mefarazath · March 9, 2017 04:53
diff --git a/Fix_Custom_user_store b/Fix_Custom_user_store
    @Override
    public boolean doAuthenticate(String userName, Object credential) throws UserStoreException {

        if (CarbonConstants.REGISTRY_ANONNYMOUS_USERNAME.equals(userName)) {
            log.error("Anonymous user trying to login");
            return false;
        }

        Connection dbConnection = null;
        ResultSet rs = null;
        PreparedStatement prepStmt = null;
        String sqlstmt = null;

        char[] password;
        if (credential instanceof Secret) {
            // we are getting the password as a char array to prevent possible heap inspection vulnerability
            password = ((Secret) credential).getChars();
        } else {
            throw new UserStoreException("Unsupported credential type : " + credential.getClass().getName());
        }

        boolean isAuthed = false;
        try {
            dbConnection = getDBConnection();
            dbConnection.setAutoCommit(false);
            //paring the SELECT_USER_SQL from user_mgt.xml
            sqlstmt = realmConfig.getUserStoreProperty(JDBCRealmConstants.SELECT_USER);

            if (log.isDebugEnabled()) {
                log.debug(sqlstmt);
            }

            prepStmt = dbConnection.prepareStatement(sqlstmt);
            prepStmt.setString(1, userName);

            rs = prepStmt.executeQuery();

            if (rs.next()) {
                String storedPassword = rs.getString(2);
                if ((storedPassword != null) && (Arrays.equals(storedPassword.trim().toCharArray(), password))) {
                    isAuthed = true;
                }
            }
        } catch (SQLException e) {
            throw new UserStoreException("Authentication Failure. Using sql :" + sqlstmt);
        } finally {
            DatabaseUtil.closeAllConnections(dbConnection, rs, prepStmt);
        }

        if (log.isDebugEnabled()) {
            log.debug("User " + userName + " login attempt. Login success :: " + isAuthed);
        }

        return isAuthed;

    }
	@Override
	public boolean doAuthenticate(String userName, Object credential) throws UserStoreException {

	if (CarbonConstants.REGISTRY_ANONNYMOUS_USERNAME.equals(userName)) {
	log.error("Anonymous user trying to login");
	return false;
	}

	Connection dbConnection = null;
	ResultSet rs = null;
	PreparedStatement prepStmt = null;
	String sqlstmt = null;

	char[] password;
	if (credential instanceof Secret) {
	// we are getting the password as a char array to prevent possible heap inspection vulnerability
	password = ((Secret) credential).getChars();
	} else {
	throw new UserStoreException("Unsupported credential type : " + credential.getClass().getName());
	}

	boolean isAuthed = false;
	try {
	dbConnection = getDBConnection();
	dbConnection.setAutoCommit(false);
	//paring the SELECT_USER_SQL from user_mgt.xml
	sqlstmt = realmConfig.getUserStoreProperty(JDBCRealmConstants.SELECT_USER);

	if (log.isDebugEnabled()) {
	log.debug(sqlstmt);
	}

	prepStmt = dbConnection.prepareStatement(sqlstmt);
	prepStmt.setString(1, userName);

	rs = prepStmt.executeQuery();

	if (rs.next()) {
	String storedPassword = rs.getString(2);
	if ((storedPassword != null) && (Arrays.equals(storedPassword.trim().toCharArray(), password))) {
	isAuthed = true;
	}
	}
	} catch (SQLException e) {
	throw new UserStoreException("Authentication Failure. Using sql :" + sqlstmt);
	} finally {
	DatabaseUtil.closeAllConnections(dbConnection, rs, prepStmt);
	}

	if (log.isDebugEnabled()) {
	log.debug("User " + userName + " login attempt. Login success :: " + isAuthed);
	}

	return isAuthed;

	}