[JENKINS-34775] Don't cast inconvertible un/pw token

Fixes JENKINS-34775. The loadUserByUsername method expects to be able to get the current user's token with `SecurityContextHolder.getContext().getAuthentication()`, and assumes this method will return a GithubAuthenticationToken. When it returns a UserPasswordAuthenticationToken instead, a fatal cast was performed. We now handle the case where the current authentication context contains a UserPasswordAuthenticationToken (by throwing an exception - so, not successfully handled, but this prevents the loadUserByUsername failure bubbling up to become a job failure).
jenkinsci · May 25, 2016 · d6bc021 · d6bc021
1 parent be21b48
commit d6bc021
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
@@ -628,6 +628,7 @@ public DescriptorImpl getDescriptor() {
      *
      * @param username
      * @return
+     * @throws UserMayOrMayNotExistException
      * @throws UsernameNotFoundException
      * @throws DataAccessException
      */
@@ -636,12 +637,20 @@ public UserDetails loadUserByUsername(String username)
             throws UsernameNotFoundException, DataAccessException {
         GHUser user = null;
 
-        GithubAuthenticationToken authToken =  (GithubAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
+        Authentication token = SecurityContextHolder.getContext().getAuthentication();
 
-        if (authToken == null) {
+        if (token == null) {
             throw new UserMayOrMayNotExistException("Could not get auth token.");
         }
 
+        GithubAuthenticationToken authToken;
+
+        if (token instanceof GithubAuthenticationToken) {
+            authToken = (GithubAuthenticationToken) token;
+        } else {
+            throw new UserMayOrMayNotExistException("Unexpected authentication type: " + token);
+        }
+
         try {
             GithubOAuthUserDetails userDetails = authToken.getUserDetails(username);
             if (userDetails == null)