SEC-1940: ProviderManager publishes any AccountStatusException

rwinch · rwinch · commit 734188206d26 · 2012-07-30T14:09:50.000-05:00
Previously there was a bug introduced by SEC-546 that prevented any
AccountStatusException from being published.

Now AccountStatusExceptions are also published.
diff --git a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -197,14 +197,14 @@ public Authentication authenticate(Authentication authentication) throws Authent
                         new Object[] {toTest.getName()}, "No AuthenticationProvider found for {0}"));
         }
 
-        eventPublisher.publishAuthenticationFailure(lastException, authentication);
         prepareException(lastException, authentication);
 
         throw lastException;
     }
 
     @SuppressWarnings("deprecation")
     private void prepareException(AuthenticationException ex, Authentication auth) {
+        eventPublisher.publishAuthenticationFailure(ex, auth);
         ex.setAuthentication(auth);
 
         if (clearExtraInformation) {
diff --git a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -267,6 +267,26 @@ public void authenticationExceptionFromParentOverridesPreviousOnes() throws Exce
         verify(publisher).publishAuthenticationFailure(expected, authReq);
     }
 
+    @Test
+    @SuppressWarnings("deprecation")
+    public void statusExceptionIsPublished() throws Exception {
+        AuthenticationManager parent = mock(AuthenticationManager.class);
+        final LockedException expected = new LockedException("");
+        ProviderManager mgr = new ProviderManager(
+                Arrays.asList(createProviderWhichThrows(expected)), parent);
+        final Authentication authReq = mock(Authentication.class);
+        AuthenticationEventPublisher publisher = mock(AuthenticationEventPublisher.class);
+        mgr.setAuthenticationEventPublisher(publisher);
+        try {
+            mgr.authenticate(authReq);
+            fail("Expected exception");
+        } catch (LockedException e) {
+            assertSame(expected, e);
+            assertSame(authReq, e.getAuthentication());
+        }
+        verify(publisher).publishAuthenticationFailure(expected, authReq);
+    }
+
     private AuthenticationProvider createProviderWhichThrows(final AuthenticationException e) {
         AuthenticationProvider provider = mock(AuthenticationProvider.class);
         when(provider.supports(any(Class.class))).thenReturn(true);

Original file line number	Diff line number	Diff line change
`@@ -197,14 +197,14 @@ public Authentication authenticate(Authentication authentication) throws Authent`
`197`	`197`	`new Object[] {toTest.getName()}, "No AuthenticationProvider found for {0}"));`
`198`	`198`	`}`
`199`	`199`
`200`		`- eventPublisher.publishAuthenticationFailure(lastException, authentication);`
`201`	`200`	`prepareException(lastException, authentication);`
`202`	`201`
`203`	`202`	`throw lastException;`
`204`	`203`	`}`
`205`	`204`
`206`	`205`	`@SuppressWarnings("deprecation")`
`207`	`206`	`private void prepareException(AuthenticationException ex, Authentication auth) {`
	`207`	`+ eventPublisher.publishAuthenticationFailure(ex, auth);`
`208`	`208`	`ex.setAuthentication(auth);`
`209`	`209`
`210`	`210`	`if (clearExtraInformation) {`