[Building Sakai] question about AuthenticationCache -- null authentication record

Wed Sep 10 12:13:35 PDT 2014

Unfortunately, I have not heard back yet

Here's some more update:
If user entered the wrong pwd, then the tomcat threw [DEBUG]
org.sakaiproject.user.impl.AuthenticationCache:94 - getAuthentication:
record for authenticationId=XXXX failed password check

I think null record causes the issue, so that user authentication is
failed. Can anybody explain when the record can be null?

Thank you in advance.

S

On Tue, Sep 9, 2014 at 10:33 AM, Sanghyun Jeon <euksa99 at gmail.com> wrote:

> Hello All,
>
>
>
> One of our LDAP servers’ users is having a difficulty to use WebDAV.
>
> Whenever these users enter the user name and pwd into WebDAV windows, the
> tomcat throws
>
> getAuthentication: replaying authentication failure for
> authenticationId=XXX.
>
>
>
> I look through the code
> in kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/ AuthenticationCache.java,
> this can happen only when user provided pwd and LDAP pwd are matched but
> authentication record is null.
>
> I am wondering when/how the authentication record can be null. User
> provides the right user id/pwd and LDAP has the right information, though.
>
>
>
>
>
>        public Authentication getAuthentication(String authenticationId,
> String password)
>
>                         throws AuthenticationException {
>
>                 Authentication auth = null;
>
>                 Element element =  authCache.get(authenticationId);
>
>                 if (element != null) {
>
>                         AuthenticationRecord record =
> (AuthenticationRecord)element.getObjectValue();
>
>                         byte[] salt = new byte[saltLength];
>
>                         System.arraycopy(record.encodedPassword, 0, salt,
> 0, salt.length);
>
>                         byte[] encodedPassword = getEncrypted(password,
> salt);
>
>                         if (MessageDigest.isEqual(record.encodedPassword,
> encodedPassword)) {
>
>                                 if (record.authentication == null) {
>
>                                         if (log.isDebugEnabled())
> log.debug("getAuthentication: replaying authentication failure for
> authenticationId=" + authenticationId);
>
>                                         throw new
> AuthenticationException("repeated invalid login");
>
>                                 } else {
>
>                                         if (log.isDebugEnabled())
> log.debug("getAuthentication: returning record for authenticationId=" +
> authenticationId);
>
>                                         auth = record.authentication;
>
>                                 }
>
>                         } else {
>
>                                 // Since the passwords didn't match, we're
> no longer getting repeats,
>
>                                 // and so the record should be removed.
>
>                                 if (log.isDebugEnabled())
> log.debug("getAuthentication: record for authenticationId=" +
> authenticationId + " failed password check");
>
>                                 authCache.remove(authenticationId);
>
>                         }
>
>                 }
>
>                 return auth;
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140910/0c7994be/attachment.html 