directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DIRSERVER-1987) Only one authenticator of particular type is (randomly) configured during initialization
Date Sun, 30 Jun 2019 04:51:00 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emmanuel Lecharny updated DIRSERVER-1987:
-----------------------------------------
    Component/s:     (was: core)
                 authn

> Only one authenticator of particular type is (randomly) configured during initialization
> ----------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1987
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1987
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: authn
>    Affects Versions: 2.0.0-M17
>            Reporter: Denis Mikhalkin
>            Priority: Major
>
> I've developed a custom authenticator of type SIMPLE. ApacheDS already has a default
SimpleAuthenticator. I've added my authenticator to the configuration at ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> Authenticator gets created (constructor is called) but the doInit method gets called
only once sometime, and then with null directory service. Sometimes everything just works.
> I debugged the issue and found the following piece of code in AuthenticationInterceptor.register:
> {code:java}
>         Collection<Authenticator> authenticatorList = getAuthenticators( authenticator.getAuthenticatorType()
);
>         if ( authenticatorList == null )
>         {
>             authenticatorList = new ArrayList<Authenticator>();
>             authenticatorsMapByType.put( authenticator.getAuthenticatorType(), authenticatorList
);
>             authenticators.add( authenticator );
>         }
>         if ( !authenticatorList.contains( authenticator ) )
>         {
>             authenticatorList.add( authenticator );
>         }
> {code}
> 1. It first gets a list of existing authenticator of particular type. Let's say there
is already one authenticator of such type (say SimpleAuthenticator). The list will be non-empty
> 2. Because the list is non-empty, the if statement is skipped
> 3. Because the list does not contain the second authenticator, it gets added to the list.
This list is in the map authenticatorsMapByType, so the authenticator is registered in the
map-by-type
> BUT, since the if statement was skipped, the second authenticator is not added to the
list of all authenticators at "this.authenticators". So when the authenticators are later
initialized with directoryService and invoked, the second authenticator is not in action.
> The randomness of the behavior is associated with the order of authenticators which are
passed in into AuthenticationInterceptor.setAuthenticators. If my authenticator is the first
one, SimpleAuthenticator will be skipped. If my one is the second, it gets skipped.
> I'm not sure what is the expected behavior, but if all authenticators should be active,
the code should be modified as follows:
> {code:java}
>         Collection<Authenticator> authenticatorList = getAuthenticators( authenticator.getAuthenticatorType()
);
>         if ( authenticatorList == null )
>         {
>             authenticatorList = new ArrayList<Authenticator>();
>             authenticatorsMapByType.put( authenticator.getAuthenticatorType(), authenticatorList
);
>         }
>         if ( !authenticatorList.contains( authenticator ) )
>         {
>             authenticatorList.add( authenticator );
>             authenticators.add( authenticator );
>         }
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org


Mime
View raw message