directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1573181 - /directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
Date Sat, 01 Mar 2014 14:36:00 GMT
Author: kayyagari
Date: Sat Mar  1 14:35:59 2014
New Revision: 1573181

URL: http://svn.apache.org/r1573181
Log:
o included message into exception instance before throwing
o removed duplicate loggers

Modified:
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java?rev=1573181&r1=1573180&r2=1573181&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
Sat Mar  1 14:35:59 2014
@@ -86,7 +86,6 @@ import org.slf4j.LoggerFactory;
 public class AuthenticationService
 {
     /** The log for this class. */
-    private static final Logger LOG = LoggerFactory.getLogger( AuthenticationService.class
);
     private static final Logger LOG_KRB = LoggerFactory.getLogger( Loggers.KERBEROS_LOG.getName()
);
 
     /** The module responsible for encryption and decryption */
@@ -104,7 +103,7 @@ public class AuthenticationService
      */
     public static void execute( AuthenticationContext authContext ) throws Exception
     {
-        if ( LOG.isDebugEnabled() )
+        if ( LOG_KRB.isDebugEnabled() )
         {
             monitorRequest( authContext );
         }
@@ -146,12 +145,10 @@ public class AuthenticationService
         KerberosConfig config = kdcContext.getConfig();
 
         Set<EncryptionType> requestedTypes = kdcContext.getRequest().getKdcReqBody().getEType();
-        LOG.debug( "Encryption types requested by client {}.", requestedTypes );
         LOG_KRB.debug( "Encryption types requested by client {}.", requestedTypes );
 
         EncryptionType bestType = KerberosUtils.getBestEncryptionType( requestedTypes, config.getEncryptionTypes()
);
 
-        LOG.debug( "Session will use encryption type {}.", bestType );
         LOG_KRB.debug( "Session will use encryption type {}.", bestType );
 
         if ( bestType == null )
@@ -218,7 +215,6 @@ public class AuthenticationService
 
     private static void verifySam( AuthenticationContext authContext ) throws KerberosException,
InvalidTicketException
     {
-        LOG.debug( "Verifying using SAM subsystem." );
         LOG_KRB.debug( "--> Verifying using SAM subsystem." );
         KdcReq request = authContext.getRequest();
         KerberosConfig config = authContext.getConfig();
@@ -230,11 +226,8 @@ public class AuthenticationService
 
         if ( clientEntry.getSamType() != null )
         {
-            if ( LOG.isDebugEnabled() || LOG_KRB.isDebugEnabled() )
+            if ( LOG_KRB.isDebugEnabled() )
             {
-                LOG.debug(
-                    "Entry for client principal {} has a valid SAM type.  Invoking SAM subsystem
for pre-authentication.",
-                    clientName );
                 LOG_KRB
                     .debug(
                         "Entry for client principal {} has a valid SAM type.  Invoking SAM
subsystem for pre-authentication.",
@@ -273,9 +266,8 @@ public class AuthenticationService
             authContext.setClientKey( clientKey );
             authContext.setPreAuthenticated( true );
 
-            if ( LOG.isDebugEnabled() || LOG_KRB.isDebugEnabled() )
+            if ( LOG_KRB.isDebugEnabled() )
             {
-                LOG.debug( "Pre-authentication using SAM subsystem successful for {}.", clientName
);
                 LOG_KRB.debug( "Pre-authentication using SAM subsystem successful for {}.",
clientName );
             }
         }
@@ -285,7 +277,6 @@ public class AuthenticationService
     private static void verifyEncryptedTimestamp( AuthenticationContext authContext ) throws
KerberosException,
         InvalidTicketException
     {
-        LOG.debug( "Verifying using encrypted timestamp." );
         LOG_KRB.debug( "--> Verifying using encrypted timestamp." );
 
         KerberosConfig config = authContext.getConfig();
@@ -298,9 +289,6 @@ public class AuthenticationService
 
         if ( clientEntry.getSamType() == null )
         {
-            LOG.debug(
-                "Entry for client principal {} has no SAM type.  Proceeding with standard
pre-authentication.",
-                clientName );
             LOG_KRB.debug(
                 "Entry for client principal {} has no SAM type.  Proceeding with standard
pre-authentication.",
                 clientName );
@@ -365,9 +353,8 @@ public class AuthenticationService
         authContext.setClientKey( clientKey );
         authContext.setPreAuthenticated( true );
 
