a290e1fd95c6c9ac28c5d447b27bf0fe87583071,source/org/jasig/portal/security/provider/SimpleSecurityContext.java,SimpleSecurityContext,authenticate,#,64

Before Change



  public synchronized void authenticate() throws PortalSecurityException {
    this.isauth = false;
    RdbmServices rdbmservices = new RdbmServices();
    if (this.myPrincipal.UID != null &&
        this.myOpaqueCredentials.credentialstring != null) {
      Connection conn = null;
      PreparedStatement stmt = null;
      ResultSet rset = null;
      String first_name = null, last_name = null, md5_passwd = null;
      int globalUID;
      try {
        String query = "SELECT ID, FIRST_NAME, LAST_NAME, UP_SHADOW.PASSWORD " +
            "FROM UP_USERS, UP_SHADOW WHERE " +
            "UP_USERS.USER_NAME = UP_SHADOW.USER_NAME AND " +
            "UP_USERS.USER_NAME = ?";
        conn = rdbmservices.getConnection();
        stmt = conn.prepareStatement(query);
        stmt.setString(1, this.myPrincipal.UID);
        rset = stmt.executeQuery();
        if (rset.next()) {
          globalUID  = rset.getInt("ID");
          first_name = rset.getString("FIRST_NAME");
          last_name  = rset.getString("LAST_NAME");
          md5_passwd = rset.getString("PASSWORD");
          if (!md5_passwd.substring(0, 5).equals("(MD5)")) {
            Logger.log(Logger.ERROR, "Password not an MD5 hash: " +
                md5_passwd.substring(0, 5));

After Change


      String first_name = null, last_name = null, md5_passwd = null;
      int globalUID;
      try {
        org.jasig.portal.IDBImpl dbImpl = new org.jasig.portal.DBImpl();
        String acct[] = dbImpl.getUserAccountInformation(this.myPrincipal.UID);
        if (acct[0] != null) {
          globalUID  = Integer.parseInt(acct[0]);
          first_name = acct[2];
          last_name  = acct[3];
          md5_passwd = acct[1];
          if (!md5_passwd.substring(0, 5).equals("(MD5)")) {
            Logger.log(Logger.ERROR, "Password not an MD5 hash: " +