search

mam-dev / cosmo

Cosmo Calendar Server implements the server side of the CalDAV protocol.
Apache License 2.0
78 stars 45 forks source link

Bug in AuthenticationProviderProxyFactory #10

Closed TorstenF76 closed 6 years ago

TorstenF76 commented 7 years ago

In AuthenticationProviderProxyFactory Line 53: 

52:                   UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(userDetails, authentication.getCredentials(), authentication.getAuthorities());

53:                   result.setAuthenticated(authentication.isAuthenticated());

a call of result.setAuthenticated(true) raises an exception: 

    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
        if (isAuthenticated) {
            throw new IllegalArgumentException(
                    "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        }

        super.setAuthenticated(false);
    }

the whole call of setAuthenticated is unnecessary as the property gets set directly within the constructor of UsernamePasswordAuthenticationToken.

So please remove the line that tries to set the authenticated property, otherwise it is not possible to use a UsernamePasswordAuthenticationToken which has authenticated set to true.

danielgrigore commented 6 years ago

Solved in version 1.6.2 by passing the authorities as well.