...
This example is vulnerable to the attack described earlier. If it is passed the attack string for username described previously, the described earlier is passed to evaluate(), the method call returns the corresponding node in the XML file. This causes the doLogin() method to return true and bypass any authorization.
...