summaryrefslogtreecommitdiffstats
path: root/redback-authentication
diff options
context:
space:
mode:
authorOlivier Lamy <olamy@apache.org>2013-02-23 18:36:40 +0000
committerOlivier Lamy <olamy@apache.org>2013-02-23 18:36:40 +0000
commitdfca551caf7f0f89a766e2c3aec762e233cbb7b5 (patch)
tree8c855b607ee2947b224e9459ac5c2b52c125a69f /redback-authentication
parent7bcf37568d49b167e2b0db65663c9226202fac1b (diff)
downloadarchiva-dfca551caf7f0f89a766e2c3aec762e233cbb7b5.tar.gz
archiva-dfca551caf7f0f89a766e2c3aec762e233cbb7b5.zip
as we can chain various user managers with Archiva
user manager authenticator can lock accounts in the following case : 2 user managers: ldap and jdo. ldap correctly find the user but cannot compare hashed password jdo reject password so increase loginAttemptCount now ldap bind authenticator work but loginAttemptCount has been increased. so we restore here loginAttemptCount to 0 if in authenticationFailureCauses git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1449386 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'redback-authentication')
-rw-r--r--redback-authentication/redback-authentication-api/pom.xml3
-rw-r--r--redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java20
-rw-r--r--redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java5
-rw-r--r--redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java45
4 files changed, 71 insertions, 2 deletions
diff --git a/redback-authentication/redback-authentication-api/pom.xml b/redback-authentication/redback-authentication-api/pom.xml
index a175ed5e0..463a846b3 100644
--- a/redback-authentication/redback-authentication-api/pom.xml
+++ b/redback-authentication/redback-authentication-api/pom.xml
@@ -65,7 +65,8 @@
org.apache.archiva.redback.policy;version=${project.version},
org.apache.archiva.redback.users;version=${project.version},
org.apache.commons.lang;version="[2.6,3)",
- org.springframework*;version="[3,4)"
+ org.springframework*;version="[3,4)",
+ org.slf4j;resolution:=optional
</Import-Package>
</instructions>
</configuration>
diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java
index 9b87debf4..d6dd9dc29 100644
--- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java
+++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java
@@ -18,6 +18,8 @@ package org.apache.archiva.redback.authentication;
* under the License.
*/
+import org.apache.archiva.redback.users.User;
+
import java.io.Serializable;
/**
@@ -33,6 +35,8 @@ public class AuthenticationFailureCause
private String message;
+ private User user;
+
public AuthenticationFailureCause( int cause, String message )
{
this.cause = cause;
@@ -59,6 +63,22 @@ public class AuthenticationFailureCause
this.message = message;
}
+ public User getUser()
+ {
+ return user;
+ }
+
+ public AuthenticationFailureCause user ( User user)
+ {
+ this.user = user;
+ return this;
+ }
+
+ public void setUser( User user )
+ {
+ this.user = user;
+ }
+
@Override
public String toString()
{
diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java
index c76ea98f4..dd98d56f7 100644
--- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java
+++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java
@@ -22,6 +22,7 @@ package org.apache.archiva.redback.authentication;
import org.apache.archiva.redback.users.User;
import java.io.Serializable;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -93,6 +94,10 @@ public class AuthenticationResult
public List<AuthenticationFailureCause> getAuthenticationFailureCauses()
{
+ if ( authenticationFailureCauses == null )
+ {
+ this.authenticationFailureCauses = new ArrayList<AuthenticationFailureCause>();
+ }
return authenticationFailureCauses;
}
diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java
index 68165a779..d39587c40 100644
--- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java
+++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java
@@ -21,11 +21,17 @@ package org.apache.archiva.redback.authentication;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
+import org.apache.archiva.redback.users.User;
+import org.apache.archiva.redback.users.UserManager;
+import org.apache.archiva.redback.users.UserManagerException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
+import javax.inject.Named;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -47,12 +53,18 @@ public class DefaultAuthenticationManager
implements AuthenticationManager
{
+ private Logger log = LoggerFactory.getLogger( getClass() );
+
private List<Authenticator> authenticators;
@Inject
private ApplicationContext applicationContext;
- @SuppressWarnings("unchecked")
+ @Inject
+ @Named( value = "userManager#configurable" )
+ private UserManager userManager;
+
+ @SuppressWarnings( "unchecked" )
@PostConstruct
public void initialize()
{
@@ -88,6 +100,37 @@ public class DefaultAuthenticationManager
if ( authResult.isAuthenticated() )
{
+ //olamy: as we can chain various user managers with Archiva
+ // user manager authenticator can lock accounts in the following case :
+ // 2 user managers: ldap and jdo.
+ // ldap correctly find the user but cannot compare hashed password
+ // jdo reject password so increase loginAttemptCount
+ // now ldap bind authenticator work but loginAttemptCount has been increased.
+ // so we restore here loginAttemptCount to 0 if in authenticationFailureCauses
+
+ for ( AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses )
+ {
+ User user = authenticationFailureCause.getUser();
+ if ( user != null )
+ {
+ if ( user.getCountFailedLoginAttempts() > 0 )
+ {
+ user.setCountFailedLoginAttempts( 0 );
+ if ( !userManager.isReadOnly() )
+ {
+ try
+ {
+ userManager.updateUser( user );
+ }
+ catch ( UserManagerException e )
+ {
+ log.debug( e.getMessage(), e );
+ log.warn( "skip error updating user: {}", e.getMessage() );
+ }
+ }
+ }
+ }
+ }
return authResult;
}