svn commit: r1706744 - /tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java

Sun, 04 Oct 2015 21:00:06 -0700 

Author: schultz
Date: Mon Oct  5 03:59:52 2015
New Revision: 1706744

URL: http://svn.apache.org/viewvc?rev=1706744&view=rev
Log:
Perform null-checking on input and stored credentials before passing them off 
to CredentialHandlers for matching.

Modified:
    tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?rev=1706744&r1=1706743&r2=1706744&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java Mon Oct  5 
03:59:52 2015
@@ -293,6 +293,14 @@ public class DataSourceRealm extends Rea
 
         String dbCredentials = getPassword(dbConnection, username);
 
+        if (credentials == null || dbCredentials == null) {
+            if (containerLog.isTraceEnabled())
+                containerLog.trace(
+                    sm.getString("dataSourceRealm.authenticateFailure",
+                                 username));
+            return null;
+        }
+
         // Validate the user's credentials
         boolean validated = getCredentialHandler().matches(credentials, 
dbCredentials);
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to