Skip to content

Fix potential ClassCastException during shadow user create#3893

Merged
strehle merged 3 commits into
developfrom
fix/issue/3655/classcast
May 5, 2026
Merged

Fix potential ClassCastException during shadow user create#3893
strehle merged 3 commits into
developfrom
fix/issue/3655/classcast

Conversation

@strehle
Copy link
Copy Markdown
Member

@strehle strehle commented May 4, 2026
edited
Loading

see #3655

@strehle strehle linked an issue May 4, 2026 that may be closed by this pull request
ExternalLoginAuthenticationManager.java should catch a expeption #3655
Closed
@strehle strehle requested a review from Copilot May 4, 2026 06:10
Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens external authentication so that a ClassCastException when evaluating the “add shadow user on login” policy no longer crashes authentication, and instead fails closed with the existing “pre-created account required” behavior.

Changes:

  • Wraps shadow-user auto-creation policy evaluation to catch ClassCastException and disable auto-creation in that case.
  • Adds a regression test ensuring ClassCastException during policy evaluation results in AccountNotPreCreatedException and no events are published.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
server/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/ExternalLoginAuthenticationManager.java Adds canAddNewShadowUser() wrapper to handle ClassCastException and log a warning while failing closed.
server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/ExternalLoginAuthenticationManagerTest.java Adds a test covering the ClassCastException path during shadow user creation checks.

Comment thread ...cloudfoundry/identity/uaa/authentication/manager/ExternalLoginAuthenticationManagerTest.java Outdated
Comment thread ...org/cloudfoundry/identity/uaa/authentication/manager/ExternalLoginAuthenticationManager.java Outdated
@strehle strehle requested a review from Copilot May 4, 2026 08:28
Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@strehle strehle requested review from Copilot, duanemay and fhanik May 4, 2026 08:32
Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comment thread .../java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerIT.java Outdated
@strehle strehle requested a review from Copilot May 4, 2026 08:52
Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@strehle strehle requested a review from Copilot May 4, 2026 09:02
Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

@github-project-automation github-project-automation Bot moved this from Inbox to Pending Merge | Prioritized in Foundational Infrastructure Working Group May 5, 2026
@fhanik fhanik added the accepted Accepted the issue label May 5, 2026
@strehle strehle merged commit d847029 into develop May 5, 2026
36 of 37 checks passed
@strehle strehle deleted the fix/issue/3655/classcast branch May 5, 2026 20:02
@github-project-automation github-project-automation Bot moved this from Pending Merge | Prioritized to Done in Foundational Infrastructure Working Group May 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@fhanik fhanik fhanik approved these changes

@duanemay duanemay Awaiting requested review from duanemay

Assignees

No one assigned

Labels

accepted Accepted the issue

Projects

Foundational Infrastructure Working Group
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ExternalLoginAuthenticationManager.java should catch a expeption

3 participants

@strehle @fhanik