[CDAP-20840] Check for empty LDAP password

cdap-security/src/main/java/io/cdap/cdap/security/server/JAASLoginService.java

@@ -194,8 +194,11 @@ protected void doStart() throws Exception {
   @Override
   public UserIdentity login(final String username, final Object credentials) {
     try {
-      CallbackHandler callbackHandler = null;
+      if (credentials instanceof String && ((String) credentials).isEmpty()) {
+        throw new LoginException("Empty password");
+      }
 
+      CallbackHandler callbackHandler = null;
       if (callbackHandlerClass == null) {
         callbackHandler = new CallbackHandler() {
           @Override

cdap-security/src/test/java/io/cdap/cdap/security/server/ExternalLDAPAuthenticationServerTest.java

@@ -20,11 +20,14 @@
 import io.cdap.cdap.common.conf.CConfiguration;
 import io.cdap.cdap.common.conf.Constants;
 import io.cdap.cdap.common.conf.SConfiguration;
+import java.net.HttpURLConnection;
 import java.net.InetAddress;
 import java.util.HashMap;
 import java.util.Map;
 import org.junit.AfterClass;
+import org.junit.Assert;
 import org.junit.BeforeClass;
+import org.junit.Test;
 
 /**
  * Tests for {@link ExternalAuthenticationServer}.
@@ -72,4 +75,19 @@ protected Map<String, String> getAuthRequestHeader() {
   protected String getAuthenticatedUserName() {
    return "admin";
   }
+
+  /**
+   * Test request to server with empty password
+   */
+   @Test
+   public void testEmptyPassword() throws Exception {
+     HttpURLConnection urlConn = openConnection(getURL(GrantAccessToken.Paths.GET_TOKEN));
+     try {
+       // base64 encoding of admin: (username=admin, password=empty string)
+       urlConn.addRequestProperty("Authorization", "Basic YWRtaW46");
+       Assert.assertEquals(401, urlConn.getResponseCode());
+      } finally {
+       urlConn.disconnect();
+      }
+    }
 }