diff --git a/src/main/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealm.java b/src/main/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealm.java index addcff39876..14f90ad54b9 100644 --- a/src/main/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealm.java +++ b/src/main/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealm.java @@ -10,6 +10,7 @@ import org.elasticsearch.common.cache.CacheBuilder; import org.elasticsearch.common.component.AbstractComponent; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; +import org.elasticsearch.common.util.concurrent.UncheckedExecutionException; import org.elasticsearch.rest.RestRequest; import org.elasticsearch.shield.User; import org.elasticsearch.shield.authc.AuthenticationException; @@ -92,7 +93,7 @@ public abstract class CachingUsernamePasswordRealm extends AbstractComponent imp public UserWithHash call() throws Exception { User user = doAuthenticate(token); if (user == null) { - throw new AuthenticationException("Could not authenticate ['" + token.principal() + "]"); + throw new AuthenticationException("Could not authenticate [" + token.principal() + "]"); } return new UserWithHash(user, token.credentials(), hasher); } @@ -108,8 +109,8 @@ public abstract class CachingUsernamePasswordRealm extends AbstractComponent imp userWithHash = cache.get(token.principal(), callback); return userWithHash.user; - } catch (ExecutionException ee) { - logger.warn("Could not authenticate ['" + token.principal() + "]", ee); + } catch (ExecutionException | UncheckedExecutionException ee) { + logger.warn("Could not authenticate [" + token.principal() + "]", ee); return null; } } diff --git a/src/test/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealmTests.java b/src/test/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealmTests.java index 797f54d83df..dca3d3052d7 100644 --- a/src/test/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealmTests.java +++ b/src/test/java/org/elasticsearch/shield/authc/support/CachingUsernamePasswordRealmTests.java @@ -6,29 +6,18 @@ package org.elasticsearch.shield.authc.support; import org.elasticsearch.common.settings.ImmutableSettings; +import org.elasticsearch.common.settings.Settings; import org.elasticsearch.shield.User; +import org.elasticsearch.shield.authc.Realm; import org.elasticsearch.test.ElasticsearchTestCase; import org.junit.Test; import java.util.concurrent.atomic.AtomicInteger; -import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.*; public class CachingUsernamePasswordRealmTests extends ElasticsearchTestCase { - static class AlwaysAuthenticateCachingRealm extends CachingUsernamePasswordRealm { - public AlwaysAuthenticateCachingRealm() { - super(ImmutableSettings.EMPTY); - } - public final AtomicInteger INVOCATION_COUNTER = new AtomicInteger(0); - @Override protected User doAuthenticate(UsernamePasswordToken token) { - INVOCATION_COUNTER.incrementAndGet(); - return new User.Simple(token.principal(), "testRole1", "testRole2"); - } - - @Override public String type() { return "test"; } - } - @Test public void testCache(){ AlwaysAuthenticateCachingRealm realm = new AlwaysAuthenticateCachingRealm(); @@ -63,4 +52,69 @@ public class CachingUsernamePasswordRealmTests extends ElasticsearchTestCase { assertThat(realm.INVOCATION_COUNTER.intValue(), is(2)); } + + @Test + public void testAutheticateContract() throws Exception { + Realm realm = new FailingAuthenticationRealm(ImmutableSettings.EMPTY); + User user = realm.authenticate(new UsernamePasswordToken("user", SecuredStringTests.build("pass"))); + assertThat(user , nullValue()); + + realm = new ThrowingAuthenticationRealm(ImmutableSettings.EMPTY); + user = realm.authenticate(new UsernamePasswordToken("user", SecuredStringTests.build("pass"))); + assertThat(user , nullValue()); + } + + static class FailingAuthenticationRealm extends CachingUsernamePasswordRealm { + + FailingAuthenticationRealm(Settings settings) { + super(settings); + } + + @Override + protected User doAuthenticate(UsernamePasswordToken token) { + return null; + } + + @Override + public String type() { + return "failing"; + } + } + + static class ThrowingAuthenticationRealm extends CachingUsernamePasswordRealm { + + ThrowingAuthenticationRealm(Settings settings) { + super(settings); + } + + @Override + protected User doAuthenticate(UsernamePasswordToken token) { + throw new RuntimeException("whatever exception"); + } + + @Override + public String type() { + return "throwing"; + } + } + + static class AlwaysAuthenticateCachingRealm extends CachingUsernamePasswordRealm { + + public final AtomicInteger INVOCATION_COUNTER = new AtomicInteger(0); + + AlwaysAuthenticateCachingRealm() { + super(ImmutableSettings.EMPTY); + } + + @Override + protected User doAuthenticate(UsernamePasswordToken token) { + INVOCATION_COUNTER.incrementAndGet(); + return new User.Simple(token.principal(), "testRole1", "testRole2"); + } + + @Override + public String type() { + return "always"; + } + } }