for security reasons prevent displaying messages such "Password is Invalid for user admin"
git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1423699 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ceba9d2afe
commit
856e7d19ba
|
@ -27,21 +27,21 @@ public class AuthenticationConstants
|
||||||
{
|
{
|
||||||
|
|
||||||
// for User Manager Authenticator
|
// for User Manager Authenticator
|
||||||
public static final String AUTHN_NO_SUCH_USER = "1";
|
public static final int AUTHN_NO_SUCH_USER = 1;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @since 2.1
|
* @since 2.1
|
||||||
*/
|
*/
|
||||||
public static final String AUTHN_RUNTIME_EXCEPTION = "2";
|
public static final int AUTHN_RUNTIME_EXCEPTION = 2;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @since 2.1
|
* @since 2.1
|
||||||
*/
|
*/
|
||||||
public static final String AUTHN_LOCKED_USER_EXCEPTION = "3";
|
public static final int AUTHN_LOCKED_USER_EXCEPTION = 3;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @since 2.1
|
* @since 2.1
|
||||||
*/
|
*/
|
||||||
public static final String AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION = "4";
|
public static final int AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION = 4;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
package org.apache.archiva.redback.authentication;
|
||||||
|
/*
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* detail on possible authentication failure.
|
||||||
|
* @author Olivier Lamy
|
||||||
|
* @since 1.4-M4
|
||||||
|
*/
|
||||||
|
public class AuthenticationFailureCause
|
||||||
|
{
|
||||||
|
private int cause;
|
||||||
|
|
||||||
|
private String message;
|
||||||
|
|
||||||
|
public AuthenticationFailureCause( int cause, String message )
|
||||||
|
{
|
||||||
|
this.cause = cause;
|
||||||
|
this.message = message;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getCause()
|
||||||
|
{
|
||||||
|
return cause;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setCause( int cause )
|
||||||
|
{
|
||||||
|
this.cause = cause;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getMessage()
|
||||||
|
{
|
||||||
|
return message;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMessage( String message )
|
||||||
|
{
|
||||||
|
this.message = message;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString()
|
||||||
|
{
|
||||||
|
final StringBuilder sb = new StringBuilder();
|
||||||
|
sb.append( "AuthenticationFailureCause" );
|
||||||
|
sb.append( "{cause=" ).append( cause );
|
||||||
|
sb.append( ", message='" ).append( message ).append( '\'' );
|
||||||
|
sb.append( '}' );
|
||||||
|
return sb.toString();
|
||||||
|
}
|
||||||
|
}
|
|
@ -23,6 +23,7 @@ import org.apache.archiva.redback.users.User;
|
||||||
|
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -50,7 +51,7 @@ public class AuthenticationResult
|
||||||
// TODO: why aren't these just thrown from the authenticate() method?
|
// TODO: why aren't these just thrown from the authenticate() method?
|
||||||
private Exception exception;
|
private Exception exception;
|
||||||
|
|
||||||
private Map<String, String> exceptionsMap;
|
private List<AuthenticationFailureCause> authenticationFailureCauses;
|
||||||
|
|
||||||
public AuthenticationResult()
|
public AuthenticationResult()
|
||||||
{
|
{
|
||||||
|
@ -67,12 +68,12 @@ public class AuthenticationResult
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthenticationResult( boolean authenticated, String principal, Exception exception,
|
public AuthenticationResult( boolean authenticated, String principal, Exception exception,
|
||||||
Map<String, String> exceptionsMap )
|
List<AuthenticationFailureCause> authenticationFailureCauses )
|
||||||
{
|
{
|
||||||
isAuthenticated = authenticated;
|
isAuthenticated = authenticated;
|
||||||
this.principal = principal;
|
this.principal = principal;
|
||||||
this.exception = exception;
|
this.exception = exception;
|
||||||
this.exceptionsMap = exceptionsMap;
|
this.authenticationFailureCauses = authenticationFailureCauses;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isAuthenticated()
|
public boolean isAuthenticated()
|
||||||
|
@ -90,9 +91,9 @@ public class AuthenticationResult
|
||||||
return exception;
|
return exception;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Map<String, String> getExceptionsMap()
|
public List<AuthenticationFailureCause> getAuthenticationFailureCauses()
|
||||||
{
|
{
|
||||||
return exceptionsMap;
|
return authenticationFailureCauses;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -77,29 +77,31 @@ public class DefaultAuthenticationManager
|
||||||
}
|
}
|
||||||
|
|
||||||
// put AuthenticationResult exceptions in a map
|
// put AuthenticationResult exceptions in a map
|
||||||
Map<String, String> authnResultExceptionsMap = new HashMap<String, String>();
|
List<AuthenticationFailureCause> authnResultErrors = new ArrayList<AuthenticationFailureCause>();
|
||||||
