in redback-authentication/redback-authentication-api/src/main/java/org/apache/archiva/redback/authentication/DefaultAuthenticationManager.java [147:232]
public AuthenticationResult authenticate( AuthenticationDataSource source )
throws AccountLockedException, AuthenticationException, MustChangePasswordException
{
List<Authenticator> authenticators = this.authenticators.get( );
if ( authenticators == null || authenticators.size( ) == 0 )
{
return ( new AuthenticationResult( false, null, new AuthenticationException(
"no valid authenticators, can't authenticate" ) ) );
}
// put AuthenticationResult exceptions in a map
List<AuthenticationFailureCause> authnResultErrors = new ArrayList<AuthenticationFailureCause>( );
for ( Authenticator authenticator : authenticators )
{
final AuthenticatorControl control = getControlMap( ).get( authenticator.getId( ) );
assert control != null;
if ( authenticator.isValid( ) && control.isActive())
{
if ( authenticator.supportsDataSource( source ) )
{
AuthenticationResult authResult = authenticator.authenticate( source );
List<AuthenticationFailureCause> authenticationFailureCauses =
authResult.getAuthenticationFailureCauses( );
if ( authResult.isAuthenticated( ) )
{
//olamy: as we can chain various user managers with Archiva
// user manager authenticator can lock accounts in the following case :
// 2 user managers: ldap and jdo.
// ldap correctly find the user but cannot compare hashed password
// jdo reject password so increase loginAttemptCount
// now ldap bind authenticator work but loginAttemptCount has been increased.
// so we restore here loginAttemptCount to 0 if in authenticationFailureCauses
for ( AuthenticationFailureCause authenticationFailureCause : authenticationFailureCauses )
{
User user = authenticationFailureCause.getUser( );
if ( user != null )
{
if ( user.getCountFailedLoginAttempts( ) > 0 )
{
user.setCountFailedLoginAttempts( 0 );
if ( !userManager.isReadOnly( ) )
{
try
{
userManager.updateUser( user );
}
catch ( UserManagerException e )
{
log.debug( e.getMessage( ), e );
log.warn( "skip error updating user: {}", e.getMessage( ) );
}
}
}
}
}
return authResult;
}
if ( authenticationFailureCauses != null )
{
authnResultErrors.addAll( authenticationFailureCauses );
}
else
{
if ( authResult.getException( ) != null )
{
authnResultErrors.add(
new AuthenticationFailureCause( AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION,
authResult.getException( ).getMessage( ) ) );
}
}
}
}
else
{
log.warn( "Invalid authenticator found: " + authenticator.getId( ) );
}
}
return ( new AuthenticationResult( false, null, new AuthenticationException(
"authentication failed on authenticators: " + knownAuthenticators( ) ), authnResultErrors ) );
}