Authentication service fix.

Clean context if login fails or ticket validation falis

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2030 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/security/authentication/AbstractAuthenticationComponent.java

@@ -57,8 +57,13 @@ public abstract class AbstractAuthenticationComponent implements AuthenticationC
      *            String
      * @return Authentication
      */
-    public Authentication setCurrentUser(String userName)
+    public Authentication setCurrentUser(String userName) throws AuthenticationException
     {
+        if(userName == null)
+        {
+            throw new AuthenticationException("Null user name");
+        }
+        
         try
         {
             UserDetails ud = null;

source/java/org/alfresco/repo/security/authentication/AuthenticationServiceImpl.java

@@ -88,7 +88,15 @@ public class AuthenticationServiceImpl implements AuthenticationService
 
     public void authenticate(String userName, char[] password) throws AuthenticationException
     {
-        authenticationComponent.authenticate(userName, password);
+        try
+        {
+           authenticationComponent.authenticate(userName, password);
+        }
+        catch(AuthenticationException ae)
+        {
+            clearCurrentSecurityContext();
+            throw ae;
+        }
     }
 
     public String getCurrentUserName() throws AuthenticationException
@@ -108,7 +116,15 @@ public class AuthenticationServiceImpl implements AuthenticationService
 
     public void validate(String ticket) throws AuthenticationException
     {
-        authenticationComponent.setCurrentUser(ticketComponent.validateTicket(ticket));
+        try
+        {
+           authenticationComponent.setCurrentUser(ticketComponent.validateTicket(ticket));
+        }
+           catch(AuthenticationException ae)
+           {
+               clearCurrentSecurityContext();
+               throw ae;
+           } 
     }
 
     public String getCurrentTicket()

source/java/org/alfresco/repo/security/authentication/AuthenticationTest.java

@@ -58,7 +58,7 @@ import org.springframework.context.ApplicationContext;
 public class AuthenticationTest extends TestCase
 {
     private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
-
+    
     private NodeService nodeService;
 
     private SearchService searchService;
@@ -470,6 +470,7 @@ public class AuthenticationTest extends TestCase
         tc.validateTicket(ticket);
         tc.validateTicket(ticket);
         tc.validateTicket(ticket);
+        
         synchronized (this)
         {
             try
@@ -490,6 +491,50 @@ public class AuthenticationTest extends TestCase
         catch (AuthenticationException e)
         {
 
+        }
+        
+        try
+        {
+            tc.validateTicket(ticket);
+            assertNotNull(null);
+        }
+        catch (AuthenticationException e)
+        {
+
+        }
+        
+        try
+        {
+            tc.validateTicket(ticket);
+            assertNotNull(null);
+        }
+        catch (AuthenticationException e)
+        {
+
+        }
+        
+        
+        synchronized (this)
+        {
+            try
+            {
+                wait(10000);
+            }
+            catch (InterruptedException e)
+            {
+                // TODO Auto-generated catch block
+                e.printStackTrace();
+            }
+        }
+        
+        try
+        {
+            tc.validateTicket(ticket);
+            assertNotNull(null);
+        }
+        catch (AuthenticationException e)
+        {
+
         }
 
         dao.deleteUser("Andy");
@@ -579,6 +624,7 @@ public class AuthenticationTest extends TestCase
 
         }
 
+        authenticationService.authenticate("Andy", "auth3".toCharArray());
         // get the ticket that represents the current user authentication
         // instance
         String ticket = authenticationService.getCurrentTicket();
@@ -596,7 +642,35 @@ public class AuthenticationTest extends TestCase
         {
 
         }
+        
+        Authentication current = authenticationComponent.getCurrentAuthentication();
+        if(current != null)
+        {
+            assertFalse(current.isAuthenticated());
+        }
 
+        try
+        {
+            authenticationService.validate(ticket);
+            assertNotNull(null);
+        }
+        catch (AuthenticationException e)
+        {
+
+        }
+
+        
+        try
+        {
+            authenticationService.validate(ticket);
+            assertNotNull(null);
+        }
+        catch (AuthenticationException e)
+        {
+
+        }
+
+        
         // clear any context and check we are no longer authenticated
         authenticationService.clearCurrentSecurityContext();
         assertNull(authenticationService.getCurrentUserName());
@@ -650,6 +724,7 @@ public class AuthenticationTest extends TestCase
 
         }
 
+        pubAuthenticationService.authenticate("Andy", "auth3".toCharArray());
         // get the ticket that represents the current user authentication
         // instance
         String ticket = pubAuthenticationService.getCurrentTicket();