X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=ea2a6dedf6ea2877c3dcf487999420118aa9aa31;hb=0d430e00bed34cca1d41c26cc2cad35b797e89b8;hp=53b4242ef0be61043f4ec3325189af0974f5b17e;hpb=739faf3400e7f2f1b2bf06bd1ccf9da042c78f5b;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index 53b4242ef..ea2a6dedf 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -14,6 +14,7 @@ import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.CredentialNotFoundException; +import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import javax.servlet.http.HttpServletRequest; @@ -108,9 +109,10 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants { User user = userAdmin.getUser(null, username); if (user == null) - return false; + throw new FailedLoginException("Invalid credentials"); if (!user.hasCredential(null, password)) - return false; + throw new FailedLoginException("Invalid credentials"); + // return false; authorization = userAdmin.getAuthorization(user); } } @@ -126,7 +128,7 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants { public boolean commit() throws LoginException { Authorization authorization = subject .getPrivateCredentials(Authorization.class).iterator().next(); - if (request != null) { + if (request != null && authorization.getName() != null) { request.setAttribute(HttpContext.REMOTE_USER, authorization.getName()); request.setAttribute(HttpContext.AUTHORIZATION, authorization);