Apache Shiro :: Core – CPD Results

CPD Results

The following document contains the results of PMD's CPD 6.13.0.

Duplications

File	Line
org/apache/shiro/realm/ldap/DefaultLdapContextFactory.java	291
org/apache/shiro/realm/ldap/JndiLdapContextFactory.java	523
private void validateAuthenticationInfo(Hashtable<String, Object> environment) throws AuthenticationException { // validate when using Simple auth both principal and credentials are set if(SIMPLE_AUTHENTICATION_MECHANISM_NAME.equals(environment.get(Context.SECURITY_AUTHENTICATION))) { // only validate credentials if we have a non-empty principal if( environment.get(Context.SECURITY_PRINCIPAL) != null && StringUtils.hasText( String.valueOf( environment.get(Context.SECURITY_PRINCIPAL) ))) { Object credentials = environment.get(Context.SECURITY_CREDENTIALS); // from the FAQ, we need to check for empty credentials: // http://docs.oracle.com/javase/tutorial/jndi/ldap/faq.html if( credentials == null \|\| (credentials instanceof byte[] && ((byte[])credentials).length <= 0) \|\| // empty byte[] (credentials instanceof char[] && ((char[])credentials).length <= 0) \|\| // empty char[] (String.class.isInstance(credentials) && !StringUtils.hasText(String.valueOf(credentials)))) { throw new javax.naming.AuthenticationException("LDAP Simple authentication requires both a " + "principal and credentials."); } } } } }

File

Line

org/apache/shiro/realm/ldap/DefaultLdapContextFactory.java

291

org/apache/shiro/realm/ldap/JndiLdapContextFactory.java

523

    private void validateAuthenticationInfo(Hashtable<String, Object> environment)
        throws AuthenticationException
    {
        // validate when using Simple auth both principal and credentials are set
        if(SIMPLE_AUTHENTICATION_MECHANISM_NAME.equals(environment.get(Context.SECURITY_AUTHENTICATION))) {

            // only validate credentials if we have a non-empty principal
            if( environment.get(Context.SECURITY_PRINCIPAL) != null &&
                StringUtils.hasText( String.valueOf( environment.get(Context.SECURITY_PRINCIPAL) ))) {

                Object credentials = environment.get(Context.SECURITY_CREDENTIALS);

                // from the FAQ, we need to check for empty credentials:
                // http://docs.oracle.com/javase/tutorial/jndi/ldap/faq.html
                if( credentials == null ||
                    (credentials instanceof byte[] && ((byte[])credentials).length <= 0) || // empty byte[]
                    (credentials instanceof char[] && ((char[])credentials).length <= 0) || // empty char[]
                    (String.class.isInstance(credentials) && !StringUtils.hasText(String.valueOf(credentials)))) {

                    throw new javax.naming.AuthenticationException("LDAP Simple authentication requires both a "
                                                                       + "principal and credentials.");
                }
            }
        }
    }

}