[Building Sakai] question about AuthenticationCache -- null authentication record
Sanghyun Jeon
euksa99 at gmail.com
Tue Sep 9 10:33:01 PDT 2014
Hello All,
One of our LDAP servers’ users is having a difficulty to use WebDAV.
Whenever these users enter the user name and pwd into WebDAV windows, the
tomcat throws
getAuthentication: replaying authentication failure for
authenticationId=XXX.
I look through the code
in kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/
AuthenticationCache.java,
this can happen only when user provided pwd and LDAP pwd are matched but
authentication record is null.
I am wondering when/how the authentication record can be null. User
provides the right user id/pwd and LDAP has the right information, though.
public Authentication getAuthentication(String authenticationId,
String password)
throws AuthenticationException {
Authentication auth = null;
Element element = authCache.get(authenticationId);
if (element != null) {
AuthenticationRecord record =
(AuthenticationRecord)element.getObjectValue();
byte[] salt = new byte[saltLength];
System.arraycopy(record.encodedPassword, 0, salt,
0, salt.length);
byte[] encodedPassword = getEncrypted(password,
salt);
if (MessageDigest.isEqual(record.encodedPassword,
encodedPassword)) {
if (record.authentication == null) {
if (log.isDebugEnabled())
log.debug("getAuthentication: replaying authentication failure for
authenticationId=" + authenticationId);
throw new
AuthenticationException("repeated invalid login");
} else {
if (log.isDebugEnabled())
log.debug("getAuthentication: returning record for authenticationId=" +
authenticationId);
auth = record.authentication;
}
} else {
// Since the passwords didn't match, we're
no longer getting repeats,
// and so the record should be removed.
if (log.isDebugEnabled())
log.debug("getAuthentication: record for authenticationId=" +
authenticationId + " failed password check");
authCache.remove(authenticationId);
}
}
return auth;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140909/c4bcbb53/attachment.html
More information about the sakai-dev
mailing list