Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-998

Shibboleth login - improve handling of empty attribute headers

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.7.2
    • Fix Version/s: 1.8.0
    • Component/s: DSpace API
    • Labels:
      None
    • Attachments:
      1
    • Comments:
      1
    • Documentation Status:
      Not Required

      Description

      ShibAuthentication.java reads the username (and other attributes) from headers that are passed into the request. If the headers are missing, AuthenticationMethod.BAD_ARGS is correctly thrown.

      However if the headers exist, but are empty, they are accepted, which leads to a user being created with no name / netid / email etc.

      This patch (contributed by Yin Yin Latt from The University of Auckland Library) updates the checks for 'null' headers to also check for 'empty' headers.

        Attachments

          Activity

            People

            • Assignee:
              stuartlewis Stuart Lewis
              Reporter:
              stuartlewis Stuart Lewis
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: