apache
[SHIRO-887] Do not trim passwords in FormAuthenticationFilter
Fixes SHIRO-887.
This PR fixes an issue where passwords which start and/or end with spaces are trimmed by the FormAuthenticationFilter, which prevents login for users with such passwords.
Note: I am a first time contributor, so I have no CLA signed yet. In order to fulfill the contribution guidelines, I have sent the signed CLA to the Apache Software Foundations secretary office.
Update 2022/07/30: CLA is acknowledge.
Following this checklist to help us incorporate your contribution quickly and easily:
- [x] Make sure there is a JIRA issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.
- [x] Each commit in the pull request should have a meaningful subject line and body.
- [x] Format the pull request title like
[SHIRO-XXX] - Fixes bug in SessionManager, where you replaceSHIRO-XXXwith the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message. - [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
- [x] Run
mvn clean install apache-rat:checkto make sure basic checks pass. A more thorough check will be performed on your pull request automatically. - [x] If you have a group of commits related to the same change, please squash your commits into one and force push your branch using
git rebase -i.
Trivial changes like typos do not require a JIRA issue (javadoc, comments...).
In this case, just format the pull request title like (DOC) - Add javadoc in SessionManager.
If this is your first contribution, you have to read the Contribution Guidelines
If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement if you are unsure please ask on the developers list.
To make clear that you license your contribution under the Apache License Version 2.0, January 2004 you have to acknowledge this by using the following check-box.
- [x] I hereby declare this contribution to be licenced under the Apache License Version 2.0, January 2004
- [x] In any other case, please file an Apache Individual Contributor License Agreement.
Kindly re-target against 1.9.x instead. I cannot just change the branch here.
Rationale: detect signature change of public methods.
