File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Websphere and the fly likes Asterisk(*) matched when it is contained within username on WAS 7 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "Asterisk(*) matched when it is contained within username on WAS 7 " Watch "Asterisk(*) matched when it is contained within username on WAS 7 " New topic
Author

Asterisk(*) matched when it is contained within username on WAS 7

amine spirit
Greenhorn

Joined: Mar 24, 2012
Posts: 1
Hello,

I have a web application deployed on websphere 7 and use web authentication form (j_security_check).

The problem is that when the username used for authentication contains astersiks(*) it will be matched.

For example, a user that has the following credentials "username/password" can be authenticated by "user*/password" and this can be a security flaw.
I can also connect to the websphere 7 administration console with admin* while the username is administrator

I want to see if there is a special configuration on websphere 7 that disables asterisks matching on authencation.
Can anyone help me please?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Asterisk(*) matched when it is contained within username on WAS 7
 
Similar Threads
Microsoft Sharepoint web service from Java client
Microsoft Sharepoint web services from java client
Accessing secure web pages with JTextPane
spring mvc authentication
authenticating website users with mysql dbase