X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fauth%2FUserAdminLoginModule.java;h=5fca43be38e2abc31afd0bf282acad4541448ca0;hb=7eab8a52b56a763e0d0e5153d298ce658e41a22f;hp=16a7d7265212777515aeae360c5c1d360b0c39d4;hpb=e91af5c65a42b3ff98400caa552965cdb3f730e6;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java
index 16a7d7265..5fca43be3 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/UserAdminLoginModule.java
@@ -1,8 +1,5 @@
 package org.argeo.cms.internal.auth;
 
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
-import java.nio.charset.Charset;
 import java.security.Principal;
 import java.util.Arrays;
 import java.util.Collections;
@@ -22,8 +19,6 @@ import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import javax.security.auth.x500.X500Principal;
 
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
 import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
@@ -113,15 +108,10 @@ public class UserAdminLoginModule implements LoginModule {
 			else
 				throw new CredentialNotFoundException("No credentials provided");
 
-			// user = (User) userAdmin.getRole(username);
 			user = userAdmin.getUser(null, username);
 			if (user == null)
 				return false;
-
-			byte[] hashedPassword = ("{SHA}" + Base64
-					.encodeBase64String(DigestUtils.sha1(toBytes(password))))
-					.getBytes();
-			if (!user.hasCredential("userpassword", hashedPassword))
+			if (!user.hasCredential(null, password))
 				return false;
 		} else
 			// anonymous
@@ -130,16 +120,6 @@ public class UserAdminLoginModule implements LoginModule {
 		return true;
 	}
 
-	private byte[] toBytes(char[] chars) {
-		CharBuffer charBuffer = CharBuffer.wrap(chars);
-		ByteBuffer byteBuffer = Charset.forName("UTF-8").encode(charBuffer);
-		byte[] bytes = Arrays.copyOfRange(byteBuffer.array(),
-				byteBuffer.position(), byteBuffer.limit());
-		Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
-		Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
-		return bytes;
-	}
-
 	@Override
 	public boolean commit() throws LoginException {
 		if (authorization != null) {