diff options
author | Olivier Lamy <olamy@apache.org> | 2013-02-23 18:36:40 +0000 |
---|---|---|
committer | Olivier Lamy <olamy@apache.org> | 2013-02-23 18:36:40 +0000 |
commit | dfca551caf7f0f89a766e2c3aec762e233cbb7b5 (patch) | |
tree | 8c855b607ee2947b224e9459ac5c2b52c125a69f /redback-authentication | |
parent | 7bcf37568d49b167e2b0db65663c9226202fac1b (diff) | |
download | archiva-dfca551caf7f0f89a766e2c3aec762e233cbb7b5.tar.gz archiva-dfca551caf7f0f89a766e2c3aec762e233cbb7b5.zip |
as we can chain various user managers with Archiva
user manager authenticator can lock accounts in the following case :
2 user managers: ldap and jdo.
ldap correctly find the user but cannot compare hashed password
jdo reject password so increase loginAttemptCount
now ldap bind authenticator work but loginAttemptCount has been increased.
so we restore here loginAttemptCount to 0 if in authenticationFailureCauses
git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1449386 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'redback-authentication')
4 files changed, 71 insertions, 2 deletions
diff --git a/redback-authentication/redback-authentication-api/pom.xml b/redback-authentication/redback-authentication-api/pom.xml index a175ed5e0..463a846b3 100644 --- a/redback-authentication/redback-authentication-api/pom.xml +++ b/redback-authentication/redback-authentication-api/pom.xml @@ -65,7 +65,8 @@ org.apache.archiva.redback.policy;version=${project.version}, org.apache.archiva.redback.users;version=${project.version}, org.apache.commons.lang;version="[2.6,3)", - org.springframework*;version="[3,4)" + org.springframework*;version="[3,4)", + org.slf4j;resolution:=optional </Import-Package> </instructions> </configuration> diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java index 9b87debf4..d6dd9dc29 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java @@ -18,6 +18,8 @@ package org.apache.archiva.redback.authentication; * under the License. */ +import org.apache.archiva.redback.users.User; + import java.io.Serializable; /** @@ -33,6 +35,8 @@ public class AuthenticationFailureCause private String message; + private User user; + public AuthenticationFailureCause( int cause, String message ) { this.cause = cause; @@ -59,6 +63,22 @@ public class AuthenticationFailureCause this.message = message; } + public User getUser() + { + return user; + } + + public AuthenticationFailureCause user ( User user) + { + this.user = user; + return this; + } + + public void setUser( User user ) + { + this.user = user; + } + @Override public String toString() { diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java index c76ea98f4..dd98d56f7 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java @@ -22,6 +22,7 @@ package org.apache.archiva.redback.authentication; import org.apache.archiva.redback.users.User; import java.io.Serializable; +import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -93,6 +94,10 @@ public class AuthenticationResult public List<AuthenticationFailureCause> getAuthenticationFailureCauses() { + if ( authenticationFailureCauses == null ) + { + this.authenticationFailureCauses = new ArrayList<AuthenticationFailureCause>(); + } return authenticationFailureCauses; } diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java index 68165a779..d39587c40 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java @@ -21,11 +21,17 @@ package org.apache.archiva.redback.authentication; import org.apache.archiva.redback.policy.AccountLockedException; import org.apache.archiva.redback.policy.MustChangePasswordException; +import org.apache.archiva.redback.users.User; +import org.apache.archiva.redback.users.UserManager; +import org.apache.archiva.redback.users.UserManagerException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import javax.annotation.PostConstruct; import javax.inject.Inject; +import javax.inject.Named; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -47,12 +53,18 @@ public class DefaultAuthenticationManager implements AuthenticationManager { + private Logger log = LoggerFactory.getLogger( getClass() ); + private List<Authenticator> authenticators; @Inject private ApplicationContext applicationContext; - @SuppressWarnings("unchecked") + @Inject + @Named( value = "userManager#configurable" ) + private UserManager userManager; + + @SuppressWarnings( "unchecked" ) @PostConstruct public void initialize() { @@ -88,6 +100,37 @@ public class DefaultAuthenticationManager if ( authResult.isAuthenticated() ) { + //olamy: as we can chain various user managers with Archiva + // user manager authenticator can lock accounts in the following case : + // 2 user managers: ldap and jdo. + // ldap correctly find the user but cannot compare hashed password + // jdo reject password so increase loginAttemptCount + // now ldap bind authenticator work but loginAttemptCount has been increased. + // so we restore here loginAttemptCount to 0 if in authenticationFailureCauses + + for ( AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses ) + { + User user = authenticationFailureCause.getUser(); + if ( user != null ) + { + if ( user.getCountFailedLoginAttempts() > 0 ) + { + user.setCountFailedLoginAttempts( 0 ); + if ( !userManager.isReadOnly() ) + { + try + { + userManager.updateUser( user ); + } + catch ( UserManagerException e ) + { + log.debug( e.getMessage(), e ); + log.warn( "skip error updating user: {}", e.getMessage() ); + } + } + } + } + } return authResult; } |