added option to skip failed authenticators

scm-webapp/src/main/java/sonia/scm/web/security/ChainAuthenticatonManager.java

@@ -47,6 +47,7 @@ import org.slf4j.LoggerFactory;
 import sonia.scm.SCMContextProvider;
 import sonia.scm.cache.Cache;
 import sonia.scm.cache.CacheManager;
+import sonia.scm.config.ScmConfiguration;
 import sonia.scm.security.EncryptionHandler;
 import sonia.scm.user.User;
 import sonia.scm.user.UserManager;
@@ -87,21 +88,24 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
    *
    *
    *
+   *
+   * @param configuration
    * @param userManager
    * @param authenticationHandlerSet
    * @param encryptionHandler
    * @param cacheManager
-   * @param authenticationListenerProvider
    * @param authenticationListeners
    */
   @Inject
-  public ChainAuthenticatonManager(UserManager userManager,
+  public ChainAuthenticatonManager(ScmConfiguration configuration,
+    UserManager userManager,
     Set<AuthenticationHandler> authenticationHandlerSet,
     EncryptionHandler encryptionHandler, CacheManager cacheManager,
     Set<AuthenticationListener> authenticationListeners)
   {
     AssertUtil.assertIsNotEmpty(authenticationHandlerSet);
     AssertUtil.assertIsNotNull(cacheManager);
+    this.configuration = configuration;
     this.authenticationHandlers = sort(userManager, authenticationHandlerSet);
     this.encryptionHandler = encryptionHandler;
     this.cache = cacheManager.getCache(String.class,
@@ -200,6 +204,22 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
     }
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param result
+   *
+   * @return
+   */
+  boolean stopChain(AuthenticationResult result)
+  {
+    return (result != null) && (result.getState() != null)
+      && (result.getState().isSuccessfully()
+        || ((result.getState() == AuthenticationState.FAILED)
+          &&!configuration.isSkipFailedAuthenticators()));
+  }
+
   /**
    * Method description
    *
@@ -240,9 +260,7 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
             authenticator.getClass().getName(), result);
         }
 
-        if ((result != null) && (result.getState() != null)
-          && (result.getState().isSuccessfully()
-            || (result.getState() == AuthenticationState.FAILED)))
+        if (stopChain(result))
         {
           if (result.getState().isSuccessfully() && (result.getUser() != null))
           {
@@ -378,11 +396,14 @@ public class ChainAuthenticatonManager extends AbstractAuthenticationManager
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
-  private List<AuthenticationHandler> authenticationHandlers;
+  private final List<AuthenticationHandler> authenticationHandlers;
 
   /** Field description */
-  private Cache<String, AuthenticationCacheValue> cache;
+  private final Cache<String, AuthenticationCacheValue> cache;
 
   /** Field description */
-  private EncryptionHandler encryptionHandler;
+  private final ScmConfiguration configuration;
+
+  /** Field description */
+  private final EncryptionHandler encryptionHandler;
 }

scm-webapp/src/main/webapp/resources/js/config/sonia.config.scmconfigpanel.js

@@ -51,6 +51,7 @@ Sonia.config.ScmConfigPanel = Ext.extend(Sonia.config.ConfigPanel,{
   errorSubmitMsgText: 'Could not submit config.',
   
   // TODO i18n
+  skipFailedAuthenticatorsText: 'Skip failed authenticators',
   loginAttemptLimitText: 'Login Attempt Limit',
   loginAttemptLimitTimeoutText: 'Login Attempt Limit Timeout',
   
@@ -85,6 +86,8 @@ Sonia.config.ScmConfigPanel = Ext.extend(Sonia.config.ConfigPanel,{
   adminUsersHelpText: 'Comma seperated list of users with admin permissions.',
   
   // TODO i18n
+  skipFailedAuthenticatorsHelpText: 'Do not stop the authentication chain, \n\
+                                     if an authenticator finds the user but fails to authenticate the user.',
   loginAttemptLimitHelpText: 'Maximum allowed login attempts. Use -1 to disable the login attempt limit.',
   loginAttemptLimitTimeoutHelpText: 'Timeout in seconds for users which are temporary disabled,\
                                      because of too many failed login attempts.',
@@ -157,6 +160,12 @@ Sonia.config.ScmConfigPanel = Ext.extend(Sonia.config.ConfigPanel,{
           name: 'anonymousAccessEnabled',
           inputValue: 'true',
           helpText: this.allowAnonymousAccessHelpText
+        },{
+          xtype: 'checkbox',
+          fieldLabel: this.skipFailedAuthenticatorsText,
+          name: 'skip-failed-authenticators',
+          inputValue: 'true',
+          helpText: this.skipFailedAuthenticatorsHelpText
         },{
           xtype: 'numberfield',
           fieldLabel: this.loginAttemptLimitText,

scm-webapp/src/main/webapp/resources/js/i18n/de.js

@@ -40,7 +40,7 @@ if (Ext.form.VTypes){
     passwordText: 'Die Passwörter stimmen nicht überein!',
     nameTest: 'Der Name ist invalid.',
     usernameText: 'Der Benutzername ist invalid.',
-    repositoryNameText: 'Der Name des Repositorys ist ungültig.',
+    repositoryNameText: 'Der Name des Repositorys ist ungültig.'
   });
 
 }
@@ -349,6 +349,10 @@ if (Sonia.config.ScmConfigPanel){
     adminGroupsHelpText: 'Komma getrennte Liste von Gruppen mit Administrationsrechten.',
     adminUsersHelpText: 'Komma getrennte Liste von Benutzern mit Administrationsrechten.',
     
+    skipFailedAuthenticatorsText: 'Überspringe fehlgeschlagene Authentifizierer',
+    skipFailedAuthenticatorsHelpText: 'Setzt die Authentifizierungs-Kette fort,\n\
+                                       auch wenn ein ein Authentifizierer einen Benutzer gefunden hat,\n\
+                                       diesen aber nicht Authentifizieren kann.',
     loginAttemptLimitText: 'Login Attempt Limit',
     loginAttemptLimitTimeoutText: 'Login Attempt Limit Timeout',
     loginAttemptLimitHelpText: 'Maximale Anzahl gescheiterte Loginversuche. Der Wert -1 deaktiviert die Begrenzung.',