[Building Sakai] question about AuthenticationCache -- null authentication record
Sanghyun Jeon
euksa99 at gmail.com
Wed Sep 10 12:13:35 PDT 2014
Unfortunately, I have not heard back yet
Here's some more update:
If user entered the wrong pwd, then the tomcat threw [DEBUG]
org.sakaiproject.user.impl.AuthenticationCache:94 - getAuthentication:
record for authenticationId=XXXX failed password check
I think null record causes the issue, so that user authentication is
failed. Can anybody explain when the record can be null?
Thank you in advance.
S
On Tue, Sep 9, 2014 at 10:33 AM, Sanghyun Jeon <euksa99 at gmail.com> wrote:
> Hello All,
>
>
>
> One of our LDAP servers’ users is having a difficulty to use WebDAV.
>
> Whenever these users enter the user name and pwd into WebDAV windows, the
> tomcat throws
>
> getAuthentication: replaying authentication failure for
> authenticationId=XXX.
>
>
>
> I look through the code
> in kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/ AuthenticationCache.java,
> this can happen only when user provided pwd and LDAP pwd are matched but
> authentication record is null.
>
> I am wondering when/how the authentication record can be null. User
> provides the right user id/pwd and LDAP has the right information, though.
>
>
>
>
>
> public Authentication getAuthentication(String authenticationId,
> String password)
>
> throws AuthenticationException {
>
> Authentication auth = null;
>
> Element element = authCache.get(authenticationId);
>
> if (element != null) {
>
> AuthenticationRecord record =
> (AuthenticationRecord)element.getObjectValue();
>
> byte[] salt = new byte[saltLength];
>
> System.arraycopy(record.encodedPassword, 0, salt,
> 0, salt.length);
>
> byte[] encodedPassword = getEncrypted(password,
> salt);
>
> if (MessageDigest.isEqual(record.encodedPassword,
> encodedPassword)) {
>
> if (record.authentication == null) {
>
> if (log.isDebugEnabled())
> log.debug("getAuthentication: replaying authentication failure for
> authenticationId=" + authenticationId);
>
> throw new
> AuthenticationException("repeated invalid login");
>
> } else {
>
> if (log.isDebugEnabled())
> log.debug("getAuthentication: returning record for authenticationId=" +
> authenticationId);
>
> auth = record.authentication;
>
> }
>
> } else {
>
> // Since the passwords didn't match, we're
> no longer getting repeats,
>
> // and so the record should be removed.
>
> if (log.isDebugEnabled())
> log.debug("getAuthentication: record for authenticationId=" +
> authenticationId + " failed password check");
>
> authCache.remove(authenticationId);
>
> }
>
> }
>
> return auth;
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140910/0c7994be/attachment.html
More information about the sakai-dev
mailing list