From 475f25c7875f8b1bc4e29557288e4587f82827fb Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 24 Apr 2014 16:35:58 -0500 Subject: [PATCH] SEC-2571: Failure in UserDetailsService->InternalAuthenticationServiceException --- .../authentication/dao/DaoAuthenticationProvider.java | 5 +++-- .../authentication/dao/DaoAuthenticationProviderTests.java | 6 +++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java index 6753c6a3dd..8c34cc4197 100644 --- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java @@ -18,6 +18,7 @@ package org.springframework.security.authentication.dao; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.InternalAuthenticationServiceException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.encoding.PasswordEncoder; import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder; @@ -106,11 +107,11 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication } throw notFound; } catch (Exception repositoryProblem) { - throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem); + throw new InternalAuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem); } if (loadedUser == null) { - throw new AuthenticationServiceException( + throw new InternalAuthenticationServiceException( "UserDetailsService returned null, which is an interface contract violation"); } return loadedUser; diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java index ee95703d77..cf28565fd1 100644 --- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java @@ -34,6 +34,7 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.CredentialsExpiredException; import org.springframework.security.authentication.DisabledException; +import org.springframework.security.authentication.InternalAuthenticationServiceException; import org.springframework.security.authentication.LockedException; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -172,9 +173,8 @@ public class DaoAuthenticationProviderTests extends TestCase { try { provider.authenticate(token); - fail("Should have thrown AuthenticationServiceException"); - } catch (AuthenticationServiceException expected) { - assertTrue(true); + fail("Should have thrown InternalAuthenticationServiceException"); + } catch (InternalAuthenticationServiceException expected) { } }