From 2b9573692995c35d863aef8c41bd2fd88513a54d Mon Sep 17 00:00:00 2001
From: Brian Major <major.brian@gmail.com>
Date: Thu, 3 Dec 2015 10:57:12 -0800
Subject: [PATCH] t72306 - check for empty password string

---
 .../src/ca/nrc/cadc/ac/server/web/LoginServlet.java           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
index 000d552a..9bada380 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/LoginServlet.java
@@ -153,9 +153,9 @@ public class LoginServlet<T extends Principal> extends HttpServlet
             String userID = request.getParameter("username");
             String password = request.getParameter("password");
 
-            if (userID == null)
+            if (userID == null || userID.length() == 0)
                 throw new IllegalArgumentException("Missing username");
-            if (password == null)
+            if (password == null || password.length() == 0)
                 throw new IllegalArgumentException("Missing password");
 
             userID = userID.trim();
-- 
GitLab