[
https://issues.apache.org/jira/browse/DIRSERVER-1987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny updated DIRSERVER-1987:
-----------------------------------------
Component/s: (was: core)
authn
> Only one authenticator of particular type is (randomly) configured during
> initialization
> ----------------------------------------------------------------------------------------
>
> Key: DIRSERVER-1987
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1987
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: authn
> Affects Versions: 2.0.0-M17
> Reporter: Denis Mikhalkin
> Priority: Major
>
> I've developed a custom authenticator of type SIMPLE. ApacheDS already has a
> default SimpleAuthenticator. I've added my authenticator to the configuration
> at
> ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> Authenticator gets created (constructor is called) but the doInit method gets
> called only once sometime, and then with null directory service. Sometimes
> everything just works.
> I debugged the issue and found the following piece of code in
> AuthenticationInterceptor.register:
> {code:java}
> Collection<Authenticator> authenticatorList = getAuthenticators(
> authenticator.getAuthenticatorType() );
> if ( authenticatorList == null )
> {
> authenticatorList = new ArrayList<Authenticator>();
> authenticatorsMapByType.put(
> authenticator.getAuthenticatorType(), authenticatorList );
> authenticators.add( authenticator );
> }
> if ( !authenticatorList.contains( authenticator ) )
> {
> authenticatorList.add( authenticator );
> }
> {code}
> 1. It first gets a list of existing authenticator of particular type. Let's
> say there is already one authenticator of such type (say
> SimpleAuthenticator). The list will be non-empty
> 2. Because the list is non-empty, the if statement is skipped
> 3. Because the list does not contain the second authenticator, it gets added
> to the list. This list is in the map authenticatorsMapByType, so the
> authenticator is registered in the map-by-type
> BUT, since the if statement was skipped, the second authenticator is not
> added to the list of all authenticators at "this.authenticators". So when the
> authenticators are later initialized with directoryService and invoked, the
> second authenticator is not in action.
> The randomness of the behavior is associated with the order of authenticators
> which are passed in into AuthenticationInterceptor.setAuthenticators. If my
> authenticator is the first one, SimpleAuthenticator will be skipped. If my
> one is the second, it gets skipped.
> I'm not sure what is the expected behavior, but if all authenticators should
> be active, the code should be modified as follows:
> {code:java}
> Collection<Authenticator> authenticatorList = getAuthenticators(
> authenticator.getAuthenticatorType() );
> if ( authenticatorList == null )
> {
> authenticatorList = new ArrayList<Authenticator>();
> authenticatorsMapByType.put(
> authenticator.getAuthenticatorType(), authenticatorList );
> }
> if ( !authenticatorList.contains( authenticator ) )
> {
> authenticatorList.add( authenticator );
> authenticators.add( authenticator );
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
