Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-725: PasswordEncoderParser: <security:password-encoder> element does not pick up 'base64' attribute value
http://jira.springframework.org/browse/SEC-725. Added fix as recommended in issue.

Luke Taylor 17 years ago
parent
b54e3978dc
commit
fe0e05a6c8
2 changed files with 12 additions and 11 deletions
Unified View Show Diff Stats
  1. 7 4
      core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java
  2. 5 7
      core/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java

+ 7 - 4
core/src/main/java/org/springframework/security/config/PasswordEncoderParser.java
View File 

@@ -55,14 +55,17 @@ public class PasswordEncoderParser {
 
     private BeanMetadataElement passwordEncoder;
 
     private BeanMetadataElement passwordEncoder;
 
     private BeanDefinition saltSource;
 
     private BeanDefinition saltSource;
 
 
 
-
 
     public PasswordEncoderParser(Element element, ParserContext parserContext) {
 
     public PasswordEncoderParser(Element element, ParserContext parserContext) {
 
         parse(element, parserContext);
 
         parse(element, parserContext);
 
     }
 
     }
 
 
 
     private void parse(Element element, ParserContext parserContext) {
 
     private void parse(Element element, ParserContext parserContext) {
 
         String hash = element.getAttribute(ATT_HASH);
 
         String hash = element.getAttribute(ATT_HASH);
 
-        boolean useBase64 = StringUtils.hasText(element.getAttribute(ATT_BASE_64));
 
+        boolean useBase64 = false;
 
+        
+        if (StringUtils.hasText(element.getAttribute(ATT_BASE_64))) {
 
+            useBase64 = Boolean.parseBoolean(element.getAttribute(ATT_BASE_64));
 
+        }
 
 
 
         String ref = element.getAttribute(ATT_REF);
 
         String ref = element.getAttribute(ATT_REF);
 
 
 
@@ -73,10 +76,10 @@ public class PasswordEncoderParser {
 
             RootBeanDefinition beanDefinition = new RootBeanDefinition(beanClass);
 
             RootBeanDefinition beanDefinition = new RootBeanDefinition(beanClass);
 
             beanDefinition.setSource(parserContext.extractSource(element));
 
             beanDefinition.setSource(parserContext.extractSource(element));
 
             if (useBase64) {
 
             if (useBase64) {
 
-                if (beanClass.isAssignableFrom(BaseDigestPasswordEncoder.class)) {
 
+                if (BaseDigestPasswordEncoder.class.isAssignableFrom(beanClass)) {
 
                     beanDefinition.getPropertyValues().addPropertyValue("encodeHashAsBase64", "true");
 
                     beanDefinition.getPropertyValues().addPropertyValue("encodeHashAsBase64", "true");
 
                 } else {
 
                 } else {
 
-                    logger.warn(ATT_BASE_64 + " isn't compatible with " + OPT_HASH_LDAP_SHA + " and will be ignored");
 
+                    logger.warn(ATT_BASE_64 + " isn't compatible with " + hash + " and will be ignored");
 
                 }
 
                 }
 
             }
 
             }
 
             passwordEncoder = beanDefinition;
 
             passwordEncoder = beanDefinition;

+ 5 - 7
core/src/test/java/org/springframework/security/config/AuthenticationProviderBeanDefinitionParserTests.java
View File 

@@ -72,19 +72,17 @@ public class AuthenticationProviderBeanDefinitionParserTests {
 
     }
 
     }
 
 
 
     @Test
 
     @Test
 
-    public void worksWithJdbcUserService() throws Exception {
 
+    public void passwordIsBase64EncodedWhenBase64IsEnabled() throws Exception {
 
         setContext(" <authentication-provider>" +
 
         setContext(" <authentication-provider>" +
 
-                "        <password-encoder hash='{sha}'/>" +
 
+                "        <password-encoder hash='md5' base64='true'/>" +
 
                 "        <user-service>" +
 
                 "        <user-service>" +
 
-                "            <user name='bob' password='{SSHA}PpuEwfdj7M1rs0C2W4ssSM2XEN/Y6S5U' authorities='ROLE_A' />" +
 
+                "            <user name='bob' password='ErFB811YuLOkbupl5qwXng==' authorities='ROLE_A' />" +
 
                 "        </user-service>" +
 
                 "        </user-service>" +
 
                 "    </authentication-provider>");
 
                 "    </authentication-provider>");
 
 
 
         getProvider().authenticate(bob);
 
         getProvider().authenticate(bob);
 
-    }
 
-
 
-
 
-
 
+    }    
+    
     @Test
 
     @Test
 
     public void externalUserServiceAndPasswordEncoderWork() throws Exception {
 
     public void externalUserServiceAndPasswordEncoderWork() throws Exception {
 
         setContext(" <authentication-provider user-service-ref='customUserService'>" +
 
         setContext(" <authentication-provider user-service-ref='customUserService'>" +