[ http://issues.apache.org/jira/browse/JS2-221?page=history ] Ate Douma closed JS2-221: -------------------------
Assign To: Ate Douma Resolution: Fixed Fix Version: 2.0-dev/cvs 2.0-M2 Fix applied, thanks! > Current SecurityAccess Implementation prevent mutli-authentication provider > mechanism work > ------------------------------------------------------------------------------------------ > > Key: JS2-221 > URL: http://issues.apache.org/jira/browse/JS2-221 > Project: Jetspeed 2 > Type: Bug > Components: Security > Versions: 2.0-M2 > Environment: Microsoft Windows XP with SP2 > J2SDK 1.4.2_07 > Reporter: JamesLiao > Assignee: Ate Douma > Priority: Critical > Fix For: 2.0-dev/cvs, 2.0-M2 > > When I have two authentication providers(database authentication provider and > ldap authentication provider). At the first time, I login with an principal > which is defined in the ldap, I can successfully login. For the second time, > this user's authentication provider will change to the default database, > cause J2 will create an mapping only principal in table SECURITY_PRINCIPAL. > Of course, I fail to login. > I think it should not return the database authentication provider, it should > return the real authentication provider. > I change the code in class: > org.apache.jetspeed.security.spi.impl.SecurityAccessImpl > The orginal code: > /** > * <p> > * Returns if a Internal UserPrincipal is defined for the user name. > * </p> > * > * @param username The user name. > * @return true if the user is known > */ > public boolean isKnownUser(String username) > { > UserPrincipal userPrincipal = new UserPrincipalImpl(username); > String fullPath = userPrincipal.getFullPath(); > // Get user. > Criteria filter = new Criteria(); > filter.addEqualTo("fullPath", fullPath); > Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, > filter); > return getPersistenceBrokerTemplate().getCount(query) == 1; > } > Code after I modified: > /** > * <p> > * Returns if a Internal UserPrincipal is defined for the user name. > * The Jetspeed 2 implementation does not distinguish if this user > * is a Mapping_Only user. I think we have to distinguish it cause it will > * return the wrong Authentication Provider. > * > * An alternative solution is: we binding the username and Authentication > Provider > * for the first time login, then cache it in the memory or something, > * then we don't need to change here. > * </p> > * > * @param username The user name. > * @return true if the user is known > */ > public boolean isKnownUser(String username) { > UserPrincipal userPrincipal = new UserPrincipalImpl(username); > String fullPath = userPrincipal.getFullPath(); > // Get user. > Criteria filter = new Criteria(); > // fullPath must be equal. > filter.addEqualTo("fullPath", fullPath); > // The isMappingOnly must not be true. > // We don't need the mapping only user, mapping user can't be > authenticated with this provider. > // we just need the true user. > filter.addEqualTo("isMappingOnly", Boolean.FALSE); > Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, > filter); > return getPersistenceBrokerTemplate().getCount(query) == 1; > } -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]