Current SecurityAccess Implementation prevent mutli-authentication provider mechanism work ------------------------------------------------------------------------------------------
Key: JS2-221 URL: http://issues.apache.org/jira/browse/JS2-221 Project: Jetspeed 2 Type: Bug Components: Security Versions: 2.0-M2 Environment: Microsoft Windows XP with SP2 J2SDK 1.4.2_07 Reporter: JamesLiao Priority: Critical When I have two authentication providers(database authentication provider and ldap authentication provider). At the first time, I login with an principal which is defined in the ldap, I can successfully login. For the second time, this user's authentication provider will change to the default database, cause J2 will create an mapping only principal in table SECURITY_PRINCIPAL. Of course, I fail to login. I think it should not return the database authentication provider, it should return the real authentication provider. I change the code in class: org.apache.jetspeed.security.spi.impl.SecurityAccessImpl The orginal code: /** * <p> * Returns if a Internal UserPrincipal is defined for the user name. * </p> * * @param username The user name. * @return true if the user is known */ public boolean isKnownUser(String username) { UserPrincipal userPrincipal = new UserPrincipalImpl(username); String fullPath = userPrincipal.getFullPath(); // Get user. Criteria filter = new Criteria(); filter.addEqualTo("fullPath", fullPath); Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter); return getPersistenceBrokerTemplate().getCount(query) == 1; } Code after I modified: /** * <p> * Returns if a Internal UserPrincipal is defined for the user name. * The Jetspeed 2 implementation does not distinguish if this user * is a Mapping_Only user. I think we have to distinguish it cause it will * return the wrong Authentication Provider. * * An alternative solution is: we binding the username and Authentication Provider * for the first time login, then cache it in the memory or something, * then we don't need to change here. * </p> * * @param username The user name. * @return true if the user is known */ public boolean isKnownUser(String username) { UserPrincipal userPrincipal = new UserPrincipalImpl(username); String fullPath = userPrincipal.getFullPath(); // Get user. Criteria filter = new Criteria(); // fullPath must be equal. filter.addEqualTo("fullPath", fullPath); // The isMappingOnly must not be true. // We don't need the mapping only user, mapping user can't be authenticated with this provider. // we just need the true user. filter.addEqualTo("isMappingOnly", Boolean.FALSE); Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter); return getPersistenceBrokerTemplate().getCount(query) == 1; } -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]