SafPlatformUser - Valid Username Blank Password

zowe / sample-spring-boot-api-service

Zowe REST API service SDK and sample API service that integrates with Zowe API Mediation Layer

Other

26 stars 18 forks source link

Closed dkelosky closed 4 years ago

dkelosky commented 4 years ago

Reporting for another team - SafPlatformUser() does not reject a valid user name with a blank password when called through the SDK basic auth code.

I haven't had a chance to independently verify but capturing here until it is verified.

dkelosky commented 4 years ago

Update - appears to only occur on CA Top Secret systems

plavjanik commented 4 years ago

It happens on all systems when the user ID of the server has the authority to pass SURROGAT class checks. More details and fix is in #78

plavjanik commented 4 years ago

Fixed in v0.7.1