-        if ( LOG.isDebugEnabled() || LOG_KRB.isDebugEnabled() )
+        if ( LOG_KRB.isDebugEnabled() )
         {
-            LOG.debug( "Pre-authentication by encrypted timestamp successful for {}.", clientName
);
             LOG_KRB.debug( "Pre-authentication by encrypted timestamp successful for {}.",
clientName );
         }
     }
@@ -457,39 +444,39 @@ public class AuthenticationService
             || kdcOptions.get( KdcOptions.FORWARDED )
             || kdcOptions.get( KdcOptions.ENC_TKT_IN_SKEY ) )
         {
+            String msg = "";
+            
+            if ( kdcOptions.get( KdcOptions.RENEW ) )
+            {
+                msg = "Ticket cannot be generated, as it's a renew";
+            }
+            
+            if ( kdcOptions.get( KdcOptions.VALIDATE ) )
+            {
+                msg = "Ticket cannot be generated, as it's a validate";
+            }
+            
+            if ( kdcOptions.get( KdcOptions.PROXY ) )
+            {
+                msg = "Ticket cannot be generated, as it's a proxy";
+            }
+            
+            if ( kdcOptions.get( KdcOptions.FORWARDED ) )
+            {
+                msg = "Ticket cannot be generated, as it's forwarded";
+            }
+            
+            if ( kdcOptions.get( KdcOptions.ENC_TKT_IN_SKEY ) )
+            {
+                msg = "Ticket cannot be generated, as it's a user-to-user ";
+            }
+            
             if ( LOG_KRB.isDebugEnabled() )
             {
-                if ( kdcOptions.get( KdcOptions.RENEW ) )
-                {
-                    LOG_KRB.error( "Ticket cannot be generated, as it's a renew" );
-
-                }
-
-                if ( kdcOptions.get( KdcOptions.VALIDATE ) )
-                {
-                    LOG_KRB.error( "Ticket cannot be generated, as it's a validate" );
-
-                }
-
-                if ( kdcOptions.get( KdcOptions.PROXY ) )
-                {
-                    LOG_KRB.error( "Ticket cannot be generated, as it's a proxy" );
-
-                }
-
-                if ( kdcOptions.get( KdcOptions.FORWARDED ) )
-                {
-                    LOG_KRB.error( "Ticket cannot be generated, as it's forwarded" );
-
-                }
-
-                if ( kdcOptions.get( KdcOptions.ENC_TKT_IN_SKEY ) )
-                {
-                    LOG_KRB.error( "Ticket cannot be generated, as it's a user-to-user "
);
-                }
+                LOG_KRB.debug( msg );
             }
 
-            throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
+            throw new KerberosException( ErrorType.KDC_ERR_BADOPTION, msg );
         }
 
         EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( authContext.getEncryptionType()
);
@@ -527,9 +514,9 @@ public class AuthenticationService
             && !startTime.isInClockSkew( config.getAllowableClockSkew() )
             && !request.getKdcReqBody().getKdcOptions().get( KdcOptions.POSTDATED
) )
         {
-            LOG_KRB.error( "Ticket cannot be generated, as it's in the future and the Postdated
option is not set" );
-
-            throw new KerberosException( ErrorType.KDC_ERR_CANNOT_POSTDATE );
+            String msg = "Ticket cannot be generated, as it's in the future and the POSTDATED
option is not set in the request";
+            LOG_KRB.error( msg );
+            throw new KerberosException( ErrorType.KDC_ERR_CANNOT_POSTDATE, msg );
         }
 
         /*
@@ -541,8 +528,9 @@ public class AuthenticationService
         {
             if ( !config.isPostdatedAllowed() )
             {
-                LOG_KRB.error( "Ticket cannot be generated, as Podated is not allowed" );
-                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+                String msg = "Ticket cannot be generated, cause issuing POSTDATED tickets
is not allowed";
+                LOG_KRB.error( msg );
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY, msg );
             }
 
             ticketFlags.setFlag( TicketFlag.POSTDATED );
@@ -576,16 +564,18 @@ public class AuthenticationService
          */
         if ( kerberosEndTime.lessThan( startTime ) )
         {
-            LOG_KRB.error( "Ticket cannot be generated, as the endTime is below the startTime"
);
-            throw new KerberosException( ErrorType.KDC_ERR_NEVER_VALID );
+            String msg = "Ticket cannot be generated, as the endTime is below the startTime";
+            LOG_KRB.error( msg );
+            throw new KerberosException( ErrorType.KDC_ERR_NEVER_VALID, msg );
         }
 
         long ticketLifeTime = Math.abs( startTime.getTime() - kerberosEndTime.getTime() );
 
         if ( ticketLifeTime < config.getMinimumTicketLifetime() )
         {
-            LOG_KRB.error( "Ticket cannot be generated, as the Lifetime is too small" );
-            throw new KerberosException( ErrorType.KDC_ERR_NEVER_VALID );
+            String msg = "Ticket cannot be generated, as the Lifetime is too small";
+            LOG_KRB.error( msg );
+            throw new KerberosException( ErrorType.KDC_ERR_NEVER_VALID, msg );
         }
 
