11 سال پیش · fa39ecd719
--- a/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
+++ b/core/src/main/java/org/springframework/security/authentication/ProviderManager.java
@@ -163,6 +163,9 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar
 
				                 prepareException(e, authentication);
			
 
				                 // SEC-546: Avoid polling additional providers if auth failure is due to invalid account status
			
 
				                 throw e;
			
 
				+            } catch (InternalAuthenticationServiceException e) {
			
 
				+                prepareException(e, authentication);
			
 
				+                throw e;
			
 
				             } catch (AuthenticationException e) {
			
 
				                 lastException = e;
			
 
				             }
			
--- a/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/ProviderManagerTests.java
@@ -287,6 +287,20 @@ public class ProviderManagerTests {
 
				         verify(publisher).publishAuthenticationFailure(expected, authReq);
			
 
				     }
			
 
				 
			
 
				+    // SEC-2367
			
 
				+    @Test
			
 
				+    public void providerThrowsInternalAuthenticationServiceException() {
			
 
				+        InternalAuthenticationServiceException expected = new InternalAuthenticationServiceException("Expected");
			
 
				+        ProviderManager mgr = new ProviderManager(
			
 
				+                Arrays.asList(createProviderWhichThrows(expected), createProviderWhichThrows(new BadCredentialsException("Oops"))), null);
			
 
				+        final Authentication authReq = mock(Authentication.class);
			
 
				+
			
 
				+        try {
			
 
				+            mgr.authenticate(authReq);
			
 
				+            fail("Expected Exception");
			
 
				+        } catch(InternalAuthenticationServiceException success) {}
			
 
				+    }
			
 
				+
			
 
				     private AuthenticationProvider createProviderWhichThrows(final AuthenticationException e) {
			
 
				         AuthenticationProvider provider = mock(AuthenticationProvider.class);
			
 
				         when(provider.supports(any(Class.class))).thenReturn(true);