SSDM-9734: use user id *and* password to cache session token

SSDM-9734: use user id and password to cache session token
18da9ce0 · felmer · 95c461bf · 18da9ce0
Commit 18da9ce0 authored 4 years ago by felmer
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ftp/FtpUserManager.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ftp/FtpUserManager.java
@@ -45,7 +45,7 @@ public class FtpUserManager implements UserManager
            FtpUserManager.class);

    private final IServiceForDataStoreServer service;
-    
+
    private final Map<String, String> sessionTokensByUser = Collections.synchronizedMap(new HashMap<>());

    public FtpUserManager(IServiceForDataStoreServer service)
@@ -60,7 +60,8 @@ public class FtpUserManager implements UserManager
        {
            UsernamePasswordAuthentication upa = (UsernamePasswordAuthentication) authentication;
            String user = upa.getUsername();
-            String sessionToken = sessionTokensByUser.get(user);
+            String key = String.format("%s:%s", upa.getUsername(), upa.getPassword());
+            String sessionToken = sessionTokensByUser.get(key);
            if (sessionToken != null)
            {
                SessionContextDTO session = service.tryGetSession(sessionToken);
@@ -71,7 +72,7 @@ public class FtpUserManager implements UserManager
                String password = upa.getPassword();
                SessionContextDTO session = service.tryAuthenticate(user, password);
                sessionToken = session == null ? null : session.getSessionToken();
-                sessionTokensByUser.put(user, sessionToken);
+                sessionTokensByUser.put(key, sessionToken);
            }
            if (sessionToken != null)
            {