mirror of
https://codeberg.org/Mercury-IM/Smack
synced 2024-11-26 16:22:06 +01:00
Throw an XMPPException if SASL authentication fails. SMACK-89
git-svn-id: http://svn.igniterealtime.org/svn/repos/smack/trunk@2817 b35dd754-fafc-0310-a699-88a17e54d16e
This commit is contained in:
parent
bb0a864be9
commit
283b0f33f5
3 changed files with 73 additions and 11 deletions
|
@ -316,8 +316,15 @@ class PacketReader {
|
||||||
resetParser();
|
resetParser();
|
||||||
}
|
}
|
||||||
else if (parser.getName().equals("failure")) {
|
else if (parser.getName().equals("failure")) {
|
||||||
// TLS negotiation has failed so close the connection.
|
if ("urn:ietf:params:xml:ns:xmpp-tls".equals(parser.getNamespace(null))) {
|
||||||
throw new Exception("TLS negotiation has failed");
|
// TLS negotiation has failed. The server will close the connection
|
||||||
|
throw new Exception("TLS negotiation has failed");
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// SASL authentication has failed. The server may close the connection
|
||||||
|
// depending on the number of retries
|
||||||
|
connection.getSASLAuthentication().authenticationFailed();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if (parser.getName().equals("challenge")) {
|
else if (parser.getName().equals("challenge")) {
|
||||||
// The server is challenging the SASL authentication made by the client
|
// The server is challenging the SASL authentication made by the client
|
||||||
|
|
|
@ -69,6 +69,11 @@ public class SASLAuthentication implements UserAuthentication {
|
||||||
* Boolean indicating if SASL negotiation has finished and was successful.
|
* Boolean indicating if SASL negotiation has finished and was successful.
|
||||||
*/
|
*/
|
||||||
private boolean saslNegotiated = false;
|
private boolean saslNegotiated = false;
|
||||||
|
/**
|
||||||
|
* Boolean indication if SASL authentication has failed. When failed the server may end
|
||||||
|
* the connection.
|
||||||
|
*/
|
||||||
|
private boolean saslFailed = false;
|
||||||
private boolean resourceBinded = false;
|
private boolean resourceBinded = false;
|
||||||
private boolean sessionSupported = false;
|
private boolean sessionSupported = false;
|
||||||
|
|
||||||
|
@ -186,12 +191,20 @@ public class SASLAuthentication implements UserAuthentication {
|
||||||
|
|
||||||
// Wait until SASL negotiation finishes
|
// Wait until SASL negotiation finishes
|
||||||
synchronized (this) {
|
synchronized (this) {
|
||||||
try {
|
if (!saslNegotiated && !saslFailed) {
|
||||||
wait(30000);
|
try {
|
||||||
} catch (InterruptedException e) {
|
wait(30000);
|
||||||
|
} catch (InterruptedException e) {
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (saslFailed) {
|
||||||
|
// SASL authentication failed and the server may have closed the connection
|
||||||
|
// so throw an exception
|
||||||
|
throw new XMPPException("SASL authentication failed");
|
||||||
|
}
|
||||||
|
|
||||||
if (saslNegotiated) {
|
if (saslNegotiated) {
|
||||||
// We now need to bind a resource for the connection
|
// We now need to bind a resource for the connection
|
||||||
// Open a new stream and wait for the response
|
// Open a new stream and wait for the response
|
||||||
|
@ -249,8 +262,11 @@ public class SASLAuthentication implements UserAuthentication {
|
||||||
return new NonSASLAuthentication(connection)
|
return new NonSASLAuthentication(connection)
|
||||||
.authenticate(username, password, resource);
|
.authenticate(username, password, resource);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
} catch (Exception e) {
|
catch (XMPPException e) {
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
catch (Exception e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
// SASL authentication failed so try a Non-SASL authentication
|
// SASL authentication failed so try a Non-SASL authentication
|
||||||
return new NonSASLAuthentication(connection)
|
return new NonSASLAuthentication(connection)
|
||||||
|
@ -280,7 +296,7 @@ public class SASLAuthentication implements UserAuthentication {
|
||||||
|
|
||||||
// Wait until SASL negotiation finishes
|
// Wait until SASL negotiation finishes
|
||||||
synchronized (this) {
|
synchronized (this) {
|
||||||
if (!saslNegotiated) {
|
if (!saslNegotiated && !saslFailed) {
|
||||||
try {
|
try {
|
||||||
wait(5000);
|
wait(5000);
|
||||||
} catch (InterruptedException e) {
|
} catch (InterruptedException e) {
|
||||||
|
@ -288,6 +304,12 @@ public class SASLAuthentication implements UserAuthentication {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (saslFailed) {
|
||||||
|
// SASL authentication failed and the server may have closed the connection
|
||||||
|
// so throw an exception
|
||||||
|
throw new XMPPException("SASL authentication failed");
|
||||||
|
}
|
||||||
|
|
||||||
if (saslNegotiated) {
|
if (saslNegotiated) {
|
||||||
// Bind a resource for this connection and
|
// Bind a resource for this connection and
|
||||||
return bindResourceAndEstablishSession(null);
|
return bindResourceAndEstablishSession(null);
|
||||||
|
@ -366,6 +388,15 @@ public class SASLAuthentication implements UserAuthentication {
|
||||||
this.serverMechanisms = mechanisms;
|
this.serverMechanisms = mechanisms;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if the user was able to authenticate with the server usins SASL.
|
||||||
|
*
|
||||||
|
* @return true if the user was able to authenticate with the server usins SASL.
|
||||||
|
*/
|
||||||
|
public boolean isAuthenticated() {
|
||||||
|
return saslNegotiated;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The server is challenging the SASL authentication we just sent. Forward the challenge
|
* The server is challenging the SASL authentication we just sent. Forward the challenge
|
||||||
* to the current SASLMechanism we are using. The SASLMechanism will send a response to
|
* to the current SASLMechanism we are using. The SASLMechanism will send a response to
|
||||||
|
@ -391,6 +422,18 @@ public class SASLAuthentication implements UserAuthentication {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Notification message saying that SASL authentication has failed. The server may have
|
||||||
|
* closed the connection depending on the number of possible retries.
|
||||||
|
*/
|
||||||
|
void authenticationFailed() {
|
||||||
|
synchronized (this) {
|
||||||
|
saslFailed = true;
|
||||||
|
// Wake up the thread that is waiting in the #authenticate method
|
||||||
|
notify();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Notification message saying that the server requires the client to bind a
|
* Notification message saying that the server requires the client to bind a
|
||||||
* resource to the stream.
|
* resource to the stream.
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
package org.jivesoftware.smack;
|
package org.jivesoftware.smack;
|
||||||
|
|
||||||
import org.jivesoftware.smack.test.SmackTestCase;
|
import org.jivesoftware.smack.test.SmackTestCase;
|
||||||
|
import org.jivesoftware.smack.util.StringUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Includes set of login tests.
|
* Includes set of login tests.
|
||||||
|
@ -38,8 +39,10 @@ public class LoginTest extends SmackTestCase {
|
||||||
fail("Invalid user was able to log into the server");
|
fail("Invalid user was able to log into the server");
|
||||||
}
|
}
|
||||||
catch (XMPPException e) {
|
catch (XMPPException e) {
|
||||||
assertEquals("Incorrect error code while login with an invalid user", 401,
|
if (e.getXMPPError() != null) {
|
||||||
e.getXMPPError().getCode());
|
assertEquals("Incorrect error code while login with an invalid user", 401,
|
||||||
|
e.getXMPPError().getCode());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
// Wait here while trying tests with exodus
|
// Wait here while trying tests with exodus
|
||||||
//Thread.sleep(300);
|
//Thread.sleep(300);
|
||||||
|
@ -91,7 +94,16 @@ public class LoginTest extends SmackTestCase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
conn.login("user_1", "user_1", null);
|
conn.login("user_1", "user_1", null);
|
||||||
fail("User with no resource was able to log into the server");
|
if (conn.getSASLAuthentication().isAuthenticated()) {
|
||||||
|
// Check that the server assigned a resource
|
||||||
|
assertNotNull("JID assigned by server is missing", conn.getUser());
|
||||||
|
assertNotNull("JID assigned by server does not have a resource",
|
||||||
|
StringUtils.parseResource(conn.getUser()));
|
||||||
|
conn.close();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
fail("User with no resource was able to log into the server");
|
||||||
|
}
|
||||||
|
|
||||||
} catch (XMPPException e) {
|
} catch (XMPPException e) {
|
||||||
assertEquals("Wrong error code returned", 406, e.getXMPPError().getCode());
|
assertEquals("Wrong error code returned", 406, e.getXMPPError().getCode());
|
||||||
|
|
Loading…
Reference in a new issue