[#JS2-221] Current SecurityAccess Implementation prevent mutli-authentication provider mechanism work

Jetspeed 2

Current SecurityAccess Implementation prevent mutli-authentication provider mechanism work

Created: 18/Mar/05 03:38 PM Updated: 03/Apr/05 07:08 AM

Return to search

Component/s:

Security

Affects Version/s:

2.0-M2

Fix Version/s:

2.0-dev/cvs, 2.0-M2

Time Tracking:

Not Specified

Environment:

« Hide

Microsoft Windows XP with SP2
J2SDK 1.4.2_07

Resolution Date:

03/Apr/05 07:08 AM

Description

« Hide

When I have two authentication providers(database authentication provider and ldap authentication provider). At the first time, I login with an principal which is defined in the ldap, I can successfully login. For the second time, this user's authentication provider will change to the default database, cause J2 will create an mapping only principal in table SECURITY_PRINCIPAL. Of course, I fail to login.

I think it should not return the database authentication provider, it should return the real authentication provider.

I change the code in class: org.apache.jetspeed.security.spi.impl.SecurityAccessImpl
The orginal code:
 /**
 * 
 * Returns if a Internal UserPrincipal is defined for the user name.
 * 
 *
 * @param username The user name.
 * @return true if the user is known
 */
 public boolean isKnownUser(String username)
 {
 UserPrincipal userPrincipal = new UserPrincipalImpl(username);
 String fullPath = userPrincipal.getFullPath();
 // Get user.
 Criteria filter = new Criteria();
 filter.addEqualTo("fullPath", fullPath);
 Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter);
 return getPersistenceBrokerTemplate().getCount(query) == 1;
 }

Code after I modified:
/**
 * 
 * Returns if a Internal UserPrincipal is defined for the user name.
 * The Jetspeed 2 implementation does not distinguish if this user
 * is a Mapping_Only user. I think we have to distinguish it cause it will
 * return the wrong Authentication Provider.
 *
 * An alternative solution is: we binding the username and Authentication Provider
 * for the first time login, then cache it in the memory or something,
 * then we don't need to change here.
 * 
 *
 * @param username The user name.
 * @return true if the user is known
 */
public boolean isKnownUser(String username) {
UserPrincipal userPrincipal = new UserPrincipalImpl(username);
 String fullPath = userPrincipal.getFullPath();
 // Get user.
 Criteria filter = new Criteria();
 // fullPath must be equal.
 filter.addEqualTo("fullPath", fullPath);
 // The isMappingOnly must not be true.
 // We don't need the mapping only user, mapping user can't be authenticated with this provider.
 // we just need the true user.
 filter.addEqualTo("isMappingOnly", Boolean.FALSE);
 Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter);
 return getPersistenceBrokerTemplate().getCount(query) == 1;
}

Description

When I have two authentication providers(database authentication provider and ldap authentication provider). At the first time, I login with an principal which is defined in the ldap, I can successfully login. For the second time, this user's authentication provider will change to the default database, cause J2 will create an mapping only principal in table SECURITY_PRINCIPAL. Of course, I fail to login. I think it should not return the database authentication provider, it should return the real authentication provider. I change the code in class: org.apache.jetspeed.security.spi.impl.SecurityAccessImpl The orginal code: /** * * Returns if a Internal UserPrincipal is defined for the user name. * * * @param username The user name. * @return true if the user is known */ public boolean isKnownUser(String username) { UserPrincipal userPrincipal = new UserPrincipalImpl(username); String fullPath = userPrincipal.getFullPath(); // Get user. Criteria filter = new Criteria(); filter.addEqualTo("fullPath", fullPath); Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter); return getPersistenceBrokerTemplate().getCount(query) == 1; } Code after I modified: /** * * Returns if a Internal UserPrincipal is defined for the user name. * The Jetspeed 2 implementation does not distinguish if this user * is a Mapping_Only user. I think we have to distinguish it cause it will * return the wrong Authentication Provider. * * An alternative solution is: we binding the username and Authentication Provider * for the first time login, then cache it in the memory or something, * then we don't need to change here. * * * @param username The user name. * @return true if the user is known */ public boolean isKnownUser(String username) { UserPrincipal userPrincipal = new UserPrincipalImpl(username); String fullPath = userPrincipal.getFullPath(); // Get user. Criteria filter = new Criteria(); // fullPath must be equal. filter.addEqualTo("fullPath", fullPath); // The isMappingOnly must not be true. // We don't need the mapping only user, mapping user can't be authenticated with this provider. // we just need the true user. filter.addEqualTo("isMappingOnly", Boolean.FALSE); Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter); return getPersistenceBrokerTemplate().getCount(query) == 1; }

Show »

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

Ate Douma added a comment - 03/Apr/05 07:08 AM

Fix applied, thanks!