#4479 - upgrade SecurisServer to Java 21

Joaquín Reñé

16 hours ago 78b085815b9873acdf178b2e9c9598d065fd40c0

 securis/src/main/java/net/curisit/securis/services/UserResource.java
..
..
@@ -407,11 +407,15 @@
407
407
         LOG.info("login() called. session={}", request.getSession(false));
408
408
         LOG.info("login() username='{}'", username);
409
409
         
410
-        LOG.info("UserResource instance={}", this);
411
-        LOG.info("Injected em={}", em);
412
-        LOG.info("Injected tokenHelper={}", tokenHelper);
413
-        LOG.info("Injected cache={}", cache);
414
-
410
+        boolean trazalogin = false;
411
+        
412
+        if (trazalogin) {
413
+	        LOG.info("UserResource instance={}", this);
414
+	        LOG.info("Injected em={}", em);
415
+	        LOG.info("Injected tokenHelper={}", tokenHelper);
416
+	        LOG.info("Injected cache={}", cache);
417
+        }
418
+        
415
419
         if (username == null || username.trim().isEmpty()) {
416
420
             LOG.error("login() username is null or empty");
417
421
             throw new SeCurisServiceException(ErrorCodes.UNAUTHORIZED_ACCESS, "Wrong credentials");
..
..
@@ -432,6 +436,27 @@
432
436
         String securedPassword = Utils.sha256(password);
433
437
         LOG.info("login() hashed password generated? {}", securedPassword != null);
434
438
 
439
+        if (trazalogin) {
440
+	        LOG.info("login() stored password hash='{}'", user.getPassword());
441
+	        LOG.info("login() computed password hash='{}'", securedPassword);
442
+	        LOG.info("login() stored length={}, computed length={}",
443
+	                user.getPassword() == null ? null : user.getPassword().length(),
444
+	                securedPassword == null ? null : securedPassword.length());
445
+	        
446
+	        
447
+	        LOG.info("raw password='{}'", password);
448
+	        LOG.info("sha256(raw)='{}'", Utils.sha256(password));
449
+	        LOG.info("sha256(trim)='{}'", Utils.sha256(password == null ? null : password.trim()));
450
+	        LOG.info("sha256(lower)='{}'", Utils.sha256(password == null ? null : password.toLowerCase()));
451
+	        LOG.info("sha256(upper)='{}'", Utils.sha256(password == null ? null : password.toUpperCase()));
452
+	        LOG.info("sha256(username+password)='{}'", Utils.sha256(username + password));
453
+	        LOG.info("sha256(password+username)='{}'", Utils.sha256(password + username));
454
+	        LOG.info("stored hash='{}'", user.getPassword());
455
+	        
456
+	        LOG.info("password.equals('admin')={}", "admin".equals(password));
457
+	        LOG.info("password length={}", password == null ? null : password.length());
458
+        }    
459
+	        
435
460
         if (securedPassword == null || !securedPassword.equals(user.getPassword())) {
436
461
             LOG.error("Wrong password for user '{}'", username);
437
462
             throw new SeCurisServiceException(ErrorCodes.UNAUTHORIZED_ACCESS, "Wrong credentials");