From dfca551caf7f0f89a766e2c3aec762e233cbb7b5 Mon Sep 17 00:00:00 2001 From: Olivier Lamy Date: Sat, 23 Feb 2013 18:36:40 +0000 Subject: as we can chain various user managers with Archiva user manager authenticator can lock accounts in the following case : 2 user managers: ldap and jdo. ldap correctly find the user but cannot compare hashed password jdo reject password so increase loginAttemptCount now ldap bind authenticator work but loginAttemptCount has been increased. so we restore here loginAttemptCount to 0 if in authenticationFailureCauses git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1449386 13f79535-47bb-0310-9956-ffa450edef68 --- .../redback-authentication-api/pom.xml | 3 +- .../authentication/AuthenticationFailureCause.java | 20 ++++++++++ .../authentication/AuthenticationResult.java | 5 +++ .../DefaultAuthenticationManager.java | 45 +++++++++++++++++++++- 4 files changed, 71 insertions(+), 2 deletions(-) (limited to 'redback-authentication') diff --git a/redback-authentication/redback-authentication-api/pom.xml b/redback-authentication/redback-authentication-api/pom.xml index a175ed5e0..463a846b3 100644 --- a/redback-authentication/redback-authentication-api/pom.xml +++ b/redback-authentication/redback-authentication-api/pom.xml @@ -65,7 +65,8 @@ org.apache.archiva.redback.policy;version=${project.version}, org.apache.archiva.redback.users;version=${project.version}, org.apache.commons.lang;version="[2.6,3)", - org.springframework*;version="[3,4)" + org.springframework*;version="[3,4)", + org.slf4j;resolution:=optional diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java index 9b87debf4..d6dd9dc29 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationFailureCause.java @@ -18,6 +18,8 @@ package org.apache.archiva.redback.authentication; * under the License. */ +import org.apache.archiva.redback.users.User; + import java.io.Serializable; /** @@ -33,6 +35,8 @@ public class AuthenticationFailureCause private String message; + private User user; + public AuthenticationFailureCause( int cause, String message ) { this.cause = cause; @@ -59,6 +63,22 @@ public class AuthenticationFailureCause this.message = message; } + public User getUser() + { + return user; + } + + public AuthenticationFailureCause user ( User user) + { + this.user = user; + return this; + } + + public void setUser( User user ) + { + this.user = user; + } + @Override public String toString() { diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java index c76ea98f4..dd98d56f7 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/AuthenticationResult.java @@ -22,6 +22,7 @@ package org.apache.archiva.redback.authentication; import org.apache.archiva.redback.users.User; import java.io.Serializable; +import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -93,6 +94,10 @@ public class AuthenticationResult public List getAuthenticationFailureCauses() { + if ( authenticationFailureCauses == null ) + { + this.authenticationFailureCauses = new ArrayList(); + } return authenticationFailureCauses; } diff --git a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java index 68165a779..d39587c40 100644 --- a/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java +++ b/redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java @@ -21,11 +21,17 @@ package org.apache.archiva.redback.authentication; import org.apache.archiva.redback.policy.AccountLockedException; import org.apache.archiva.redback.policy.MustChangePasswordException; +import org.apache.archiva.redback.users.User; +import org.apache.archiva.redback.users.UserManager; +import org.apache.archiva.redback.users.UserManagerException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import javax.annotation.PostConstruct; import javax.inject.Inject; +import javax.inject.Named; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -47,12 +53,18 @@ public class DefaultAuthenticationManager implements AuthenticationManager { + private Logger log = LoggerFactory.getLogger( getClass() ); + private List authenticators; @Inject private ApplicationContext applicationContext; - @SuppressWarnings("unchecked") + @Inject + @Named( value = "userManager#configurable" ) + private UserManager userManager; + + @SuppressWarnings( "unchecked" ) @PostConstruct public void initialize() { @@ -88,6 +100,37 @@ public class DefaultAuthenticationManager if ( authResult.isAuthenticated() ) { + //olamy: as we can chain various user managers with Archiva + // user manager authenticator can lock accounts in the following case : + // 2 user managers: ldap and jdo. + // ldap correctly find the user but cannot compare hashed password + // jdo reject password so increase loginAttemptCount + // now ldap bind authenticator work but loginAttemptCount has been increased. + // so we restore here loginAttemptCount to 0 if in authenticationFailureCauses + + for ( AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses ) + { + User user = authenticationFailureCause.getUser(); + if ( user != null ) + { + if ( user.getCountFailedLoginAttempts() > 0 ) + { + user.setCountFailedLoginAttempts( 0 ); + if ( !userManager.isReadOnly() ) + { + try + { + userManager.updateUser( user ); + } + catch ( UserManagerException e ) + { + log.debug( e.getMessage(), e ); + log.warn( "skip error updating user: {}", e.getMessage() ); + } + } + } + } + } return authResult; } -- cgit v1.2.3