Repository: archiva-redback-core Updated Branches: refs/heads/validauth 7e83bebce -> d585a9568
Fixing validation error in unit tests Project: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/repo Commit: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/commit/d585a956 Tree: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/tree/d585a956 Diff: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/diff/d585a956 Branch: refs/heads/validauth Commit: d585a9568dc79fb2c2e844c2611e6776a373f3f8 Parents: 7e83beb Author: Martin Stockhammer <marti...@apache.org> Authored: Sun Oct 16 16:49:38 2016 +0200 Committer: Martin Stockhammer <marti...@apache.org> Committed: Sun Oct 16 16:49:38 2016 +0200 ---------------------------------------------------------------------- .../DefaultAuthenticationManager.java | 138 ++++++++----------- .../users/UserManagerAuthenticator.java | 6 + .../keystore/KeyStoreAuthenticator.java | 6 + 3 files changed, 72 insertions(+), 78 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/d585a956/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java ---------------------------------------------------------------------- diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java index bda3276..1bc4770 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java @@ -41,7 +41,7 @@ import java.util.Map; /** * DefaultAuthenticationManager: the goal of the authentication manager is to act as a conduit for * authentication requests into different authentication schemes - * + * <p> * For example, the default implementation can be configured with any number of authenticators and will * sequentially try them for an authenticated result. This allows you to have the standard user/pass * auth procedure followed by authentication based on a known key for 'remember me' type functionality. @@ -50,10 +50,9 @@ import java.util.Map; */ @Service("authenticationManager") public class DefaultAuthenticationManager - implements AuthenticationManager -{ + implements AuthenticationManager { - private Logger log = LoggerFactory.getLogger( getClass() ); + private Logger log = LoggerFactory.getLogger(getClass()); private List<Authenticator> authenticators; @@ -61,113 +60,96 @@ public class DefaultAuthenticationManager private ApplicationContext applicationContext; @Inject - @Named( value = "userManager#default" ) + @Named(value = "userManager#default") private UserManager userManager; - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") @PostConstruct - public void initialize() - { + public void initialize() { this.authenticators = - new ArrayList<Authenticator>( applicationContext.getBeansOfType( Authenticator.class ).values() ); + new ArrayList<Authenticator>(applicationContext.getBeansOfType(Authenticator.class).values()); } - public String getId() - { + public String getId() { return "Default Authentication Manager - " + this.getClass().getName() + " : managed authenticators - " + - knownAuthenticators(); + knownAuthenticators(); } - public AuthenticationResult authenticate( AuthenticationDataSource source ) - throws AccountLockedException, AuthenticationException, MustChangePasswordException - { - if ( authenticators == null || authenticators.size() == 0 ) - { - return ( new AuthenticationResult( false, null, new AuthenticationException( - "no valid authenticators, can't authenticate" ) ) ); + public AuthenticationResult authenticate(AuthenticationDataSource source) + throws AccountLockedException, AuthenticationException, MustChangePasswordException { + if (authenticators == null || authenticators.size() == 0) { + return (new AuthenticationResult(false, null, new AuthenticationException( + "no valid authenticators, can't authenticate"))); } // put AuthenticationResult exceptions in a map List<AuthenticationFailureCause> authnResultErrors = new ArrayList<AuthenticationFailureCause>(); - for ( Authenticator authenticator : authenticators ) - { - if ( authenticator.isValid() && authenticator.supportsDataSource( source ) ) - { - AuthenticationResult authResult = authenticator.authenticate( source ); - List<AuthenticationFailureCause> authenticationFailureCauses = - authResult.getAuthenticationFailureCauses(); - - if ( authResult.isAuthenticated() ) - { - //olamy: as we can chain various user managers with Archiva - // user manager authenticator can lock accounts in the following case : - // 2 user managers: ldap and jdo. - // ldap correctly find the user but cannot compare hashed password - // jdo reject password so increase loginAttemptCount - // now ldap bind authenticator work but loginAttemptCount has been increased. - // so we restore here loginAttemptCount to 0 if in authenticationFailureCauses - - for ( AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses ) - { - User user = authenticationFailureCause.getUser(); - if ( user != null ) - { - if ( user.getCountFailedLoginAttempts() > 0 ) - { - user.setCountFailedLoginAttempts( 0 ); - if ( !userManager.isReadOnly() ) - { - try - { - userManager.updateUser( user ); - } - catch ( UserManagerException e ) - { - log.debug( e.getMessage(), e ); - log.warn( "skip error updating user: {}", e.getMessage() ); + for (Authenticator authenticator : authenticators) { + if (authenticator.isValid()) { + if (authenticator.supportsDataSource(source)) { + AuthenticationResult authResult = authenticator.authenticate(source); + List<AuthenticationFailureCause> authenticationFailureCauses = + authResult.getAuthenticationFailureCauses(); + + if (authResult.isAuthenticated()) { + //olamy: as we can chain various user managers with Archiva + // user manager authenticator can lock accounts in the following case : + // 2 user managers: ldap and jdo. + // ldap correctly find the user but cannot compare hashed password + // jdo reject password so increase loginAttemptCount + // now ldap bind authenticator work but loginAttemptCount has been increased. + // so we restore here loginAttemptCount to 0 if in authenticationFailureCauses + + for (AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses) { + User user = authenticationFailureCause.getUser(); + if (user != null) { + if (user.getCountFailedLoginAttempts() > 0) { + user.setCountFailedLoginAttempts(0); + if (!userManager.isReadOnly()) { + try { + userManager.updateUser(user); + } catch (UserManagerException e) { + log.debug(e.getMessage(), e); + log.warn("skip error updating user: {}", e.getMessage()); + } } } } } + return authResult; } - return authResult; - } - if ( authenticationFailureCauses != null ) - { - authnResultErrors.addAll( authenticationFailureCauses ); - } - else - { - if ( authResult.getException() != null ) - { - authnResultErrors.add( - new AuthenticationFailureCause( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION, - authResult.getException().getMessage() ) ); + if (authenticationFailureCauses != null) { + authnResultErrors.addAll(authenticationFailureCauses); + } else { + if (authResult.getException() != null) { + authnResultErrors.add( + new AuthenticationFailureCause(AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION, + authResult.getException().getMessage())); + } } - } + } + } else { + log.warn("Invalid authenticator found: " + authenticator.getId()); } } - return ( new AuthenticationResult( false, null, new AuthenticationException( - "authentication failed on authenticators: " + knownAuthenticators() ), authnResultErrors ) ); + return (new AuthenticationResult(false, null, new AuthenticationException( + "authentication failed on authenticators: " + knownAuthenticators()), authnResultErrors)); } - public List<Authenticator> getAuthenticators() - { + public List<Authenticator> getAuthenticators() { return authenticators; } - private String knownAuthenticators() - { + private String knownAuthenticators() { StringBuilder strbuf = new StringBuilder(); - for ( Authenticator authenticator : authenticators ) - { - strbuf.append( '(' ).append( authenticator.getId() ).append( ") " ); + for (Authenticator authenticator : authenticators) { + strbuf.append('(').append(authenticator.getId()).append(") "); } return strbuf.toString(); http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/d585a956/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java ---------------------------------------------------------------------- diff --git a/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java index 567b7b3..ed9e33a 100644 --- a/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java +++ b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java @@ -40,6 +40,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import javax.annotation.PostConstruct; import javax.inject.Inject; import javax.inject.Named; import java.util.ArrayList; @@ -69,6 +70,11 @@ public class UserManagerAuthenticator return "UserManagerAuthenticator"; } + @PostConstruct + private void init() { + super.valid = true; + } + /** * @throws org.apache.archiva.redback.policy.AccountLockedException http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/d585a956/redback-keys/redback-authentication-keys/src/main/java/org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.java ---------------------------------------------------------------------- diff --git a/redback-keys/redback-authentication-keys/src/main/java/org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.java b/redback-keys/redback-authentication-keys/src/main/java/org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.java index 51a9d31..931c610 100644 --- a/redback-keys/redback-authentication-keys/src/main/java/org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.java +++ b/redback-keys/redback-authentication-keys/src/main/java/org/apache/archiva/redback/authentication/keystore/KeyStoreAuthenticator.java @@ -39,6 +39,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; +import javax.annotation.PostConstruct; import javax.annotation.Resource; /** @@ -59,6 +60,11 @@ public class KeyStoreAuthenticator @Resource(name = "userManager#default") private UserManager userManager; + @PostConstruct + private void init() { + super.valid=true; + } + public String getId() { return getClass().getName();
