From: Olivier Lamy Date: Sat, 23 Feb 2013 18:36:40 +0000 (+0000) Subject: as we can chain various user managers with Archiva X-Git-Tag: redback-2.1~35 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=dfca551caf7f0f89a766e2c3aec762e233cbb7b5;p=archiva.git as we can chain various user managers with Archiva user manager authenticator can lock accounts in the following case : 2 user managers: ldap and jdo. ldap correctly find the user but cannot compare hashed password jdo reject password so increase loginAttemptCount now ldap bind authenticator work but loginAttemptCount has been increased. so we restore here loginAttemptCount to 0 if in authenticationFailureCauses git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1449386 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/redback-authentication/redback-authentication-api/pom.xml b/redback-authentication/redback-authentication-api/pom.xml index a175ed5e0..463a846b3 100644 --- a/redback-authentication/redback-authentication-api/pom.xml +++ b/redback-authentication/redback-authentication-api/pom.xml @@ -65,7 +65,8 @@ org.apache.archiva.redback.policy;version=${project.version}, org.apache.archiva.redback.users;version=${project.version}, org.apache.commons.lang;version="[2.6,3)", - org.springframework*;version="[3,4)" + org.springframework*;version="[3,4)", + org.slf4j;resolution:=optional diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java index 9b87debf4..d6dd9dc29 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java @@ -18,6 +18,8 @@ package org.apache.archiva.redback.authentication; * under the License. */ +import org.apache.archiva.redback.users.User; + import java.io.Serializable; /** @@ -33,6 +35,8 @@ public class AuthenticationFailureCause private String message; + private User user; + public AuthenticationFailureCause( int cause, String message ) { this.cause = cause; @@ -59,6 +63,22 @@ public class AuthenticationFailureCause this.message = message; } + public User getUser() + { + return user; + } + + public AuthenticationFailureCause user ( User user) + { + this.user = user; + return this; + } + + public void setUser( User user ) + { + this.user = user; + } + @Override public String toString() { diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java index c76ea98f4..dd98d56f7 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java @@ -22,6 +22,7 @@ package org.apache.archiva.redback.authentication; import org.apache.archiva.redback.users.User; import java.io.Serializable; +import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -93,6 +94,10 @@ public class AuthenticationResult public List getAuthenticationFailureCauses() { + if ( authenticationFailureCauses == null ) + { + this.authenticationFailureCauses = new ArrayList(); + } return authenticationFailureCauses; } diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java index 68165a779..d39587c40 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java @@ -21,11 +21,17 @@ package org.apache.archiva.redback.authentication; import org.apache.archiva.redback.policy.AccountLockedException; import org.apache.archiva.redback.policy.MustChangePasswordException; +import org.apache.archiva.redback.users.User; +import org.apache.archiva.redback.users.UserManager; +import org.apache.archiva.redback.users.UserManagerException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import javax.annotation.PostConstruct; import javax.inject.Inject; +import javax.inject.Named; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -47,12 +53,18 @@ public class DefaultAuthenticationManager implements AuthenticationManager { + private Logger log = LoggerFactory.getLogger( getClass() ); + private List authenticators; @Inject private ApplicationContext applicationContext; - @SuppressWarnings("unchecked") + @Inject + @Named( value = "userManager#configurable" ) + private UserManager userManager; + + @SuppressWarnings( "unchecked" ) @PostConstruct public void initialize() { @@ -88,6 +100,37 @@ public class DefaultAuthenticationManager if ( authResult.isAuthenticated() ) { + //olamy: as we can chain various user managers with Archiva + // user manager authenticator can lock accounts in the following case : + // 2 user managers: ldap and jdo. + // ldap correctly find the user but cannot compare hashed password + // jdo reject password so increase loginAttemptCount + // now ldap bind authenticator work but loginAttemptCount has been increased. + // so we restore here loginAttemptCount to 0 if in authenticationFailureCauses + + for ( AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses ) + { + User user = authenticationFailureCause.getUser(); + if ( user != null ) + { + if ( user.getCountFailedLoginAttempts() > 0 ) + { + user.setCountFailedLoginAttempts( 0 ); + if ( !userManager.isReadOnly() ) + { + try + { + userManager.updateUser( user ); + } + catch ( UserManagerException e ) + { + log.debug( e.getMessage(), e ); + log.warn( "skip error updating user: {}", e.getMessage() ); + } + } + } + } + } return authResult; } diff --git a/redback-system/src/test/resources/spring-context.xml b/redback-system/src/test/resources/spring-context.xml index dd75f723a..9857d4f23 100644 --- a/redback-system/src/test/resources/spring-context.xml +++ b/redback-system/src/test/resources/spring-context.xml @@ -45,4 +45,6 @@ + + \ No newline at end of file