X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fjcr%2Fjackrabbit%2FJackrabbitUserAdminService.java;h=711c9d598e031f50069bd624bface214fac2638c;hb=4b580ca68171ebf18dce390edd5d7502afe7f2ad;hp=b648f32c38b583481142f472ed82978b1d0f779d;hpb=a43673012d2827b0780c03f8a4fe862a6f7dfbf8;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java index b648f32c3..711c9d598 100644 --- a/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java +++ b/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java @@ -1,6 +1,7 @@ package org.argeo.security.jcr.jackrabbit; import java.util.ArrayList; +import java.util.Arrays; import java.util.Iterator; import java.util.LinkedHashSet; import java.util.List; @@ -301,9 +302,12 @@ public class JackrabbitUserAdminService implements UserAdminService, Authentication authentication) throws AuthenticationException { UsernamePasswordAuthenticationToken siteAuth = (UsernamePasswordAuthenticationToken) authentication; String username = siteAuth.getName(); + if (!(siteAuth.getCredentials() instanceof char[])) + throw new ArgeoException("Only char array passwords are supported"); + char[] password = (char[]) siteAuth.getCredentials(); try { SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(), - siteAuth.getCredentials().toString().toCharArray()); + password); User user = (User) getUserManager().getAuthorizable(username); if (user == null) throw new BadCredentialsException("Bad credentials"); @@ -323,6 +327,8 @@ public class JackrabbitUserAdminService implements UserAdminService, } catch (Exception e) { throw new BadCredentialsException( "Cannot authenticate " + siteAuth, e); + } finally { + Arrays.fill(password, '*'); } try {