From fa39ecd719b6e427fed39720b0e179fb42ca9086 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Wed, 4 Dec 2013 16:19:33 -0600 Subject: [PATCH] SEC-2367: ProviderManager rethrows InternalAuthenticationServiceExceptions --- .../security/authentication/ProviderManager.java | 3 +++ .../authentication/ProviderManagerTests.java | 14 ++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java index db1d8f7f20..41b3b3f850 100644 --- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java +++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java @@ -163,6 +163,9 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar prepareException(e, authentication); // SEC-546: Avoid polling additional providers if auth failure is due to invalid account status throw e; + } catch (InternalAuthenticationServiceException e) { + prepareException(e, authentication); + throw e; } catch (AuthenticationException e) { lastException = e; } diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java index 74f6927f3a..59aeebb9a6 100644 --- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java @@ -287,6 +287,20 @@ public class ProviderManagerTests { verify(publisher).publishAuthenticationFailure(expected, authReq); } + // SEC-2367 + @Test + public void providerThrowsInternalAuthenticationServiceException() { + InternalAuthenticationServiceException expected = new InternalAuthenticationServiceException("Expected"); + ProviderManager mgr = new ProviderManager( + Arrays.asList(createProviderWhichThrows(expected), createProviderWhichThrows(new BadCredentialsException("Oops"))), null); + final Authentication authReq = mock(Authentication.class); + + try { + mgr.authenticate(authReq); + fail("Expected Exception"); + } catch(InternalAuthenticationServiceException success) {} + } + private AuthenticationProvider createProviderWhichThrows(final AuthenticationException e) { AuthenticationProvider provider = mock(AuthenticationProvider.class); when(provider.supports(any(Class.class))).thenReturn(true);