I'm wondering why shiro (v1.1) let me authenticate via AD with emtpy password
SecurityUtils.getSubject().login(new UsernamePasswordToken("user",
"correctPW", false));
-> OK (expected)
SecurityUtils.getSubject().login(new UsernamePasswordToken("user",
"wrongPW", false));
-> FAIL (expected)
SecurityUtils.getSubject().login(new UsernamePasswordToken("user", "",
false));
-> OK! (why?)
Same situation with LDAP does not authenticate (as expected)...
Thanks for feedback
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/ActiveDirectoryRealm-authenticates-with-empty-password-tp6378245p6378245.html
Sent from the Shiro User mailing list archive at Nabble.com.
