Current SecurityAccess Implementation prevent mutli-authentication provider
mechanism work
------------------------------------------------------------------------------------------
Key: JS2-221
URL: http://issues.apache.org/jira/browse/JS2-221
Project: Jetspeed 2
Type: Bug
Components: Security
Versions: 2.0-M2
Environment: Microsoft Windows XP with SP2
J2SDK 1.4.2_07
Reporter: JamesLiao
Priority: Critical
When I have two authentication providers(database authentication provider and
ldap authentication provider). At the first time, I login with an principal
which is defined in the ldap, I can successfully login. For the second time,
this user's authentication provider will change to the default database, cause
J2 will create an mapping only principal in table SECURITY_PRINCIPAL. Of
course, I fail to login.
I think it should not return the database authentication provider, it should
return the real authentication provider.
I change the code in class:
org.apache.jetspeed.security.spi.impl.SecurityAccessImpl
The orginal code:
/**
* <p>
* Returns if a Internal UserPrincipal is defined for the user name.
* </p>
*
* @param username The user name.
* @return true if the user is known
*/
public boolean isKnownUser(String username)
{
UserPrincipal userPrincipal = new UserPrincipalImpl(username);
String fullPath = userPrincipal.getFullPath();
// Get user.
Criteria filter = new Criteria();
filter.addEqualTo("fullPath", fullPath);
Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class,
filter);
return getPersistenceBrokerTemplate().getCount(query) == 1;
}
Code after I modified:
/**
* <p>
* Returns if a Internal UserPrincipal is defined for the user name.
* The Jetspeed 2 implementation does not distinguish if this user
* is a Mapping_Only user. I think we have to distinguish it cause it will
* return the wrong Authentication Provider.
*
* An alternative solution is: we binding the username and Authentication
Provider
* for the first time login, then cache it in the memory or something,
* then we don't need to change here.
* </p>
*
* @param username The user name.
* @return true if the user is known
*/
public boolean isKnownUser(String username) {
UserPrincipal userPrincipal = new UserPrincipalImpl(username);
String fullPath = userPrincipal.getFullPath();
// Get user.
Criteria filter = new Criteria();
// fullPath must be equal.
filter.addEqualTo("fullPath", fullPath);
// The isMappingOnly must not be true.
// We don't need the mapping only user, mapping user can't be
authenticated with this provider.
// we just need the true user.
filter.addEqualTo("isMappingOnly", Boolean.FALSE);
Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class,
filter);
return getPersistenceBrokerTemplate().getCount(query) == 1;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
