Repository: nifi Updated Branches: refs/heads/master 0a58ab47b -> 05395eeca
NIFI-1294: - Updating exception handling to account for a possible issue in an dependency. Signed-off-by: joewitt <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/05395eec Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/05395eec Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/05395eec Branch: refs/heads/master Commit: 05395eeca597aefc1b96e0353e46b668f9056bbc Parents: 0a58ab4 Author: Matt Gilman <[email protected]> Authored: Fri Dec 18 18:46:21 2015 -0500 Committer: joewitt <[email protected]> Committed: Fri Dec 18 21:33:07 2015 -0500 ---------------------------------------------------------------------- .../java/org/apache/nifi/ldap/LdapProvider.java | 41 ++++++++++++-------- 1 file changed, 25 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/05395eec/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java index b604be4..ce626d1 100644 --- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java +++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java @@ -16,16 +16,6 @@ */ package org.apache.nifi.ldap; -import java.io.IOException; -import java.security.KeyManagementException; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; -import java.util.HashMap; -import java.util.Map; -import java.util.concurrent.TimeUnit; -import javax.net.ssl.SSLContext; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authentication.AuthenticationResponse; import org.apache.nifi.authentication.LoginCredentials; @@ -41,15 +31,15 @@ import org.apache.nifi.security.util.SslContextFactory.ClientAuth; import org.apache.nifi.util.FormatUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.ldap.CommunicationException; +import org.springframework.ldap.AuthenticationException; import org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy; import org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy; import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy; -import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider; import org.springframework.security.ldap.authentication.BindAuthenticator; import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; @@ -57,6 +47,17 @@ import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; import org.springframework.security.ldap.search.LdapUserSearch; import org.springframework.security.ldap.userdetails.LdapUserDetails; +import javax.net.ssl.SSLContext; +import java.io.IOException; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.HashMap; +import java.util.Map; +import java.util.concurrent.TimeUnit; + /** * Abstract LDAP based implementation of a login identity provider. */ @@ -266,14 +267,22 @@ public class LdapProvider implements LoginIdentityProvider { } else { return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer); } - } catch (final CommunicationException | AuthenticationServiceException e) { + } catch (final BadCredentialsException | UsernameNotFoundException | AuthenticationException e) { + throw new InvalidLoginCredentialsException(e.getMessage(), e); + } catch (final Exception e) { + // there appears to be a bug that generates a InternalAuthenticationServiceException wrapped around an AuthenticationException. this + // shouldn't be the case as they the service exception suggestions that something was wrong with the service. while the authentication + // exception suggests that username and/or credentials were incorrect. checking the cause seems to address this scenario. + final Throwable cause = e.getCause(); + if (cause instanceof AuthenticationException) { + throw new InvalidLoginCredentialsException(e.getMessage(), e); + } + logger.error(e.getMessage()); if (logger.isDebugEnabled()) { logger.debug(StringUtils.EMPTY, e); } - throw new IdentityAccessException("Unable to query the configured directory server. See the logs for additional details.", e); - } catch (final BadCredentialsException bce) { - throw new InvalidLoginCredentialsException(bce.getMessage(), bce); + throw new IdentityAccessException("Unable to validate the supplied credentials. Please contact the system administrator.", e); } }
