SEC-328: Avoid unnecessarily hitting backend a second time, if the cache wasn't used in first place.

2006-09-15 03:36:51 +00:00 · 2006-09-15 03:36:51 +00:00 · 5364db2c27
parent 53beadb7bf
commit 5364db2c27
1 changed files with 9 additions and 4 deletions
--- a/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/AbstractUserDetailsAuthenticationProvider.java
@ -145,10 +145,15 @@ public abstract class AbstractUserDetailsAuthenticationProvider implements Authe
        try {
            additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
        } catch (AuthenticationException exception) {
-            // There was a problem, so try again after checking we're using latest data
-            cacheWasUsed = false;
-            user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
-            additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
+        	if(cacheWasUsed) {
+                // There was a problem, so try again after checking
+        		// we're using latest data (ie not from the cache)
+                cacheWasUsed = false;
+                user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
+                additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
+        	} else {
+        		throw exception;
+		    }
        }

        if (!user.isCredentialsNonExpired()) {