for ( Authenticator authenticator : authenticators )
|
for ( Authenticator authenticator : authenticators )
|
||||||
{
|
{
|
||||||
if ( authenticator.supportsDataSource( source ) )
|
if ( authenticator.supportsDataSource( source ) )
|
||||||
{
|
{
|
||||||
AuthenticationResult authResult = authenticator.authenticate( source );
|
AuthenticationResult authResult = authenticator.authenticate( source );
|
||||||
Map<String, String> exceptionsMap = authResult.getExceptionsMap();
|
List<AuthenticationFailureCause> authenticationFailureCauses =
|
||||||
|
authResult.getAuthenticationFailureCauses();
|
||||||
|
|
||||||
if ( authResult.isAuthenticated() )
|
if ( authResult.isAuthenticated() )
|
||||||
{
|
{
|
||||||
return authResult;
|
return authResult;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( exceptionsMap != null )
|
if ( authenticationFailureCauses != null )
|
||||||
{
|
{
|
||||||
authnResultExceptionsMap.putAll( exceptionsMap );
|
authnResultErrors.addAll( authenticationFailureCauses );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if ( authResult.getException() != null )
|
if ( authResult.getException() != null )
|
||||||
{
|
{
|
||||||
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
authnResultErrors.add(
|
||||||
authResult.getException().getMessage() );
|
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
||||||
|
authResult.getException().getMessage() ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -108,7 +110,7 @@ public class DefaultAuthenticationManager
|
||||||
}
|
}
|
||||||
|
|
||||||
return ( new AuthenticationResult( false, null, new AuthenticationException(
|
return ( new AuthenticationResult( false, null, new AuthenticationException(
|
||||||
"authentication failed on authenticators: " + knownAuthenticators() ), authnResultExceptionsMap ) );
|
"authentication failed on authenticators: " + knownAuthenticators() ), authnResultErrors ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<Authenticator> getAuthenticators()
|
public List<Authenticator> getAuthenticators()
|
||||||
|
|
|
@ -23,6 +23,7 @@ import org.apache.archiva.redback.authentication.AbstractAuthenticator;
|
||||||
import org.apache.archiva.redback.authentication.AuthenticationConstants;
|
import org.apache.archiva.redback.authentication.AuthenticationConstants;
|
||||||
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
|
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
|
||||||
import org.apache.archiva.redback.authentication.AuthenticationException;
|
import org.apache.archiva.redback.authentication.AuthenticationException;
|
||||||
|
import org.apache.archiva.redback.authentication.AuthenticationFailureCause;
|
||||||
import org.apache.archiva.redback.authentication.AuthenticationResult;
|
import org.apache.archiva.redback.authentication.AuthenticationResult;
|
||||||
import org.apache.archiva.redback.authentication.Authenticator;
|
import org.apache.archiva.redback.authentication.Authenticator;
|
||||||
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
|
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
|
||||||
|
@ -41,7 +42,9 @@ import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
import javax.inject.Inject;
|
import javax.inject.Inject;
|
||||||
import javax.inject.Named;
|
import javax.inject.Named;
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -84,7 +87,7 @@ public class UserManagerAuthenticator
|
||||||
String username = null;
|
String username = null;
|
||||||
Exception resultException = null;
|
Exception resultException = null;
|
||||||
PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
|
PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
|
||||||
Map<String, String> authnResultExceptionsMap = new HashMap<String, String>();
|
List<AuthenticationFailureCause> authenticationFailureCauses = new ArrayList<AuthenticationFailureCause>();
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
@ -134,8 +137,9 @@ public class UserManagerAuthenticator
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
log.warn( "Password is Invalid for user {}.", source.getPrincipal() );
|
log.warn( "Password is Invalid for user {}.", source.getPrincipal() );
|
||||||
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
|
authenticationFailureCauses.add(
|
||||||
"Password is Invalid for user " + source.getPrincipal() + "." );
|
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_NO_SUCH_USER,
|
||||||
|
"Password is Invalid for user " + source.getPrincipal() + "." ) );
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
@ -146,26 +150,29 @@ public class UserManagerAuthenticator
|
||||||
userManager.updateUser( user );
|
userManager.updateUser( user );
|
||||||
}
|
}
|
||||||
|
|
||||||
return new AuthenticationResult( false, source.getPrincipal(), null, authnResultExceptionsMap );
|
return new AuthenticationResult( false, source.getPrincipal(), null, authenticationFailureCauses );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch ( UserNotFoundException e )
