (user == null) {
> throw new AuthenticationFailedException("Authentication 
> failed");
> }
> if (password == null) {
> password = "";
> }
> Statement stmt = null;
> ResultSet rs = null;
> try {
> // create the sql query
> HashMap map = new HashMap();
> map.put(ATTR_LOGIN, escapeString(user));
> map.put(ATTR_PASSWORD, escapeString(password));
> String sql = StringUtils.replaceString(authenticateStmt, map);
> LOG.info(sql);
> // execute query
> stmt = createConnection().createStatement();
> rs = stmt.executeQuery(sql);
> if (rs.next()) {
> try {
> return getUserByName(user);
> } catch (FtpException e) {
> throw new 
> AuthenticationFailedException("Authentication failed", e);
> }
> } else {
> throw new AuthenticationFailedException("Authentication 
> failed");
> }
> } catch (SQLException ex) {
> LOG.error("DbUserManager.authenticate()", ex);
> throw new AuthenticationFailedException("Authentication 
> failed", ex);
> } finally {
> closeQuitely(rs);
> closeQuitely(stmt);
> }
> } else if (authentication instanceof AnonymousAuthentication) {
> try {
> if (doesExist("anonymous")) {
> return getUserByName("anonymous");
> } else {
> throw new AuthenticationFailedException("Authentication 
> failed");
> }
> } catch (AuthenticationFailedException e) {
> throw e;
> } catch (FtpException e) {
> throw new AuthenticationFailedException("Authentication 
> failed", e);
> }
> } else {
> throw new IllegalArgumentException("Authentication not supported 
> by this user manager");
> }
> }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (FTPSERVER-235) Documentation and code do not match for db user manager

[jira] Updated: (FTPSERVER-235) Documentation and code do not match for db user manager

2 matches

Site Navigation

Mail list logo

Footer information