From bd38b5237cef4a6e5b0173e151068f143f5d8fe2 Mon Sep 17 00:00:00 2001
From: c-a-m <cam.morris@owasp.org>
Date: Mon, 29 Sep 2014 10:27:16 -0600
Subject: [PATCH] Revert "passwordfix:  This removes the password clearing from
 the authentication service"

This reverts commit elastic/x-pack@29462b494ff359377f0d315a4f76b505add4805d.

Original commit: elastic/x-pack-elasticsearch@50e42933f0c6a244602bab1dc52b833c0788f76e
---
 .../authc/InternalAuthenticationService.java  | 37 +++++++++++--------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
index d9bf28c82a6..78c9f1cc96c 100644
--- a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
+++ b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
@@ -97,24 +97,29 @@ public class InternalAuthenticationService extends AbstractComponent implements
     @SuppressWarnings("unchecked")
     public User authenticate(String action, TransportMessage<?> message, AuthenticationToken token) throws AuthenticationException {
         assert token != null : "cannot authenticate null tokens";
-        User user = (User) message.getContext().get(USER_CTX_KEY);
-        if (user != null) {
-            return user;
-        }
-        for (Realm realm : realms) {
-            if (realm.supports(token)) {
-                user = realm.authenticate(token);
-                if (user != null) {
-                    message.putInContext(USER_CTX_KEY, user);
-                    return user;
-                } else if (auditTrail != null) {
-                    auditTrail.authenticationFailed(realm.type(), token, action, message);
+        try {
+            User user = (User) message.getContext().get(USER_CTX_KEY);
+            if (user != null) {
+                return user;
+            }
+            for (Realm realm : realms) {
+                if (realm.supports(token)) {
+                    user = realm.authenticate(token);
+                    if (user != null) {
+                        message.putInContext(USER_CTX_KEY, user);
+                        return user;
+                    } else if (auditTrail != null) {
+                        auditTrail.authenticationFailed(realm.type(), token, action, message);
+                    }
                 }
             }
+            if (auditTrail != null) {
+                auditTrail.authenticationFailed(token, action, message);
+            }
+            throw new AuthenticationException("Unable to authenticate user for request");
+        } finally {
+            token.clearCredentials();
         }
-        if (auditTrail != null) {
-            auditTrail.authenticationFailed(token, action, message);
-        }
-        throw new AuthenticationException("Unable to authenticate user for request");
+
     }
 }