Uploaded image for project: 'Spring Security'
  1. Spring Security
  2. SEC-1569

AuthenticationSuccessEvent is published twice when ProviderManager has a parent ProviderManager

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 3.0.3
    • Fix Version/s: 3.1.0.M2
    • Component/s: Core
    • Labels:
      None

      Description

      I've configured spring security using the namespace. In particular, I have the following configs:

      <sec:http>
      ...
      <sec:anonymous enabled="true"/>
      ...
      </sec:http>

      <sec:authentication-manager erase-credentials="true">
      <sec:authentication-provider ref="myAuthProvider"/>
      </sec:authentication-manager>

      This results in a ProviderManager that has the AnonymousAuthenticationProvider and a parent ProviderManager which has MyAuthProvider. During a valid authentication attempt by a user, the AnonymousAuthenticationProvider is skipped and the parent ProviderManager is invoked (line 148 in ProviderManager). This one successfully authenticates the user and publishes an AuthenticationSuccessEvent. The problem is that when this parent ProviderManager returns, the first ProviderManager publishes the success event again (lines 157-165).

        Activity

        Hide
        luke Luke Taylor added a comment -

        Are you sure you aren't seeing both the event from the filter and the one from the ProviderManager. Could you provide some log output or other information to illustrate the problem please?

        Show
        luke Luke Taylor added a comment - Are you sure you aren't seeing both the event from the filter and the one from the ProviderManager. Could you provide some log output or other information to illustrate the problem please?
        Hide
        nikitad Nikita D added a comment -

        DEBUG log output.

        Show
        nikitad Nikita D added a comment - DEBUG log output.
        Hide
        nikitad Nikita D added a comment -

        Hi Luke, you are right, the eventPublisher of the parent ProviderManager is actually a NullEventPublisher. The second success event is coming from UsernamePasswordAuthenticationFilter which publishes an InteractiveAuthenticationSuccessEvent (as opposed to the AuthenticationSuccessEvent published by the ProviderManager). I've attached the DEBUG log for reference. I'm guessing the two events are intentional and I can just ignore one in my listener based on the even class? Thank you for the help, sorry for logging this too hastily.
        Nikita

        Show
        nikitad Nikita D added a comment - Hi Luke, you are right, the eventPublisher of the parent ProviderManager is actually a NullEventPublisher. The second success event is coming from UsernamePasswordAuthenticationFilter which publishes an InteractiveAuthenticationSuccessEvent (as opposed to the AuthenticationSuccessEvent published by the ProviderManager). I've attached the DEBUG log for reference. I'm guessing the two events are intentional and I can just ignore one in my listener based on the even class? Thank you for the help, sorry for logging this too hastily. Nikita
        Hide
        luke Luke Taylor added a comment -

        No problem.

        Show
        luke Luke Taylor added a comment - No problem.

          People

          • Assignee:
            luke Luke Taylor
            Reporter:
            nikitad Nikita D
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: