portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "JamesLiao (JIRA)" <jetspeed-...@jakarta.apache.org>
Subject [jira] Created: (JS2-221) Current SecurityAccess Implementation prevent mutli-authentication provider mechanism work
Date Fri, 18 Mar 2005 06:42:20 GMT
Current SecurityAccess Implementation prevent mutli-authentication provider mechanism work
------------------------------------------------------------------------------------------

         Key: JS2-221
         URL: http://issues.apache.org/jira/browse/JS2-221
     Project: Jetspeed 2
        Type: Bug
  Components: Security  
    Versions: 2.0-M2    
 Environment: Microsoft Windows XP with SP2
J2SDK 1.4.2_07
    Reporter: JamesLiao
    Priority: Critical


When I have two authentication providers(database authentication provider and ldap authentication
provider). At the first time, I login with an principal which is defined in the ldap, I can
successfully login. For the second time, this user's authentication provider will change to
the default database, cause J2 will create an mapping only principal in table SECURITY_PRINCIPAL.
Of course, I fail to login.

I think it should not return the database authentication provider, it should return the real
authentication provider.

I change the code in class: org.apache.jetspeed.security.spi.impl.SecurityAccessImpl
The orginal code:
    /**
     * <p>
     * Returns if a Internal UserPrincipal is defined for the user name.
     * </p>
     * 
     * @param username The user name.
     * @return true if the user is known
     */
    public boolean isKnownUser(String username)
    {
        UserPrincipal userPrincipal = new UserPrincipalImpl(username);
        String fullPath = userPrincipal.getFullPath();
        // Get user.
        Criteria filter = new Criteria();
        filter.addEqualTo("fullPath", fullPath);
        Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter);
        return getPersistenceBrokerTemplate().getCount(query) == 1;
    }

Code after I modified:
/**
     * <p>
     * Returns if a Internal UserPrincipal is defined for the user name.
     * The Jetspeed 2 implementation does not distinguish if this user
     * is a Mapping_Only user. I think we have to distinguish it cause it will
     * return the wrong Authentication Provider. 
     * 
     * An alternative solution is: we binding the username and Authentication Provider 
     * for the first time login, then cache it in the memory or something, 
     * then we don't need to change here.
     * </p>
     * 
     * @param username The user name.
     * @return true if the user is known
     */
	public boolean isKnownUser(String username) {
		UserPrincipal userPrincipal = new UserPrincipalImpl(username);
        String fullPath = userPrincipal.getFullPath();       
        // Get user.
        Criteria filter = new Criteria();
        // fullPath must be equal.
        filter.addEqualTo("fullPath", fullPath);
        // The isMappingOnly must not be true.
        // We don't need the mapping only user, mapping user can't be authenticated with this
provider. 
        // we just need the true user.
        filter.addEqualTo("isMappingOnly", Boolean.FALSE);
        Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter);    
   
        return getPersistenceBrokerTemplate().getCount(query) == 1;		
	}


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message