From 18da9ce0a4029a2c20763f20d3c31650cbfaf80d Mon Sep 17 00:00:00 2001
From: felmer <franz-josef.elmer@id.ethz.ch>
Date: Wed, 20 May 2020 08:15:41 +0200
Subject: [PATCH] SSDM-9734: use user id *and* password to cache session token
---
.../openbis/dss/generic/server/ftp/FtpUserManager.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ftp/FtpUserManager.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ftp/FtpUserManager.java
index bd9fc37dd54..54de33d309f 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ftp/FtpUserManager.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ftp/FtpUserManager.java
@@ -45,7 +45,7 @@ public class FtpUserManager implements UserManager
FtpUserManager.class);
private final IServiceForDataStoreServer service;
-
+
private final Map<String, String> sessionTokensByUser = Collections.synchronizedMap(new HashMap<>());
public FtpUserManager(IServiceForDataStoreServer service)
@@ -60,7 +60,8 @@ public class FtpUserManager implements UserManager
{
UsernamePasswordAuthentication upa = (UsernamePasswordAuthentication) authentication;
String user = upa.getUsername();
- String sessionToken = sessionTokensByUser.get(user);
+ String key = String.format("%s:%s", upa.getUsername(), upa.getPassword());
+ String sessionToken = sessionTokensByUser.get(key);
if (sessionToken != null)
{
SessionContextDTO session = service.tryGetSession(sessionToken);
@@ -71,7 +72,7 @@ public class FtpUserManager implements UserManager
String password = upa.getPassword();
SessionContextDTO session = service.tryAuthenticate(user, password);
sessionToken = session == null ? null : session.getSessionToken();
- sessionTokensByUser.put(user, sessionToken);
+ sessionTokensByUser.put(key, sessionToken);
}
if (sessionToken != null)
{
--
GitLab