RE: bug in initializing authenticators for AuthenticatorInterceptor

[Wu, James C.]

Here is my local modifications for your reference. It seem to be working for 
me. I can start both ldap and the kdc service.


    /**
     * @param authenticators authenticators to be used by this 
AuthenticationInterceptor
     */
    public void setAuthenticators( Set<Authenticator> authenticators )
    {
        if ( authenticators == null )
        {
            this.authenticators.clear();
            this.authenticatorsMapByType.clear();
            return;
        }

        this.authenticators = authenticators;
    }


    /**
     * @param authenticators authenticators to be used by this 
AuthenticationInterceptor
     */
    public void setAuthenticators( Authenticator[] authenticators )
    {
        if ( authenticators == null )
        {
            throw new IllegalArgumentException( "The given authenticators set 
is null" );
        }

       Set<Authenticator> authenticatorsSet = new HashSet<Authenticator>();
       for (Authenticator authenticator : authenticators) {
        if (authenticator != null)
                   authenticatorsSet.add(authenticator);
        }
       setAuthenticators(authenticatorsSet);
    }



-----Original Message-----
From: Emmanuel Lécharny [mailto:elecha...@gmail.com] 
Sent: Tuesday, April 16, 2013 3:40 PM
To: Apache Directory Developers List
Subject: Re: bug in initializing authenticators for AuthenticatorInterceptor

Le 4/16/13 8:05 PM, Wu, James C. a écrit :
> Hi,
>
> I am looking at this two method definition in the 
> AuthenticationInterceptor.java class.  This two method should both set to the 
> authenticators for the interceptor to the input given in the parameter given 
> both are a setter.  However, the logic of method body of these two methods 
> are quite different. The first method just set the member variable 
> (authenticators) to the input parameters, while the second method will 
> register the authenticator and strangely enough, it does not set the member 
> variable (authenticators) to the input parameter.
>
>     /**
>      * @param authenticators authenticators to be used by this 
> AuthenticationInterceptor
>      */
>     public void setAuthenticators( Set<Authenticator> authenticators )
>     {
>         if ( authenticators == null )
>         {
>             this.authenticators.clear();
>         }
>         else
>         {
>             this.authenticators = authenticators;
>         }
>     }
>
>
>     /**
>      * @param authenticators authenticators to be used by this 
> AuthenticationInterceptor
>      */
>     public void setAuthenticators( Authenticator[] authenticators )
>     {
>         if ( authenticators == null )
>         {
>             throw new IllegalArgumentException( "The given authenticators set 
> is null" );
>         }
>
>         this.authenticators.clear();
>         this.authenticatorsMapByType.clear();
>
>         for ( Authenticator authenticator : authenticators )
>         {
>             try
>             {
>                 register( authenticator, directoryService );
>             }
>             catch ( LdapException le )
>             {
>                 LOG.error( "Cannot register authenticator {}", authenticator 
> );
>             }
>         }
>     }
>
>
> I traced the execution of the start of the apacheds service. During the 
> startup of the apacheds service, three authenticators will be created, and 
> the setAuthenticators( Authenticator[] authenticators ) method will be 
> called. But due to the fact that, the member variable authenticators is not 
> set, when the execution gets to init method of the authenticatorinterceptor, 
> three new default authenticator will be created because the authenticators is 
> null and default authenticators are created. Now we have six authenticators. 
> Three of them (Simple, Strong, Anonymous) created by the 
> setDefaultAuthenticators are in the authenticators list, the other three 
> (Simple, Strong, Anonymous) created by createInterceptors  in the 
> ServiceBuilder class are in the authenticatorsMapByType map.
>
> I am thinking this is a bug. First of all, these two methods should behave in 
> the same way. Second, we should not have duplicated authenticators, plus the 
> three authenticators created by the createInterceptors   method in the 
> ServiceBuilder class is not properly initialized. Their directoryService 
> field is null.

This is clearly a wrong initialization. My understanding is that we have 
stacked layers on top of layers during years, but never cleaned up the class.

I also modified this code 8 weeks ago, I don't remember why I change it this 
way (cf 
http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?r1=1424688&r2=1446503&diff_format=h),
but this is clearly wrong...

It's a bit late for me to come with a better version, I'm afraid to break the 
code even more, so I'll get a good night of sleep and come back tomorrow with a 
clear mind.

Thanks a lot for pointing this !


--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com