diff options
| author | Aidan Skinner <aidan@apache.org> | 2008-12-09 17:03:30 +0000 |
|---|---|---|
| committer | Aidan Skinner <aidan@apache.org> | 2008-12-09 17:03:30 +0000 |
| commit | ab8ee239590430caf25bcce32fe848575977b94c (patch) | |
| tree | c8dbf4b69257a3188891c9be141aaf5c47847856 /java/broker/src/main | |
| parent | f747d999f55330e4318f0bba5405c33b6274edee (diff) | |
| download | qpid-python-ab8ee239590430caf25bcce32fe848575977b94c.tar.gz | |
QPID-1503: Add more tests for Base64MD5PasswordFilePrincipalDatabase, fix buglets.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk/qpid@724779 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/broker/src/main')
| -rw-r--r-- | java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java index a2a0be926e..cca9deb6da 100644 --- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java +++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java @@ -109,6 +109,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase /** * SASL Callback Mechanism - sets the Password in the PasswordCallback based on the value in the PasswordFile + * If you want to change the password for a user, use updatePassword instead. * * @param principal The Principal to set the password for * @param callback The PasswordCallback to call setPassword on @@ -152,17 +153,31 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase { char[] pwd = lookupPassword(principal); - int index = 0; - boolean verified = true; - - while (verified & index < password.length) + return compareCharArray(pwd, password); + } + + private boolean compareCharArray(char[] a, char[] b) + { + boolean equal = false; + if (a.length == b.length) { - verified = (pwd[index] == password[index]); - index++; + equal = true; + int index = 0; + while (equal && index < a.length) + { + equal = a[index] == b[index]; + index++; + } } - return verified; + return equal; } + /** + * Changes the password for the specified user + * + * @param principal to change the password for + * @param password plaintext password to set the password too + */ public boolean updatePassword(Principal principal, char[] password) throws AccountNotFoundException { HashedUser user = _users.get(principal.getName()); |