From 78c19dde80e42731f9e89773469356d063bdba2c Mon Sep 17 00:00:00 2001 From: j2blake Date: Thu, 2 Feb 2012 16:18:22 +0000 Subject: [PATCH] NIHVIVO-2694 Make sure that the BasicAuthenticator and the AuthenticatorStub comply to the contract on throwing LoginNotPermitted exceptions. --- .../vitro/webapp/controller/authenticate/Authenticator.java | 3 +++ .../webapp/controller/authenticate/BasicAuthenticator.java | 5 ++++- .../webapp/controller/authenticate/AuthenticatorStub.java | 6 +++++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java index 6cb4b49cf..28755fc73 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java @@ -92,6 +92,9 @@ public abstract class Authenticator { * Behavior when userAccount is null depends on the particular * Authenticator. An answer of "true" presumably means that the user will be * permitted to login and create an account on the fly. + * + * Note that this method may rely on the HttpServletRequest object that was + * provided to the factory when this instance was created. */ public abstract boolean isUserPermittedToLogin(UserAccount userAccount); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java index 918630107..3e3aa3d97 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java @@ -142,7 +142,10 @@ public class BasicAuthenticator extends Authenticator { @Override public void recordLoginAgainstUserAccount(UserAccount userAccount, - AuthenticationSource authSource) { + AuthenticationSource authSource) throws LoginNotPermitted { + if (!isUserPermittedToLogin(userAccount)) { + throw new LoginNotPermitted(); + } if (userAccount == null) { log.error("Trying to record the login of a null user. "); return; diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java index 84fba7c0d..65c44b184 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java @@ -137,7 +137,11 @@ public class AuthenticatorStub extends Authenticator { @Override public void recordLoginAgainstUserAccount(UserAccount userAccount, - AuthenticationSource authSource) { + AuthenticationSource authSource) throws LoginNotPermitted { + if (!isUserPermittedToLogin(userAccount)) { + throw new LoginNotPermitted(); + } + recordedLogins.add(userAccount.getEmailAddress()); LoginStatusBean lsb = new LoginStatusBean(userAccount.getUri(),