diff --git a/modules/gplazma2/src/main/java/org/dcache/gplazma/GPlazma.java b/modules/gplazma2/src/main/java/org/dcache/gplazma/GPlazma.java index 61080da7677..d01ede32fe4 100644 --- a/modules/gplazma2/src/main/java/org/dcache/gplazma/GPlazma.java +++ b/modules/gplazma2/src/main/java/org/dcache/gplazma/GPlazma.java @@ -139,6 +139,23 @@ public LoginReply login(Subject subject) throws AuthenticationException { loginObservers.forEach(o -> o.accept(result)); return reply; } catch (AuthenticationException e) { + /* REVISIT The following is a work-around to ensure the set of + * door-supplied information is available. This is only done if + * the AUTH phase is not attempted to avoid creating extra work + * for the common case (AUTH phase is attempted). + */ + if (!result.hasStarted()) { + var authPhase = result.getAuthPhase(); + authPhase.setPublicCredentials(subject.getPublicCredentials()); + authPhase.setPrivateCredentials(subject.getPrivateCredentials()); + result.setInitialPrincipals(subject.getPrincipals()); + /* FIXME currently need to treat a failure to initialise + * gPlazma as a validation error in order to inject the error + * message in the logged response. + */ + result.setValidationResult(Result.FAIL); + result.setValidationError(e.getMessage()); + } loginObservers.forEach(o -> o.accept(result)); throw e; } @@ -290,7 +307,7 @@ private Setup buildSetup() throws GPlazmaInternalException { plugin = pluginLoader.newPluginByName(pluginName, combinedProperties); } catch (PluginLoadingException e) { throw new PluginLoadingException( - "failed to create " + pluginName + ": " + e.getMessage(), e); + "failed to create plugin \"" + pluginName + "\": " + e.getMessage(), e); } ConfigurationItemControl control = item.getControl(); diff --git a/modules/gplazma2/src/main/java/org/dcache/gplazma/monitor/LoginResult.java b/modules/gplazma2/src/main/java/org/dcache/gplazma/monitor/LoginResult.java index a3fe653eb7a..e408704c263 100644 --- a/modules/gplazma2/src/main/java/org/dcache/gplazma/monitor/LoginResult.java +++ b/modules/gplazma2/src/main/java/org/dcache/gplazma/monitor/LoginResult.java @@ -5,6 +5,7 @@ import com.google.common.collect.Sets; import java.security.Principal; import java.util.ArrayList; +import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -16,6 +17,9 @@ */ public class LoginResult { + private static final SetDiff EMPTY_TO_EMPTY = + new SetDiff(Collections.emptySet(), Collections.emptySet()); + private final AuthPhaseResult _authPhase = new AuthPhaseResult(); private final MapPhaseResult _mapPhase = new MapPhaseResult(); private final AccountPhaseResult _accountPhase = new AccountPhaseResult(); @@ -83,6 +87,15 @@ public boolean hasStarted() { return getAuthPhase().hasHappened(); } + /** + * Store the initial set of principals, as received by gPlazma from the + * door. + * @param initial The door-supplied set of principals. + */ + public void setInitialPrincipals(Set initial) { + _authPhase.setPrincipals(initial, initial); + } + /** * Returns whether gPlazma finished all four phases of the login process. *

@@ -102,7 +115,7 @@ public static class PhaseResult { private final List _plugins = new ArrayList<>(); private final String _name; - private SetDiff _principals; + private SetDiff _principals = EMPTY_TO_EMPTY; private Result _result; private boolean _hasHappened;