Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "Fix authentication flow with custom authentication extension." #6494

Merged
merged 1 commit into from
Feb 14, 2025
Merged

Revert "Fix authentication flow with custom authentication extension." #6494

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 0 additions & 22 deletions ...n/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -663,7 +663,6 @@ protected void handleResponse(HttpServletRequest request, HttpServletResponse re
boolean isNoneCanHandle = true;
StepConfig stepConfig = sequenceConfig.getStepMap().get(currentStep);

handleAuthenticatorResolvingForBasicAuthMechanism(context, stepConfig);
for (AuthenticatorConfig authenticatorConfig : stepConfig.getAuthenticatorList()) {
ApplicationAuthenticator authenticator = authenticatorConfig
.getApplicationAuthenticator();
Expand Down Expand Up @@ -698,27 +697,6 @@ protected void handleResponse(HttpServletRequest request, HttpServletResponse re
}
}

private void handleAuthenticatorResolvingForBasicAuthMechanism(
AuthenticationContext context, StepConfig stepConfig) {

/* When an authenticator with the basic authentication mechanism (such as basic or identifierFirst) is engaged
in the authentication flow, the handleRequest method for that authenticator is automatically triggered at the
start, setting setCurrentAuthenticator to the corresponding authenticator. However, when the user provides
credentials, the handleResponse method is initiated, and from the method handle(HttpServletRequest,
HttpServletResponse) in the DefaultRequestCoordinator class setCurrentAuthenticator is reset to null.
As a result, when selecting the appropriate authenticator, the system iterates through the list of
authenticators in the step and checks if currentAuthenticator is null. This causes the first authenticator in
the step to always be selected. To address this, if currentAuthenticator is null and an authenticator with the
basic authentication mechanism is present, we set the corresponding authenticator as the current authenticator.
*/
for (AuthenticatorConfig authenticatorConfig : stepConfig.getAuthenticatorList()) {
if (context.getCurrentAuthenticator() == null &&
BASIC_AUTH_MECHANISM.equals(authenticatorConfig.getApplicationAuthenticator().getAuthMechanism())) {
context.setCurrentAuthenticator(authenticatorConfig.getName());
}
}
}

protected void doAuthentication(HttpServletRequest request, HttpServletResponse response,
AuthenticationContext context, AuthenticatorConfig authenticatorConfig)
throws FrameworkException {
Expand Down
Loading