directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wu, James C." <James.C...@disney.com>
Subject RE: bug in initializing authenticators for AuthenticatorInterceptor
Date Tue, 16 Apr 2013 23:23:00 GMT
Here is my local modifications for your reference. It seem to be working for me. I can start
both ldap and the kdc service.


    /**
     * @param authenticators authenticators to be used by this AuthenticationInterceptor
     */
    public void setAuthenticators( Set<Authenticator> authenticators )
    {
        if ( authenticators == null )
        {
            this.authenticators.clear();
            this.authenticatorsMapByType.clear();
            return;
        }

        this.authenticators = authenticators;
    }


    /**
     * @param authenticators authenticators to be used by this AuthenticationInterceptor
     */
    public void setAuthenticators( Authenticator[] authenticators )
    {
        if ( authenticators == null )
        {
            throw new IllegalArgumentException( "The given authenticators set is null" );
        }

       Set<Authenticator> authenticatorsSet = new HashSet<Authenticator>();
       for (Authenticator authenticator : authenticators) {
	if (authenticator != null)
                   authenticatorsSet.add(authenticator);
        }
       setAuthenticators(authenticatorsSet);
    }



-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
Sent: Tuesday, April 16, 2013 3:40 PM
To: Apache Directory Developers List
Subject: Re: bug in initializing authenticators for AuthenticatorInterceptor

Le 4/16/13 8:05 PM, Wu, James C. a écrit :
> Hi,
>
> I am looking at this two method definition in the AuthenticationInterceptor.java class.
 This two method should both set to the authenticators for the interceptor to the input given
in the parameter given both are a setter.  However, the logic of method body of these two
methods are quite different. The first method just set the member variable (authenticators)
to the input parameters, while the second method will register the authenticator and strangely
enough, it does not set the member variable (authenticators) to the input parameter.
>
>     /**
>      * @param authenticators authenticators to be used by this AuthenticationInterceptor
>      */
>     public void setAuthenticators( Set<Authenticator> authenticators )
>     {
>         if ( authenticators == null )
>         {
>             this.authenticators.clear();
>         }
>         else
>         {
>             this.authenticators = authenticators;
>         }
>     }
>
>
>     /**
>      * @param authenticators authenticators to be used by this AuthenticationInterceptor
>      */
>     public void setAuthenticators( Authenticator[] authenticators )
>     {
>         if ( authenticators == null )
>         {
>             throw new IllegalArgumentException( "The given authenticators set is null"
);
>         }
>
>         this.authenticators.clear();
>         this.authenticatorsMapByType.clear();
>
>         for ( Authenticator authenticator : authenticators )
>         {
>             try
>             {
>                 register( authenticator, directoryService );
>             }
>             catch ( LdapException le )
>             {
>                 LOG.error( "Cannot register authenticator {}", authenticator );
>             }
>         }
>     }
>
>
> I traced the execution of the start of the apacheds service. During the startup of the
apacheds service, three authenticators will be created, and the setAuthenticators( Authenticator[]
authenticators ) method will be called. But due to the fact that, the member variable authenticators
is not set, when the execution gets to init method of the authenticatorinterceptor, three
new default authenticator will be created because the authenticators is null and default authenticators
are created. Now we have six authenticators. Three of them (Simple, Strong, Anonymous) created
by the setDefaultAuthenticators are in the authenticators list, the other three (Simple, Strong,
Anonymous) created by createInterceptors  in the ServiceBuilder class are in the authenticatorsMapByType
map.
>
> I am thinking this is a bug. First of all, these two methods should behave in the same
way. Second, we should not have duplicated authenticators, plus the three authenticators created
by the createInterceptors   method in the ServiceBuilder class is not properly initialized.
Their directoryService field is null.

This is clearly a wrong initialization. My understanding is that we have stacked layers on
top of layers during years, but never cleaned up the class.

I also modified this code 8 weeks ago, I don't remember why I change it this way (cf http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?r1=1424688&r2=1446503&diff_format=h),
but this is clearly wrong...

It's a bit late for me to come with a better version, I'm afraid to break the code even more,
so I'll get a good night of sleep and come back tomorrow with a clear mind.

Thanks a lot for pointing this !


--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com 

Mime
View raw message