Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 13:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Moved credential expiry checking after password check. If the wrong password is presented, BadCredentialsException will now be thrown even if the password has expired.

Browse Source
This commit is contained in:
Luke Taylor 2005-04-25 23:11:12 +00:00
parent 423dbc9f14
commit c29a5731be
2 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
core/src/main/java/org/acegisecurity/providers/dao/DaoAuthenticationProvider.java
View File

@ -264,16 +264,6 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
throw new LockedException("User account is locked"); throw new LockedException("User account is locked");
} }
if (!user.isCredentialsNonExpired()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureCredentialsExpiredEvent(
authentication, user));
}
throw new CredentialsExpiredException(
"User credentials have expired");
}
if (!isPasswordCorrect(authentication, user)) { if (!isPasswordCorrect(authentication, user)) {
// Password incorrect, so ensure we're using most current password // Password incorrect, so ensure we're using most current password
if (cacheWasUsed) { if (cacheWasUsed) {
@ -291,6 +281,16 @@ public class DaoAuthenticationProvider implements AuthenticationProvider,
} }
} }
if (!user.isCredentialsNonExpired()) {
if (this.context != null) {
context.publishEvent(new AuthenticationFailureCredentialsExpiredEvent(
authentication, user));
}
throw new CredentialsExpiredException(
"User credentials have expired");
}
if (!cacheWasUsed) { if (!cacheWasUsed) {
// Put into cache // Put into cache
this.userCache.putUserInCache(user); this.userCache.putUserInCache(user);

10
core/src/test/java/org/acegisecurity/providers/dao/DaoAuthenticationProviderTests.java
View File

@ -154,6 +154,16 @@ public class DaoAuthenticationProviderTests extends TestCase {
} catch (CredentialsExpiredException expected) { } catch (CredentialsExpiredException expected) {
assertTrue(true); assertTrue(true);
} }
// Check that wrong password causes BadCredentialsException, rather than CredentialsExpiredException
token = new UsernamePasswordAuthenticationToken("peter", "wrong_password");
try {
provider.authenticate(token);
fail("Should have thrown BadCredentialsException");
} catch (BadCredentialsException expected) {
assertTrue(true);
}
} }
public void testAuthenticateFailsIfUserDisabled() { public void testAuthenticateFailsIfUserDisabled() {