Issue Details (XML | Word | Printable)

Key: JS2-221
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Critical Critical
Assignee: Ate Douma
Reporter: Jian Liao
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Jetspeed 2

Current SecurityAccess Implementation prevent mutli-authentication provider mechanism work

Created: 18/Mar/05 03:38 PM   Updated: 03/Apr/05 07:08 AM
Return to search
Component/s: Security
Affects Version/s: 2.0-M2
Fix Version/s: 2.0-dev/cvs, 2.0-M2

Time Tracking:
Not Specified

Environment:
Microsoft Windows XP with SP2
J2SDK 1.4.2_07

Resolution Date: 03/Apr/05 07:08 AM


 Description  « Hide
When I have two authentication providers(database authentication provider and ldap authentication provider). At the first time, I login with an principal which is defined in the ldap, I can successfully login. For the second time, this user's authentication provider will change to the default database, cause J2 will create an mapping only principal in table SECURITY_PRINCIPAL. Of course, I fail to login.

I think it should not return the database authentication provider, it should return the real authentication provider.

I change the code in class: org.apache.jetspeed.security.spi.impl.SecurityAccessImpl
The orginal code:
    /**
     * <p>
     * Returns if a Internal UserPrincipal is defined for the user name.
     * </p>
     *
     * @param username The user name.
     * @return true if the user is known
     */
    public boolean isKnownUser(String username)
    {
        UserPrincipal userPrincipal = new UserPrincipalImpl(username);
        String fullPath = userPrincipal.getFullPath();
        // Get user.
        Criteria filter = new Criteria();
        filter.addEqualTo("fullPath", fullPath);
        Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter);
        return getPersistenceBrokerTemplate().getCount(query) == 1;
    }

Code after I modified:
/**
     * <p>
     * Returns if a Internal UserPrincipal is defined for the user name.
     * The Jetspeed 2 implementation does not distinguish if this user
     * is a Mapping_Only user. I think we have to distinguish it cause it will
     * return the wrong Authentication Provider.
     *
     * An alternative solution is: we binding the username and Authentication Provider
     * for the first time login, then cache it in the memory or something,
     * then we don't need to change here.
     * </p>
     *
     * @param username The user name.
     * @return true if the user is known
     */
public boolean isKnownUser(String username) {
UserPrincipal userPrincipal = new UserPrincipalImpl(username);
        String fullPath = userPrincipal.getFullPath();
        // Get user.
        Criteria filter = new Criteria();
        // fullPath must be equal.
        filter.addEqualTo("fullPath", fullPath);
        // The isMappingOnly must not be true.
        // We don't need the mapping only user, mapping user can't be authenticated with this provider.
        // we just need the true user.
        filter.addEqualTo("isMappingOnly", Boolean.FALSE);
        Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter);
        return getPersistenceBrokerTemplate().getCount(query) == 1;
}

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Ate Douma added a comment - 03/Apr/05 07:08 AM
Fix applied, thanks!

Ate Douma made changes - 03/Apr/05 07:08 AM
Field Original Value New Value
Fix Version/s 2.0-M2 [ 11015 ]
Fix Version/s 2.0-dev/cvs [ 10598 ]
Resolution Fixed [ 1 ]
Status Open [ 1 ] Closed [ 6 ]
Assignee Ate Douma [ adouma ]

Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators