When user is authenticated using JIVE-SHAREDSECRET mechanism, the authenticationSuccessful method is not passed the username, and so the user is not shown as logged-in. The doSharedSecretAuthentication method has the following code,
StringTokenizer tokens = new StringTokenizer(data, “\0”);
tokens.nextToken();
secretDigest = tokens.nextToken();
if (authenticateSharedSecret(secretDigest)) {
authenticationSuccessful(session, null, null);
return Status.authenticated;
}
which I think should be changed to
StringTokenizer tokens = new StringTokenizer(data, “\0”);
String username = tokens.nextToken();
secretDigest = tokens.nextToken();
if (authenticateSharedSecret(secretDigest)) {
** authenticationSuccessful(session, username, null);**
return Status.authenticated;
}
I was not able to see the user as logged-in because of this reason. When I tried this change, it worked. Let me know whether anybody faced such issue, and if there is any other mechanism to login the user.
thanks,
Naga