|
catch ( UserNotFoundException e )
|
||||||
{
|
{
|
||||||
log.warn( "Login for user {} failed. user not found.", source.getPrincipal() );
|
log.warn( "Login for user {} failed. user not found.", source.getPrincipal() );
|
||||||
resultException = e;
|
resultException = e;
|
||||||
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
|
authenticationFailureCauses.add( new AuthenticationFailureCause( AuthenticationConstants.AUTHN_NO_SUCH_USER,
|
||||||
"Login for user " + source.getPrincipal() + " failed. user not found." );
|
"Login for user " + source.getPrincipal()
|
||||||
|
+ " failed. user not found." ) );
|
||||||
}
|
}
|
||||||
catch ( UserManagerException e )
|
catch ( UserManagerException e )
|
||||||
{
|
{
|
||||||
log.warn( "Login for user {} failed, message: {}", source.getPrincipal(), e.getMessage() );
|
log.warn( "Login for user {} failed, message: {}", source.getPrincipal(), e.getMessage() );
|
||||||
resultException = e;
|
resultException = e;
|
||||||
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
authenticationFailureCauses.add(
|
||||||
|
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
||||||
"Login for user " + source.getPrincipal() + " failed, message: "
|
"Login for user " + source.getPrincipal() + " failed, message: "
|
||||||
+ e.getMessage() );
|
+ e.getMessage() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return new AuthenticationResult( authenticationSuccess, username, resultException, authnResultExceptionsMap );
|
return new AuthenticationResult( authenticationSuccess, username, resultException,
|
||||||
|
authenticationFailureCauses );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -19,7 +19,9 @@ package org.apache.archiva.redback.rest.services;
|
||||||
* under the License.
|
* under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
import org.apache.archiva.redback.authentication.AuthenticationConstants;
|
||||||
import org.apache.archiva.redback.authentication.AuthenticationException;
|
import org.apache.archiva.redback.authentication.AuthenticationException;
|
||||||
|
import org.apache.archiva.redback.authentication.AuthenticationFailureCause;
|
||||||
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
|
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
|
||||||
import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
|
import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
|
||||||
import org.apache.archiva.redback.keys.AuthenticationKey;
|
import org.apache.archiva.redback.keys.AuthenticationKey;
|
||||||
|
@ -59,7 +61,7 @@ import java.util.TimeZone;
|
||||||
* @author Olivier Lamy
|
* @author Olivier Lamy
|
||||||
* @since 1.3
|
* @since 1.3
|
||||||
*/
|
*/
|
||||||
@Service( "loginService#rest" )
|
@Service("loginService#rest")
|
||||||
public class DefaultLoginService
|
public class DefaultLoginService
|
||||||
implements LoginService
|
implements LoginService
|
||||||
{
|
{
|
||||||
|
@ -75,7 +77,7 @@ public class DefaultLoginService
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
public DefaultLoginService( SecuritySystem securitySystem,
|
public DefaultLoginService( SecuritySystem securitySystem,
|
||||||
@Named( "httpAuthenticator#basic" ) HttpAuthenticator httpAuthenticator )
|
@Named("httpAuthenticator#basic") HttpAuthenticator httpAuthenticator )
|
||||||
{
|
{
|
||||||
this.securitySystem = securitySystem;
|
this.securitySystem = securitySystem;
|
||||||
this.httpAuthenticator = httpAuthenticator;
|
this.httpAuthenticator = httpAuthenticator;
|
||||||
|
@ -152,12 +154,19 @@ public class DefaultLoginService
|
||||||
return restUser;
|
return restUser;
|
||||||
}
|
}
|
||||||
if ( securitySession.getAuthenticationResult() != null
|
if ( securitySession.getAuthenticationResult() != null
|
||||||
&& securitySession.getAuthenticationResult().getExceptionsMap() != null )
|
&& securitySession.getAuthenticationResult().getAuthenticationFailureCauses() != null )
|
||||||
{
|
{
|
||||||
List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>();
|
List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>();
|
||||||
for ( Map.Entry<String, String> entry : securitySession.getAuthenticationResult().getExceptionsMap().entrySet() )
|
for ( AuthenticationFailureCause authenticationFailureCause : securitySession.getAuthenticationResult().getAuthenticationFailureCauses() )
|
||||||
{
|
{
|
||||||
errorMessages.add( new ErrorMessage().message( entry.getValue() ) );
|
if ( authenticationFailureCause.getCause() == AuthenticationConstants.AUTHN_NO_SUCH_USER )
|
||||||
|
{
|
||||||
|
errorMessages.add( new ErrorMessage( "incorrect.username.password" ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
errorMessages.add( new ErrorMessage().message( authenticationFailureCause.getMessage() ) );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new RedbackServiceException( errorMessages );
|
throw new RedbackServiceException( errorMessages );
|
||||||
|
|
Loading…
Reference in New Issue