From 5e608e44fafcac466488a3182190ec18ee4624e7 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Thu, 19 Sep 2013 13:04:58 +0000
Subject: [PATCH] OPENDJ-1149 (CR-2334) Passwords should not be held in memory for the lifetime of a client connection

---
 opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java |    7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java b/opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java
index ebbecf5..f214bc6 100644
--- a/opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java
+++ b/opends/src/server/org/opends/server/extensions/CRAMMD5SASLMechanismHandler.java
@@ -480,12 +480,9 @@
     // If we've gotten here, then the authentication was successful.
     bindOperation.setResultCode(ResultCode.SUCCESS);
 
-    AuthenticationInfo authInfo =
-         new AuthenticationInfo(userEntry, SASL_MECHANISM_CRAM_MD5,
-                                clientCredentials,
-                                DirectoryServer.isRootDN(userEntry.getDN()));
+    AuthenticationInfo authInfo = new AuthenticationInfo(userEntry,
+        SASL_MECHANISM_CRAM_MD5, DirectoryServer.isRootDN(userEntry.getDN()));
     bindOperation.setAuthenticationInfo(authInfo);
-    return;
   }
 
 

--
Gitblit v1.10.0