diff options
| author | Robert Gemmell <robbie@apache.org> | 2010-07-08 20:35:36 +0000 |
|---|---|---|
| committer | Robert Gemmell <robbie@apache.org> | 2010-07-08 20:35:36 +0000 |
| commit | 15c49796785efe1b4e9e53ccd7dc4760f395fd18 (patch) | |
| tree | ba422a6e1ff805622fd884f87f47bda9b0eaddd0 | |
| parent | 459f48df9d6b62a0f72be50c8ce082c1317c736e (diff) | |
| download | qpid-python-15c49796785efe1b4e9e53ccd7dc4760f395fd18.tar.gz | |
QPID-2726: move the password verification process to an easily overridable protected method
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@961923 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java index 731ac70c0e..1187aac303 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java @@ -79,8 +79,7 @@ public class PlainSaslServer implements SaslServer AuthorizeCallback authzCb = new AuthorizeCallback(authzid, authzid); Callback[] callbacks = new Callback[]{nameCb, passwordCb, authzCb}; _cbh.handle(callbacks); - String storedPwd = new String(passwordCb.getPassword()); - if (storedPwd.equals(pwd)) + if (validatePassword(pwd, passwordCb)) { _complete = true; } @@ -104,6 +103,20 @@ public class PlainSaslServer implements SaslServer } } + /** + * Compares the incoming plain text password with that contained in the given PasswordCallback + * + * @param incomingPwd The incoming plain text password + * @param storedPwdCb PasswordCallback containing the stored password + * @return Whether the incoming password authenticates against the stored password + */ + protected boolean validatePassword(String incomingPwd, PasswordCallback storedPwdCb) + { + String storedPwd = new String(storedPwdCb.getPassword()); + + return incomingPwd.equals(storedPwd); + } + private int findNullPosition(byte[] response, int startPosition) { int position = startPosition; |