Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2367: ProviderManager rethrows InternalAuthenticationServiceExceptions

Browse Source
This commit is contained in:
Rob Winch 2013-12-04 16:19:33 -06:00
parent 7e274ea5b6
commit fa39ecd719
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/src/main/java/org/springframework/security/authentication/ProviderManager.java
View File

@ -163,6 +163,9 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
prepareException(e, authentication);
// SEC-546: Avoid polling additional providers if auth failure is due to invalid account status
throw e;
} catch (InternalAuthenticationServiceException e) {
prepareException(e, authentication);
throw e;
} catch (AuthenticationException e) {
lastException = e;
}

14
core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
View File

@ -287,6 +287,20 @@ public class ProviderManagerTests {
verify(publisher).publishAuthenticationFailure(expected, authReq);
}
// SEC-2367
@Test
public void providerThrowsInternalAuthenticationServiceException() {
InternalAuthenticationServiceException expected = new InternalAuthenticationServiceException("Expected");
ProviderManager mgr = new ProviderManager(
Arrays.asList(createProviderWhichThrows(expected), createProviderWhichThrows(new BadCredentialsException("Oops"))), null);
final Authentication authReq = mock(Authentication.class);
try {
mgr.authenticate(authReq);
fail("Expected Exception");
} catch(InternalAuthenticationServiceException success) {}
}
private AuthenticationProvider createProviderWhichThrows(final AuthenticationException e) {
AuthenticationProvider provider = mock(AuthenticationProvider.class);
when(provider.supports(any(Class.class))).thenReturn(true);