Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-1987

Only one authenticator of particular type is (randomly) configured during initialization

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0-M17
    • 2.0.0-M20
    • authn
    • None

    Description

      I've developed a custom authenticator of type SIMPLE. ApacheDS already has a default SimpleAuthenticator. I've added my authenticator to the configuration at ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config

      Authenticator gets created (constructor is called) but the doInit method gets called only once sometime, and then with null directory service. Sometimes everything just works.

      I debugged the issue and found the following piece of code in AuthenticationInterceptor.register:

              Collection<Authenticator> authenticatorList = getAuthenticators( authenticator.getAuthenticatorType() );
      
              if ( authenticatorList == null )
              {
                  authenticatorList = new ArrayList<Authenticator>();
                  authenticatorsMapByType.put( authenticator.getAuthenticatorType(), authenticatorList );
                  authenticators.add( authenticator );
              }
      
              if ( !authenticatorList.contains( authenticator ) )
              {
                  authenticatorList.add( authenticator );
              }
      

      1. It first gets a list of existing authenticator of particular type. Let's say there is already one authenticator of such type (say SimpleAuthenticator). The list will be non-empty
      2. Because the list is non-empty, the if statement is skipped
      3. Because the list does not contain the second authenticator, it gets added to the list. This list is in the map authenticatorsMapByType, so the authenticator is registered in the map-by-type

      BUT, since the if statement was skipped, the second authenticator is not added to the list of all authenticators at "this.authenticators". So when the authenticators are later initialized with directoryService and invoked, the second authenticator is not in action.

      The randomness of the behavior is associated with the order of authenticators which are passed in into AuthenticationInterceptor.setAuthenticators. If my authenticator is the first one, SimpleAuthenticator will be skipped. If my one is the second, it gets skipped.

      I'm not sure what is the expected behavior, but if all authenticators should be active, the code should be modified as follows:

              Collection<Authenticator> authenticatorList = getAuthenticators( authenticator.getAuthenticatorType() );
      
              if ( authenticatorList == null )
              {
                  authenticatorList = new ArrayList<Authenticator>();
                  authenticatorsMapByType.put( authenticator.getAuthenticatorType(), authenticatorList );
              }
      
              if ( !authenticatorList.contains( authenticator ) )
              {
                  authenticatorList.add( authenticator );
                  authenticators.add( authenticator );
              }
      

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              denismo Denis Mikhalkin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: