for security reasons prevent displaying messages such "Password is Invalid for user admin"
git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1423699 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ceba9d2afe
commit
856e7d19ba
|
@ -27,21 +27,21 @@ public class AuthenticationConstants
|
|||
{
|
||||
|
||||
// for User Manager Authenticator
|
||||
public static final String AUTHN_NO_SUCH_USER = "1";
|
||||
public static final int AUTHN_NO_SUCH_USER = 1;
|
||||
|
||||
/**
|
||||
* @since 2.1
|
||||
*/
|
||||
public static final String AUTHN_RUNTIME_EXCEPTION = "2";
|
||||
public static final int AUTHN_RUNTIME_EXCEPTION = 2;
|
||||
|
||||
/**
|
||||
* @since 2.1
|
||||
*/
|
||||
public static final String AUTHN_LOCKED_USER_EXCEPTION = "3";
|
||||
public static final int AUTHN_LOCKED_USER_EXCEPTION = 3;
|
||||
|
||||
/**
|
||||
* @since 2.1
|
||||
*/
|
||||
public static final String AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION = "4";
|
||||
public static final int AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION = 4;
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
package org.apache.archiva.redback.authentication;
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
/**
|
||||
* detail on possible authentication failure.
|
||||
* @author Olivier Lamy
|
||||
* @since 1.4-M4
|
||||
*/
|
||||
public class AuthenticationFailureCause
|
||||
{
|
||||
private int cause;
|
||||
|
||||
private String message;
|
||||
|
||||
public AuthenticationFailureCause( int cause, String message )
|
||||
{
|
||||
this.cause = cause;
|
||||
this.message = message;
|
||||
}
|
||||
|
||||
public int getCause()
|
||||
{
|
||||
return cause;
|
||||
}
|
||||
|
||||
public void setCause( int cause )
|
||||
{
|
||||
this.cause = cause;
|
||||
}
|
||||
|
||||
public String getMessage()
|
||||
{
|
||||
return message;
|
||||
}
|
||||
|
||||
public void setMessage( String message )
|
||||
{
|
||||
this.message = message;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString()
|
||||
{
|
||||
final StringBuilder sb = new StringBuilder();
|
||||
sb.append( "AuthenticationFailureCause" );
|
||||
sb.append( "{cause=" ).append( cause );
|
||||
sb.append( ", message='" ).append( message ).append( '\'' );
|
||||
sb.append( '}' );
|
||||
return sb.toString();
|
||||
}
|
||||
}
|
|
@ -23,6 +23,7 @@ import org.apache.archiva.redback.users.User;
|
|||
|
||||
import java.io.Serializable;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
|
@ -50,7 +51,7 @@ public class AuthenticationResult
|
|||
// TODO: why aren't these just thrown from the authenticate() method?
|
||||
private Exception exception;
|
||||
|
||||
private Map<String, String> exceptionsMap;
|
||||
private List<AuthenticationFailureCause> authenticationFailureCauses;
|
||||
|
||||
public AuthenticationResult()
|
||||
{
|
||||
|
@ -67,12 +68,12 @@ public class AuthenticationResult
|
|||
}
|
||||
|
||||
public AuthenticationResult( boolean authenticated, String principal, Exception exception,
|
||||
Map<String, String> exceptionsMap )
|
||||
List<AuthenticationFailureCause> authenticationFailureCauses )
|
||||
{
|
||||
isAuthenticated = authenticated;
|
||||
this.principal = principal;
|
||||
this.exception = exception;
|
||||
this.exceptionsMap = exceptionsMap;
|
||||
this.authenticationFailureCauses = authenticationFailureCauses;
|
||||
}
|
||||
|
||||
public boolean isAuthenticated()
|
||||
|
@ -90,9 +91,9 @@ public class AuthenticationResult
|
|||
return exception;
|
||||
}
|
||||
|
||||
public Map<String, String> getExceptionsMap()
|
||||
public List<AuthenticationFailureCause> getAuthenticationFailureCauses()
|
||||
{
|
||||
return exceptionsMap;
|
||||
return authenticationFailureCauses;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -77,29 +77,31 @@ public class DefaultAuthenticationManager
|
|||
}
|
||||
|
||||
// put AuthenticationResult exceptions in a map
|
||||
Map<String, String> authnResultExceptionsMap = new HashMap<String, String>();
|
||||
List<AuthenticationFailureCause> authnResultErrors = new ArrayList<AuthenticationFailureCause>();
|
||||
for ( Authenticator authenticator : authenticators )
|
||||
{
|
||||
if ( authenticator.supportsDataSource( source ) )
|
||||
{
|
||||
AuthenticationResult authResult = authenticator.authenticate( source );
|
||||
Map<String, String> exceptionsMap = authResult.getExceptionsMap();
|
||||
List<AuthenticationFailureCause> authenticationFailureCauses =
|
||||
authResult.getAuthenticationFailureCauses();
|
||||
|
||||
if ( authResult.isAuthenticated() )
|
||||
{
|
||||
return authResult;
|
||||
}
|
||||
|
||||
if ( exceptionsMap != null )
|
||||
if ( authenticationFailureCauses != null )
|
||||
{
|
||||
authnResultExceptionsMap.putAll( exceptionsMap );
|
||||
authnResultErrors.addAll( authenticationFailureCauses );
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( authResult.getException() != null )
|
||||
{
|
||||
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
||||
authResult.getException().getMessage() );
|
||||
authnResultErrors.add(
|
||||
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
||||
authResult.getException().getMessage() ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -108,7 +110,7 @@ public class DefaultAuthenticationManager
|
|||
}
|
||||
|
||||
return ( new AuthenticationResult( false, null, new AuthenticationException(
|
||||
"authentication failed on authenticators: " + knownAuthenticators() ), authnResultExceptionsMap ) );
|
||||
"authentication failed on authenticators: " + knownAuthenticators() ), authnResultErrors ) );
|
||||
}
|
||||
|
||||
public List<Authenticator> getAuthenticators()
|
||||
|
|
|
@ -23,6 +23,7 @@ import org.apache.archiva.redback.authentication.AbstractAuthenticator;
|
|||
import org.apache.archiva.redback.authentication.AuthenticationConstants;
|
||||
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
|
||||
import org.apache.archiva.redback.authentication.AuthenticationException;
|
||||
import org.apache.archiva.redback.authentication.AuthenticationFailureCause;
|
||||
import org.apache.archiva.redback.authentication.AuthenticationResult;
|
||||
import org.apache.archiva.redback.authentication.Authenticator;
|
||||
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
|
||||
|
@ -41,7 +42,9 @@ import org.springframework.stereotype.Service;
|
|||
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Named;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
|
@ -84,7 +87,7 @@ public class UserManagerAuthenticator
|
|||
String username = null;
|
||||
Exception resultException = null;
|
||||
PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
|
||||
Map<String, String> authnResultExceptionsMap = new HashMap<String, String>();
|
||||
List<AuthenticationFailureCause> authenticationFailureCauses = new ArrayList<AuthenticationFailureCause>();
|
||||
|
||||
try
|
||||
{
|
||||
|
@ -134,8 +137,9 @@ public class UserManagerAuthenticator
|
|||
else
|
||||
{
|
||||
log.warn( "Password is Invalid for user {}.", source.getPrincipal() );
|
||||
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
|
||||
"Password is Invalid for user " + source.getPrincipal() + "." );
|
||||
authenticationFailureCauses.add(
|
||||
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_NO_SUCH_USER,
|
||||
"Password is Invalid for user " + source.getPrincipal() + "." ) );
|
||||
|
||||
try
|
||||
{
|
||||
|
@ -146,26 +150,29 @@ public class UserManagerAuthenticator
|
|||
userManager.updateUser( user );
|
||||
}
|
||||
|
||||
return new AuthenticationResult( false, source.getPrincipal(), null, authnResultExceptionsMap );
|
||||
return new AuthenticationResult( false, source.getPrincipal(), null, authenticationFailureCauses );
|
||||
}
|
||||
}
|
||||
catch ( UserNotFoundException e )
|
||||
{
|
||||
log.warn( "Login for user {} failed. user not found.", source.getPrincipal() );
|
||||
resultException = e;
|
||||
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
|
||||
"Login for user " + source.getPrincipal() + " failed. user not found." );
|
||||
authenticationFailureCauses.add( new AuthenticationFailureCause( AuthenticationConstants.AUTHN_NO_SUCH_USER,
|
||||
"Login for user " + source.getPrincipal()
|
||||
+ " failed. user not found." ) );
|
||||
}
|
||||
catch ( UserManagerException e )
|
||||
{
|
||||
log.warn( "Login for user {} failed, message: {}", source.getPrincipal(), e.getMessage() );
|
||||
resultException = e;
|
||||
authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
||||
authenticationFailureCauses.add(
|
||||
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
|
||||
"Login for user " + source.getPrincipal() + " failed, message: "
|
||||
+ e.getMessage() );
|
||||
+ e.getMessage() ) );
|
||||
}
|
||||
|
||||
return new AuthenticationResult( authenticationSuccess, username, resultException, authnResultExceptionsMap );
|
||||
return new AuthenticationResult( authenticationSuccess, username, resultException,
|
||||
authenticationFailureCauses );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -19,7 +19,9 @@ package org.apache.archiva.redback.rest.services;
|
|||
* under the License.
|
||||
*/
|
||||
|
||||
import org.apache.archiva.redback.authentication.AuthenticationConstants;
|
||||
import org.apache.archiva.redback.authentication.AuthenticationException;
|
||||
import org.apache.archiva.redback.authentication.AuthenticationFailureCause;
|
||||
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
|
||||
import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
|
||||
import org.apache.archiva.redback.keys.AuthenticationKey;
|
||||
|
@ -59,7 +61,7 @@ import java.util.TimeZone;
|
|||
* @author Olivier Lamy
|
||||
* @since 1.3
|
||||
*/
|
||||
@Service( "loginService#rest" )
|
||||
@Service("loginService#rest")
|
||||
public class DefaultLoginService
|
||||
implements LoginService
|
||||
{
|
||||
|
@ -75,7 +77,7 @@ public class DefaultLoginService
|
|||
|
||||
@Inject
|
||||
public DefaultLoginService( SecuritySystem securitySystem,
|
||||
@Named( "httpAuthenticator#basic" ) HttpAuthenticator httpAuthenticator )
|
||||
@Named("httpAuthenticator#basic") HttpAuthenticator httpAuthenticator )
|
||||
{
|
||||
this.securitySystem = securitySystem;
|
||||
this.httpAuthenticator = httpAuthenticator;
|
||||
|
@ -152,12 +154,19 @@ public class DefaultLoginService
|
|||
return restUser;
|
||||
}
|
||||
if ( securitySession.getAuthenticationResult() != null
|
||||
&& securitySession.getAuthenticationResult().getExceptionsMap() != null )
|
||||
&& securitySession.getAuthenticationResult().getAuthenticationFailureCauses() != null )
|
||||
{
|
||||
List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>();
|
||||
for ( Map.Entry<String, String> entry : securitySession.getAuthenticationResult().getExceptionsMap().entrySet() )
|
||||
for ( AuthenticationFailureCause authenticationFailureCause : securitySession.getAuthenticationResult().getAuthenticationFailureCauses() )
|
||||
{
|
||||
errorMessages.add( new ErrorMessage().message( entry.getValue() ) );
|
||||
if ( authenticationFailureCause.getCause() == AuthenticationConstants.AUTHN_NO_SUCH_USER )
|
||||
{
|
||||
errorMessages.add( new ErrorMessage( "incorrect.username.password" ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
errorMessages.add( new ErrorMessage().message( authenticationFailureCause.getMessage() ) );
|
||||
}
|
||||
}
|
||||
|
||||
throw new RedbackServiceException( errorMessages );
|
||||
|
|
Loading…
Reference in New Issue