QPID-473 Base64MD5PrincipalDatabase doesn't check password changes were applied to disk before storing in memory

Reversed the effects of the requested change if the changes cannot be persisted to disk git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/branches/M2@533075 13f79535-47bb-0310-9956-ffa450edef68
author: Martin Ritchie <ritchiem@apache.org> 2007-04-27 12:27:19 +0000
committer: Martin Ritchie <ritchiem@apache.org> 2007-04-27 12:27:19 +0000
commit: e7f85c4f7d288a103a5ea2873797f1ae50faefe7 (patch)
tree: fb2e6614e887fdff0cb1dcf2c62696d52559d977
parent: dd1a00c4e93bf4598e1367c3e9e100546679f17c (diff)
download: qpid-python-e7f85c4f7d288a103a5ea2873797f1ae50faefe7.tar.gz
1 files changed, 5 insertions, 17 deletions
diff --git a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
index 8ade3cdd98..10adfdd9fc 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabase.java
@@ -182,6 +182,7 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase
             try
             {
                 _userUpdate.lock();
+                char[] orig = user.getPassword();
                 user.setPassword(password);
 
                 try
@@ -192,6 +193,8 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase
                 {
                     _logger.error("Unable to save password file, password change for user'"
                                   + principal + "' will revert at restart");
+                    //revert the password change
+                    user.setPassword(orig);
                     return false;
                 }
                 return true;
@@ -210,22 +213,6 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase
         }
     }
 
-    private char[] convertPassword(String password) throws UnsupportedEncodingException
-    {
-        byte[] passwdBytes = password.getBytes(DEFAULT_ENCODING);
-
-        char[] passwd = new char[passwdBytes.length];
-
-        int index = 0;
-
-        for (byte b : passwdBytes)
-        {
-            passwd[index++] = (char) b;
-        }
-
-        return passwd;
-    }
-
     public boolean createPrincipal(Principal principal, char[] password)
     {
         if (_users.get(principal.getName()) != null)
@@ -247,9 +234,10 @@ public class Base64MD5PasswordFilePrincipalDatabase implements PrincipalDatabase
             }
             catch (IOException e)
             {
+                //remove the use on failure.
+                _users.remove(user.getName());
                 return false;
             }
-
         }
         finally
         {
author	Martin Ritchie <ritchiem@apache.org>	2007-04-27 12:27:19 +0000
committer	Martin Ritchie <ritchiem@apache.org>	2007-04-27 12:27:19 +0000
commit	e7f85c4f7d288a103a5ea2873797f1ae50faefe7 (patch)
tree	fb2e6614e887fdff0cb1dcf2c62696d52559d977
parent	dd1a00c4e93bf4598e1367c3e9e100546679f17c (diff)
download	qpid-python-e7f85c4f7d288a103a5ea2873797f1ae50faefe7.tar.gz