[Building Sakai] question about AuthenticationCache -- null authentication record

Sanghyun Jeon euksa99 at gmail.com
Tue Sep 9 10:33:01 PDT 2014 

Hello All,



One of our LDAP servers’ users is having a difficulty to use WebDAV.

Whenever these users enter the user name and pwd into WebDAV windows, the
tomcat throws

getAuthentication: replaying authentication failure for
authenticationId=XXX.



I look through the code
in kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/
AuthenticationCache.java,
this can happen only when user provided pwd and LDAP pwd are matched but
authentication record is null.

I am wondering when/how the authentication record can be null. User
provides the right user id/pwd and LDAP has the right information, though.





       public Authentication getAuthentication(String authenticationId,
String password)

                        throws AuthenticationException {

                Authentication auth = null;

                Element element =  authCache.get(authenticationId);

                if (element != null) {

                        AuthenticationRecord record =
(AuthenticationRecord)element.getObjectValue();

                        byte[] salt = new byte[saltLength];

                        System.arraycopy(record.encodedPassword, 0, salt,
0, salt.length);

                        byte[] encodedPassword = getEncrypted(password,
salt);

                        if (MessageDigest.isEqual(record.encodedPassword,
encodedPassword)) {

                                if (record.authentication == null) {

                                        if (log.isDebugEnabled())
log.debug("getAuthentication: replaying authentication failure for
authenticationId=" + authenticationId);

                                        throw new
AuthenticationException("repeated invalid login");

                                } else {

                                        if (log.isDebugEnabled())
log.debug("getAuthentication: returning record for authenticationId=" +
authenticationId);

                                        auth = record.authentication;

                                }

                        } else {

                                // Since the passwords didn't match, we're
no longer getting repeats,

                                // and so the record should be removed.

                                if (log.isDebugEnabled())
log.debug("getAuthentication: record for authenticationId=" +
authenticationId + " failed password check");

                                authCache.remove(authenticationId);

                        }

                }

                return auth;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140909/c4bcbb53/attachment.html

More information about the sakai-dev mailing list