portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (JIRA)" <jetspeed-...@jakarta.apache.org>
Subject [jira] Closed: (JS2-221) Current SecurityAccess Implementation prevent mutli-authentication provider mechanism work
Date Sat, 02 Apr 2005 21:15:20 GMT
     [ http://issues.apache.org/jira/browse/JS2-221?page=history ]
     
Ate Douma closed JS2-221:
-------------------------

      Assign To: Ate Douma
     Resolution: Fixed
    Fix Version: 2.0-dev/cvs
                 2.0-M2

Fix applied, thanks!

> Current SecurityAccess Implementation prevent mutli-authentication provider mechanism
work
> ------------------------------------------------------------------------------------------
>
>          Key: JS2-221
>          URL: http://issues.apache.org/jira/browse/JS2-221
>      Project: Jetspeed 2
>         Type: Bug
>   Components: Security
>     Versions: 2.0-M2
>  Environment: Microsoft Windows XP with SP2
> J2SDK 1.4.2_07
>     Reporter: JamesLiao
>     Assignee: Ate Douma
>     Priority: Critical
>      Fix For: 2.0-dev/cvs, 2.0-M2

>
> When I have two authentication providers(database authentication provider and ldap authentication
provider). At the first time, I login with an principal which is defined in the ldap, I can
successfully login. For the second time, this user's authentication provider will change to
the default database, cause J2 will create an mapping only principal in table SECURITY_PRINCIPAL.
Of course, I fail to login.
> I think it should not return the database authentication provider, it should return the
real authentication provider.
> I change the code in class: org.apache.jetspeed.security.spi.impl.SecurityAccessImpl
> The orginal code:
>     /**
>      * <p>
>      * Returns if a Internal UserPrincipal is defined for the user name.
>      * </p>
>      * 
>      * @param username The user name.
>      * @return true if the user is known
>      */
>     public boolean isKnownUser(String username)
>     {
>         UserPrincipal userPrincipal = new UserPrincipalImpl(username);
>         String fullPath = userPrincipal.getFullPath();
>         // Get user.
>         Criteria filter = new Criteria();
>         filter.addEqualTo("fullPath", fullPath);
>         Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter);
>         return getPersistenceBrokerTemplate().getCount(query) == 1;
>     }
> Code after I modified:
> /**
>      * <p>
>      * Returns if a Internal UserPrincipal is defined for the user name.
>      * The Jetspeed 2 implementation does not distinguish if this user
>      * is a Mapping_Only user. I think we have to distinguish it cause it will
>      * return the wrong Authentication Provider. 
>      * 
>      * An alternative solution is: we binding the username and Authentication Provider

>      * for the first time login, then cache it in the memory or something, 
>      * then we don't need to change here.
>      * </p>
>      * 
>      * @param username The user name.
>      * @return true if the user is known
>      */
> 	public boolean isKnownUser(String username) {
> 		UserPrincipal userPrincipal = new UserPrincipalImpl(username);
>         String fullPath = userPrincipal.getFullPath();       
>         // Get user.
>         Criteria filter = new Criteria();
>         // fullPath must be equal.
>         filter.addEqualTo("fullPath", fullPath);
>         // The isMappingOnly must not be true.
>         // We don't need the mapping only user, mapping user can't be authenticated with
this provider. 
>         // we just need the true user.
>         filter.addEqualTo("isMappingOnly", Boolean.FALSE);
>         Query query = QueryFactory.newQuery(InternalUserPrincipalImpl.class, filter);
       
>         return getPersistenceBrokerTemplate().getCount(query) == 1;		
> 	}

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message