Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1940: ProviderManager publishes any AccountStatusException 

Previously there was a bug introduced by SEC-546 that prevented any
AccountStatusException from being published.

Now AccountStatusExceptions are also published.
This commit is contained in:
Rob Winch 2012-07-30 14:09:50 -05:00
parent a0572418e6
commit 734188206d
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/springframework/security/authentication/ProviderManager.java
View File

@ -197,7 +197,6 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
new Object[] {toTest.getName()}, "No AuthenticationProvider found for {0}"));
}
eventPublisher.publishAuthenticationFailure(lastException, authentication);
prepareException(lastException, authentication);
throw lastException;
@ -205,6 +204,7 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
@SuppressWarnings("deprecation")
private void prepareException(AuthenticationException ex, Authentication auth) {
eventPublisher.publishAuthenticationFailure(ex, auth);
ex.setAuthentication(auth);
if (clearExtraInformation) {

20
core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
View File

@ -267,6 +267,26 @@ public class ProviderManagerTests {
verify(publisher).publishAuthenticationFailure(expected, authReq);
}
@Test
@SuppressWarnings("deprecation")
public void statusExceptionIsPublished() throws Exception {
AuthenticationManager parent = mock(AuthenticationManager.class);
final LockedException expected = new LockedException("");
ProviderManager mgr = new ProviderManager(
Arrays.asList(createProviderWhichThrows(expected)), parent);
final Authentication authReq = mock(Authentication.class);
AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
mgr.setAuthenticationEventPublisher(publisher);
try {
mgr.authenticate(authReq);
fail("Expected exception");
} catch (LockedException e) {
assertSame(expected, e);
assertSame(authReq, e.getAuthentication());
}
verify(publisher).publishAuthenticationFailure(expected, authReq);
}
private AuthenticationProvider createProviderWhichThrows(final AuthenticationException e) {
AuthenticationProvider provider = mock(AuthenticationProvider.class);
when(provider.supports(any(Class.class))).thenReturn(true);