Revert "passwordfix: This removes the password clearing from the authentication service"

This reverts commit elastic/x-pack@29462b494f. Original commit: elastic/x-pack-elasticsearch@50e42933f0
2014-09-29 10:27:16 -06:00 · 2014-09-29 10:27:16 -06:00 · bd38b5237c
parent a57eae4f1f
commit bd38b5237c
1 changed files with 21 additions and 16 deletions
--- a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
+++ b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
@ -97,24 +97,29 @@ public class InternalAuthenticationService extends AbstractComponent implements
    @SuppressWarnings("unchecked")
    public User authenticate(String action, TransportMessage<?> message, AuthenticationToken token) throws AuthenticationException {
        assert token != null : "cannot authenticate null tokens";
-        User user = (User) message.getContext().get(USER_CTX_KEY);
-        if (user != null) {
-            return user;
-        }
-        for (Realm realm : realms) {
-            if (realm.supports(token)) {
-                user = realm.authenticate(token);
-                if (user != null) {
-                    message.putInContext(USER_CTX_KEY, user);
-                    return user;
-                } else if (auditTrail != null) {
-                    auditTrail.authenticationFailed(realm.type(), token, action, message);
+        try {
+            User user = (User) message.getContext().get(USER_CTX_KEY);
+            if (user != null) {
+                return user;
+            }
+            for (Realm realm : realms) {
+                if (realm.supports(token)) {
+                    user = realm.authenticate(token);
+                    if (user != null) {
+                        message.putInContext(USER_CTX_KEY, user);
+                        return user;
+                    } else if (auditTrail != null) {
+                        auditTrail.authenticationFailed(realm.type(), token, action, message);
+                    }
                }
            }
+            if (auditTrail != null) {
+                auditTrail.authenticationFailed(token, action, message);
+            }
+            throw new AuthenticationException("Unable to authenticate user for request");
+        } finally {
+            token.clearCredentials();
        }
-        if (auditTrail != null) {
-            auditTrail.authenticationFailed(token, action, message);
-        }
-        throw new AuthenticationException("Unable to authenticate user for request");
+
    }
 }