You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by fm...@apache.org on 2012/06/12 16:53:59 UTC

svn commit: r1349384 - in /incubator/syncope/trunk: core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java parent/pom.xml

Author: fmartelli
Date: Tue Jun 12 14:53:59 2012
New Revision: 1349384

URL: http://svn.apache.org/viewvc?rev=1349384&view=rev
Log:
SYNCOPE-94 #comment strange behavior from HttpClient: request is sent twice in case of BadCredentialExceptions

Modified:
    incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java
    incubator/syncope/trunk/parent/pom.xml

Modified: incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java?rev=1349384&r1=1349383&r2=1349384&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java (original)
+++ incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java Tue Jun 12 14:53:59 2012
@@ -28,7 +28,6 @@ import org.springframework.security.auth
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.transaction.annotation.Transactional;
 import org.apache.syncope.core.audit.AuditManager;
 import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
@@ -37,6 +36,7 @@ import org.apache.syncope.types.CipherAl
 import org.apache.syncope.types.AuditElements.AuthenticationSubCategory;
 import org.apache.syncope.types.AuditElements.Category;
 import org.apache.syncope.types.AuditElements.Result;
+import org.springframework.security.authentication.DisabledException;
 
 @Configurable
 public class SyncopeAuthenticationProvider implements AuthenticationProvider {
@@ -84,47 +84,45 @@ public class SyncopeAuthenticationProvid
     }
 
     @Override
-    @Transactional(noRollbackFor = {BadCredentialsException.class})
-    public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
+    @Transactional(noRollbackFor = {BadCredentialsException.class, DisabledException.class})
+    public Authentication authenticate(final Authentication authentication)
+            throws AuthenticationException {
 
-        boolean authenticated;
+        boolean authenticated = false;
         SyncopeUser passwordUser = new SyncopeUser();
         SyncopeUser user = null;
 
-        if (adminUser.equals(authentication.getPrincipal())) {
-            passwordUser.setPassword(authentication.getCredentials().toString(), CipherAlgorithm.MD5, 0);
+        String username = authentication.getPrincipal().toString();
 
+        if (adminUser.equals(username)) {
+            passwordUser.setPassword(authentication.getCredentials().toString(), CipherAlgorithm.MD5, 0);
             authenticated = adminMD5Password.equalsIgnoreCase(passwordUser.getPassword());
         } else {
-            String username;
-            try {
-                username = authentication.getPrincipal().toString();
-            } catch (NumberFormatException e) {
-                throw new UsernameNotFoundException("Invalid username: " + authentication.getName(), e);
-            }
-
             user = userDAO.find(username);
-            if (user == null) {
-                throw new UsernameNotFoundException("Could not find user " + username);
-            }
 
-            passwordUser.setPassword(authentication.getCredentials().toString(), user.getCipherAlgoritm(), 0);
+            if (user != null) {
+                if (user.getSuspended()) {
+                    throw new DisabledException("User " + user.getUsername() + " is suspended");
+                }
 
-            authenticated = user.getPassword().equalsIgnoreCase(passwordUser.getPassword());
+                passwordUser.setPassword(authentication.getCredentials().toString(), user.getCipherAlgoritm(), 0);
+                authenticated = user.getPassword().equalsIgnoreCase(passwordUser.getPassword());
+            }
         }
 
-        Authentication result;
+        UsernamePasswordAuthenticationToken token;
 
-        if ((user == null || !user.getSuspended()) && authenticated) {
-            UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(authentication.
-                    getPrincipal(), null, userDetailsService.loadUserByUsername(
-                    authentication.getPrincipal().toString()).getAuthorities());
-            token.setDetails(authentication.getDetails());
+        if (authenticated) {
+            token = new UsernamePasswordAuthenticationToken(
+                    authentication.getPrincipal(),
+                    null,
+                    userDetailsService.loadUserByUsername(authentication.getPrincipal().toString()).getAuthorities());
 
-            result = token;
+            token.setDetails(authentication.getDetails());
 
             auditManager.audit(Category.authentication, AuthenticationSubCategory.login, Result.success,
                     "Successfully authenticated, with roles: " + token.getAuthorities());
+
             LOG.debug("User {} successfully authenticated, with roles {}", authentication.getPrincipal(), token.
                     getAuthorities());
 
@@ -135,19 +133,25 @@ public class SyncopeAuthenticationProvid
             }
 
         } else {
-            if (user != null && !user.getSuspended()) {
+            if (user != null) {
                 user.setFailedLogins(user.getFailedLogins() + 1);
                 userDAO.save(user);
             }
 
             auditManager.audit(Category.authentication, AuthenticationSubCategory.login, Result.failure,
                     "User " + authentication.getPrincipal() + " not authenticated");
+
             LOG.debug("User {} not authenticated", authentication.getPrincipal());
 
-            throw new BadCredentialsException("User " + authentication.getPrincipal() + " not authenticated");
+            // By using HttpComponents version 4.2 the request is sent twice in case of exception (SYNCOPE-94) ...
+            // throw new BadCredentialsException("User " + authentication.getPrincipal() + " not authenticated");
+            
+            // ... this is the reason of the following code.
+            token = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), null, null);
+            token.setDetails(authentication.getDetails());
         }
 
-        return result;
+        return token;
     }
 
     @Override

Modified: incubator/syncope/trunk/parent/pom.xml
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/parent/pom.xml?rev=1349384&r1=1349383&r2=1349384&view=diff
==============================================================================
--- incubator/syncope/trunk/parent/pom.xml (original)
+++ incubator/syncope/trunk/parent/pom.xml Tue Jun 12 14:53:59 2012
@@ -241,7 +241,7 @@ under the License.
     <commons-jexl.version>2.1.1</commons-jexl.version>
     <commons-lang.version>2.6</commons-lang.version>
         
-    <httpcomponents.version>4.1.3</httpcomponents.version>
+    <httpcomponents.version>4.2</httpcomponents.version>
 
     <activiti.version>5.9</activiti.version>