Skip to Content
avatar image
Former Member

LoginModul password is not checked for context

Hi Experts,

i have an issue regarding my custom Login Modul. I use this code for check the users password.

try {
			IUserAccount userAccount = UMFactory.getUserAccountFactory().getUserAccountByLogonId(userName);
			passwordCorrect = userAccount.checkPasswordExtended(password);
		} catch (UMException ume){
			throwUserLoginException(ume);
		}
		if (ILoginConstants.CHECKPWD_PWDEXPIRED == passwordCorrect){
			throwNewLoginException("Anmeldung Fehlgeschlagen Passwort abgelaufen!");
		}
		if (ILoginConstants.CHECKPWD_PWDLOCKED == passwordCorrect){
			throwNewLoginException("Anmeldung Fehlgeschlagen Account ist gelockt!");
		}
		if (ILoginConstants.CHECKPWD_WRONGPWD == passwordCorrect){
			throwNewLoginException("Anmeldung Fehlgeschlagen Passwort ist falsch!");
		}
		if (ILoginConstants.CHECKPWD_NOPWD == passwordCorrect){
			throwNewLoginException("Anmeldung Fehlgeschlagen kein Password angegeben");
		}

T´he method userAccount.checkPasswordExtended(password) is not able to compare the password in a context sensitive way, i mean you can login regardless if you user big or small characters. The code works fine if the user provide an incorrect password.

Does anyone have a solution for this issue?

thanks in advance.

best regards,

Rene

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Aug 18, 2008 at 04:15 PM

    Hello,

    UME does not ignore the case. Seems like your userstore (e.g. LDAP) does.

    Regards,

    Tsvetomir

    Add comment
    10|10000 characters needed characters exceeded