ACS-778: Fixed IDS auth component by allowing other authentication components in the chain to have a go at authenticating the given user.

2025-07-24 17:32:48 +00:00 · 2020-11-17 21:31:30 +00:00
parent 30da34a683
commit 427777a048
3 changed files with 56 additions and 4 deletions
--- a/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceAuthenticationComponent.java
+++ b/repository/src/main/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceAuthenticationComponent.java
@@ -25,6 +25,9 @@
 */
 package org.alfresco.repo.security.authentication.identityservice;

+import java.net.ConnectException;
+
+import org.alfresco.error.ExceptionStackUtil;
 import org.alfresco.repo.management.subsystems.ActivateableBean;
 import org.alfresco.repo.security.authentication.AbstractAuthenticationComponent;
 import org.alfresco.repo.security.authentication.AuthenticationException;
@@ -91,6 +94,23 @@ public class IdentityServiceAuthenticationComponent extends AbstractAuthenticati

            throw new AuthenticationException("Failed to authenticate user against Keycloak.", e);
        }
+        catch (RuntimeException e)
+        {
+            Throwable cause = ExceptionStackUtil.getCause(e, ConnectException.class);
+            if (cause != null)
+            {
+                if (logger.isWarnEnabled())
+                {
+                    logger.warn("Couldn't connect to Keycloak server to authenticate user. Reason: " + cause.getMessage());
+                }
+                throw new AuthenticationException("Couldn't connect to Keycloak server to authenticate user.", cause);
+            }
+            if (logger.isDebugEnabled())
+            {
+                logger.debug("Error occurred while authenticating user against Keycloak. Reason: " + e.getMessage());
+            }
+            throw new AuthenticationException("Error occurred while authenticating user against Keycloak.", e);
+        }
    }

    public void setActive(boolean active)
--- a/repository/src/test/java/org/alfresco/AppContext05TestSuite.java
+++ b/repository/src/test/java/org/alfresco/AppContext05TestSuite.java
@@ -58,6 +58,7 @@ import org.junit.runners.Suite;
    org.alfresco.repo.security.person.HomeFolderProviderSynchronizerTest.class,
    org.alfresco.repo.domain.permissions.FixedAclUpdaterTest.class,
    org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapperTest.class,
+    org.alfresco.repo.security.authentication.identityservice.IdentityServiceAuthenticationComponentTest.class,
    org.alfresco.repo.security.authentication.identityservice.IdentityServiceRemoteUserMapperTest.class,
    org.alfresco.repo.security.authentication.subsystems.SubsystemChainingFtpAuthenticatorTest.class,
    org.alfresco.repo.security.authentication.external.LocalAuthenticationServiceTest.class,
--- a/repository/src/test/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceAuthenticationComponentTest.java
+++ b/repository/src/test/java/org/alfresco/repo/security/authentication/identityservice/IdentityServiceAuthenticationComponentTest.java
@@ -25,6 +25,12 @@
 */
 package org.alfresco.repo.security.authentication.identityservice;

+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.net.ConnectException;
+
+import org.alfresco.error.ExceptionStackUtil;
 import org.alfresco.repo.security.authentication.AuthenticationContext;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
@@ -39,12 +45,10 @@ import org.keycloak.authorization.client.AuthzClient;
 import org.keycloak.authorization.client.util.HttpResponseException;
 import org.keycloak.representations.AccessTokenResponse;
 import org.springframework.beans.factory.annotation.Autowired;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;

 public class IdentityServiceAuthenticationComponentTest extends BaseSpringTest
 {
-    private IdentityServiceAuthenticationComponent authComponent = new IdentityServiceAuthenticationComponent();
+    private final IdentityServiceAuthenticationComponent authComponent = new IdentityServiceAuthenticationComponent();

    @Autowired
    private AuthenticationContext authenticationContext;
@@ -91,6 +95,33 @@ public class IdentityServiceAuthenticationComponentTest extends BaseSpringTest
        authComponent.authenticateImpl("username", "password".toCharArray());
    }

+    @Test(expected = AuthenticationException.class)
+    public void testAuthenticationFail_connectionException()
+    {
+        when(mockAuthzClient.obtainAccessToken("username", "password")).thenThrow(
+                    new RuntimeException("Couldn't connect to server", new ConnectException("ConnectionRefused")));
+
+        try
+        {
+            authComponent.authenticateImpl("username", "password".toCharArray());
+        }
+        catch (RuntimeException ex)
+        {
+            Throwable cause = ExceptionStackUtil.getCause(ex, ConnectException.class);
+            assertNotNull(cause);
+            throw ex;
+        }
+    }
+
+    @Test (expected=AuthenticationException.class)
+    public void testAuthenticationFail_otherException()
+    {
+        when(mockAuthzClient.obtainAccessToken("username", "password"))
+                    .thenThrow(new RuntimeException("Some other errors!"));
+
+        authComponent.authenticateImpl("username", "password".toCharArray());
+    }
+
    @Test
    public void testAuthenticationPass()
    {
@@ -119,4 +150,4 @@ public class IdentityServiceAuthenticationComponentTest extends BaseSpringTest
        authComponent.setAllowGuestLogin(false);
        assertFalse(authComponent.guestUserAuthenticationAllowed());
    }
-}
+}