aspose file tools*
The moose likes Websphere and the fly likes Asterisk(*) matched when it is contained within username on WAS 7 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "Asterisk(*) matched when it is contained within username on WAS 7 " Watch "Asterisk(*) matched when it is contained within username on WAS 7 " New topic
Author

Asterisk(*) matched when it is contained within username on WAS 7

amine spirit
Greenhorn

Joined: Mar 24, 2012
Posts: 1
Hello,

I have a web application deployed on websphere 7 and use web authentication form (j_security_check).

The problem is that when the username used for authentication contains astersiks(*) it will be matched.

For example, a user that has the following credentials "username/password" can be authenticated by "user*/password" and this can be a security flaw.
I can also connect to the websphere 7 administration console with admin* while the username is administrator

I want to see if there is a special configuration on websphere 7 that disables asterisks matching on authencation.
Can anyone help me please?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Asterisk(*) matched when it is contained within username on WAS 7
 
Similar Threads
Accessing secure web pages with JTextPane
authenticating website users with mysql dbase
Microsoft Sharepoint web service from Java client
spring mvc authentication
Microsoft Sharepoint web services from java client