         /*
@@ -601,8 +591,9 @@ public class AuthenticationService
         {
             if ( !config.isRenewableAllowed() )
             {
-                LOG_KRB.error( "Ticket cannot be generated, as the renew date is exceeded"
);
-                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+                String msg = "Ticket cannot be generated, as the renew date is exceeded";
+                LOG_KRB.error( msg );
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY, msg );
             }
 
             request.getKdcReqBody().getKdcOptions().set( KdcOptions.RENEWABLE );
@@ -613,8 +604,9 @@ public class AuthenticationService
         {
             if ( !config.isRenewableAllowed() )
             {
-                LOG_KRB.error( "Ticket cannot be generated, as Renewable is not allowed"
);
-                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+                String msg = "Ticket cannot be generated, as Renewable is not allowed";
+                LOG_KRB.error( msg );
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY, msg );
             }
 
             ticketFlags.setFlag( TicketFlag.RENEWABLE );
@@ -643,8 +635,9 @@ public class AuthenticationService
         {
             if ( !config.isEmptyAddressesAllowed() )
             {
-                LOG_KRB.error( "Ticket cannot be generated, as the addresses are null, and
it's not allowed" );
-                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+                String msg = "Ticket cannot be generated, as the addresses are null, and
it's not allowed";
+                LOG_KRB.error( msg );
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY, msg );
             }
         }
 
@@ -656,7 +649,6 @@ public class AuthenticationService
         newTicket.setRealm( serverRealm );
         newTicket.setEncTicketPart( encTicketPart );
 
-        LOG.debug( "Ticket will be issued for access to {}.", serverPrincipal.toString()
);
         LOG_KRB.debug( "Ticket will be issued for access to {}.", serverPrincipal.toString()
);
 
         authContext.setTicket( newTicket );
@@ -706,7 +698,7 @@ public class AuthenticationService
         EncAsRepPart encAsRepPart = new EncAsRepPart();
         encAsRepPart.setEncKdcRepPart( encKdcRepPart );
 
-        if ( LOG.isDebugEnabled() || LOG_KRB.isDebugEnabled() )
+        if ( LOG_KRB.isDebugEnabled() )
         {
             monitorContext( authContext );
             monitorReply( reply, encKdcRepPart );
@@ -727,7 +719,7 @@ public class AuthenticationService
     {
         KdcReq request = kdcContext.getRequest();
 
-        if ( LOG.isDebugEnabled() || LOG_KRB.isDebugEnabled() )
+        if ( LOG_KRB.isDebugEnabled() )
         {
             try
             {
@@ -752,13 +744,11 @@ public class AuthenticationService
                 sb.append( "\n\t" + "hostAddresses:         " + request.getKdcReqBody().getAddresses()
);
 
                 String message = sb.toString();
-                LOG.debug( message );
                 LOG_KRB.debug( message );
             }
             catch ( Exception e )
             {
                 // This is a monitor.  No exceptions should bubble up.
-                LOG.error( I18n.err( I18n.ERR_153 ), e );
                 LOG_KRB.error( I18n.err( I18n.ERR_153 ), e );
             }
         }
@@ -806,13 +796,11 @@ public class AuthenticationService
 
             String message = sb.toString();
 
-            LOG.debug( message );
             LOG_KRB.debug( message );
         }
         catch ( Exception e )
         {
             // This is a monitor.  No exceptions should bubble up.
-            LOG.error( I18n.err( I18n.ERR_154 ), e );
             LOG_KRB.error( I18n.err( I18n.ERR_154 ), e );
         }
     }
@@ -820,7 +808,7 @@ public class AuthenticationService
 
     private static void monitorReply( AsRep reply, EncKdcRepPart part )
     {
-        if ( LOG.isDebugEnabled() )
+        if ( LOG_KRB.isDebugEnabled() )
         {
             try
             {
@@ -842,13 +830,11 @@ public class AuthenticationService
 
                 String message = sb.toString();
 
-                LOG.debug( message );
                 LOG_KRB.debug( message );
             }
             catch ( Exception e )
             {
                 // This is a monitor.  No exceptions should bubble up.
-                LOG.error( I18n.err( I18n.ERR_155 ), e );
                 LOG_KRB.error( I18n.err( I18n.ERR_155 ), e );
             }
         }
@@ -919,7 +905,7 @@ public class AuthenticationService
         }
         catch ( EncoderException ee )
         {
-            LOG.warn( "Failed to encode the etype information", ee );
+            LOG_KRB.warn( "Failed to encode the etype information", ee );
             return null;
         }
     }



Mime
View raw message