REPO-1687: ACE-5662: The AuthenticationServiceImpl.ProtectedUser is not suitable for clustered cache

- Added additional check to avoid problems with very small usernames. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@133443 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-10-08 14:51:49 +00:00 · 2016-12-07 16:37:35 +00:00
parent 16e7095d93
commit 5a2abbd721
1 changed files with 5 additions and 2 deletions
--- a/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java
@@ -179,8 +179,11 @@ public class AuthenticationServiceImpl extends AbstractAuthenticationService imp
                if (protectedUser.getNumLogins() == protectionLimit && logger.isWarnEnabled())
                {
                    // Shows only first 2 symbols of the username and masks all other character with '*'
-                    logger.warn(String.format(BRUTE_FORCE_ATTACK_DETECTED,
-                            userName.substring(0,2) + new String(new char[(userName.length() - 2)]).replace("\0", "*")));
+                    if (userName.length() >= 2)
+                    {
+                        logger.warn(String.format(BRUTE_FORCE_ATTACK_DETECTED,
+                                userName.substring(0,2) + new String(new char[(userName.length() - 2)]).replace("\0", "*")));
+                    }
                }
            }
            protectedUsersCache.put(userName, protectedUser);