[Minor] Throwing explicit exception system user tries to login
Further enforcing that a system user may not have a password
This commit is contained in:
parent
3727d3545f
commit
5d59a52eeb
|
@ -18,7 +18,7 @@
|
|||
</Properties>
|
||||
</User>
|
||||
|
||||
<User userId="2" username="system_admin" password="bb06d5caae150999027a8cb68956564d3ae0f3662aee02eea96253df3dc49bf7">
|
||||
<User userId="2" username="system_admin">
|
||||
<Firstname>System User</Firstname>
|
||||
<Surname>Administrator</Surname>
|
||||
<State>SYSTEM</State>
|
||||
|
@ -26,7 +26,6 @@
|
|||
<Roles>
|
||||
<Role>system_admin_privileges</Role>
|
||||
</Roles>
|
||||
|
||||
</User>
|
||||
|
||||
</Users>
|
||||
|
|
|
@ -637,6 +637,13 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
throw new AccessDeniedException(msg);
|
||||
}
|
||||
|
||||
// make sure not a system user - they may not login in
|
||||
if (user.getUserState() == UserState.SYSTEM) {
|
||||
String msg = "User {0} is a system user and may no login!"; //$NON-NLS-1$
|
||||
msg = MessageFormat.format(msg, username);
|
||||
throw new AccessDeniedException(msg);
|
||||
}
|
||||
|
||||
// validate password
|
||||
String pwHash = user.getPassword();
|
||||
if (pwHash == null)
|
||||
|
@ -1009,9 +1016,6 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
*/
|
||||
private PrivilegeContext getSystemUserPrivilegeContext(String systemUsername) {
|
||||
|
||||
// we only work with hashed passwords
|
||||
String passwordHash = this.encryptionHandler.convertToHash(systemUsername.getBytes());
|
||||
|
||||
// get user object
|
||||
User user = this.persistenceHandler.getUser(systemUsername);
|
||||
// no user means no authentication
|
||||
|
@ -1022,12 +1026,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
// validate password
|
||||
String pwHash = user.getPassword();
|
||||
if (pwHash == null) {
|
||||
String msg = MessageFormat.format("System user {0} has no password and may not login!", systemUsername); //$NON-NLS-1$
|
||||
throw new AccessDeniedException(msg);
|
||||
}
|
||||
if (!pwHash.equals(passwordHash)) {
|
||||
String msg = MessageFormat.format("System user {0} has an incorrect password defined!", systemUsername); //$NON-NLS-1$
|
||||
if (pwHash != null) {
|
||||
String msg = MessageFormat.format("System users must not have a password: {0}", systemUsername); //$NON-NLS-1$
|
||||
throw new AccessDeniedException(msg);
|
||||
}
|
||||
|
||||
|
|
|
@ -105,7 +105,7 @@ public final class User {
|
|||
this.userId = userId;
|
||||
|
||||
this.username = username;
|
||||
this.password = password;
|
||||
this.password = StringHelper.isEmpty(password) ? null : password;
|
||||
this.userState = userState;
|
||||
|
||||
this.firstname = firstname;
|
||||
|
|
Loading…
Reference in New Issue