SEC-760: Correct bug where more than one concurrent JaasAuthenticationProvider used.

core/src/main/java/org/springframework/security/providers/jaas/JaasAuthenticationProvider.java

@@ -158,7 +158,7 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
         Assert.hasLength(loginContextName, "loginContextName must be set on " + getClass());
 
         configureJaas(loginConfig);
-
+        
         Assert.notNull(Configuration.getConfiguration(),
               "As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html "
             + "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is "
@@ -246,6 +246,9 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
      */
     protected void configureJaas(Resource loginConfig) throws IOException {
         configureJaasUsingLoop();
+
+        // Overcome issue in SEC-760
+        Configuration.getConfiguration().refresh();
     }
 
     /**
@@ -375,7 +378,9 @@ public class JaasAuthenticationProvider implements AuthenticationProvider, Appli
      * @param token The {@link UsernamePasswordAuthenticationToken} being processed
      */
     protected void publishSuccessEvent(UsernamePasswordAuthenticationToken token) {
-        applicationEventPublisher.publishEvent(new JaasAuthenticationSuccessEvent(token));
+        if (applicationEventPublisher != null) {
+        	applicationEventPublisher.publishEvent(new JaasAuthenticationSuccessEvent(token));
+        }
     }
 
     /**

core/src/test/java/org/springframework/security/providers/jaas/Sec760Tests.java

@@ -0,0 +1,64 @@
+package org.springframework.security.providers.jaas;
+
+import java.net.URL;
+import java.security.Security;
+
+import javax.security.auth.login.LoginContext;
+
+import junit.framework.Assert;
+
+import org.junit.Test;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+
+/**
+ * Tests bug reported in SEC-760.
+ * 
+ * @author Ben Alex
+ *
+ */
+public class Sec760Tests {
+
+	public String resolveConfigFile(String filename) {
+        String resName = "/" + getClass().getPackage().getName().replace('.', '/') + filename;
+        return resName;
+	}
+	
+	private void testConfigureJaasCase(JaasAuthenticationProvider p1, JaasAuthenticationProvider p2) throws Exception {
+		p1.setLoginConfig(new ClassPathResource(resolveConfigFile("/test1.conf")));
+		p1.setLoginContextName("test1");
+		p1.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {new TestCallbackHandler(), new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler()});
+		p1.setAuthorityGranters(new AuthorityGranter[] {new TestAuthorityGranter()});
+		p1.afterPropertiesSet();
+		testAuthenticate(p1);
+
+		p2.setLoginConfig(new ClassPathResource(resolveConfigFile("/test2.conf")));
+		p2.setLoginContextName("test2");
+		p2.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {new TestCallbackHandler(), new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler()});
+		p2.setAuthorityGranters(new AuthorityGranter[] {new TestAuthorityGranter()});
+		p2.afterPropertiesSet();
+		testAuthenticate(p2);
+	}
+	
+	private void testAuthenticate(JaasAuthenticationProvider p1) {
+        GrantedAuthorityImpl role1 = new GrantedAuthorityImpl("ROLE_1");
+        GrantedAuthorityImpl role2 = new GrantedAuthorityImpl("ROLE_2");
+
+        GrantedAuthority[] defaultAuths = new GrantedAuthority[] {role1, role2,};
+
+        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password",
+                defaultAuths);
+
+        Authentication auth = p1.authenticate(token);
+		Assert.assertNotNull(auth);
+	}
+
+	@Test
+	public void testConfigureJaas() throws Exception {
+		testConfigureJaasCase(new JaasAuthenticationProvider(), new JaasAuthenticationProvider());
+	}
+
+}

core/src/test/resources/org/springframework/security/providers/jaas/test1.conf

@@ -0,0 +1,3 @@
+test1 {
+    org.springframework.security.providers.jaas.TestLoginModule required;
+};

core/src/test/resources/org/springframework/security/providers/jaas/test2.conf

@@ -0,0 +1,3 @@
+test2 {
+    org.springframework.security.providers.jaas.TestLoginModule required;
+};