From 6ab926a35a3c3fc1e8b3416ae9ce5fc8fc154369 Mon Sep 17 00:00:00 2001
From: Joze RIHTARSIC <joze.rihtarsic@ext.ec.europa.eu>
Date: Wed, 20 Mar 2019 13:29:19 +0100
Subject: [PATCH] fix database connection error while loggin

---
 .../smp/auth/SMPAuthenticationProvider.java   | 28 ++++++++++++++-----
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java
index 79dd66525..411c819b9 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java
@@ -2,6 +2,8 @@ package eu.europa.ec.edelivery.smp.auth;
 
 import eu.europa.ec.edelivery.smp.data.dao.UserDao;
 import eu.europa.ec.edelivery.smp.data.model.DBUser;
+import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
+import eu.europa.ec.edelivery.smp.exceptions.SMPRuntimeException;
 import eu.europa.ec.edelivery.smp.logging.SMPLogger;
 import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
 import eu.europa.ec.edelivery.smp.logging.SMPMessageCode;
@@ -33,14 +35,26 @@ public class SMPAuthenticationProvider implements AuthenticationProvider {
         String username = auth.getName();
         String password = auth.getCredentials().toString();
 
-        Optional<DBUser> oUsr = mUserDao.findUserByIdentifier(username);
-        if (!oUsr.isPresent()){
-            LOG.securityWarn(SMPMessageCode.SEC_USER_NOT_EXISTS, username);
-            //https://www.owasp.org/index.php/Authentication_Cheat_Sheet
-            // Do not reveal the status of an existing account. Not to use UsernameNotFoundException
-            throw new BadCredentialsException("Login failed; Invalid userID or password");
+        DBUser user;
+        try {
+            Optional<DBUser> oUsr = mUserDao.findUserByIdentifier(username);
+
+            if (!oUsr.isPresent()) {
+                LOG.securityWarn(SMPMessageCode.SEC_USER_NOT_EXISTS, username);
+                //https://www.owasp.org/index.php/Authentication_Cheat_Sheet
+                // Do not reveal the status of an existing account. Not to use UsernameNotFoundException
+                throw new BadCredentialsException("Login failed; Invalid userID or password");
+            }
+
+            user = oUsr.get();
+        } catch (AuthenticationException ex) {
+            throw ex;
+
+        } catch (RuntimeException ex) {
+            LOG.error("Database connection error", ex);
+            throw new SMPRuntimeException(ErrorCode.INTERNAL_ERROR, "Internal server error", ex.getMessage());
+
         }
-        DBUser user = oUsr.get();
         String role = user.getRole();
         try {
             if (!BCrypt.checkpw(password, user.getPassword())) {
-- 
GitLab