Validate system authenticators names at registering.

Thisara-Welmilla · Feb 14, 2025 · efd323a · efd323a
1 parent d5366d7
commit efd323a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/...bon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java b/...bon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java
@@ -115,6 +115,7 @@
 import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
 import org.wso2.carbon.identity.secret.mgt.core.SecretResolveManager;
 import org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager;
+import org.wso2.carbon.idp.mgt.IdentityProviderManagementServerException;
 import org.wso2.carbon.idp.mgt.IdpManager;
 import org.wso2.carbon.idp.mgt.listener.IdentityProviderMgtListener;
 import org.wso2.carbon.stratos.common.listeners.TenantMgtListener;
@@ -129,6 +130,7 @@
 
 import javax.servlet.Servlet;
 
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.CUSTOM_AUTHENTICATOR_PREFIX;
 import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils.promptOnLongWait;
 import static org.wso2.carbon.identity.base.IdentityConstants.TRUE;
 
@@ -477,8 +479,16 @@ protected void unsetRealmService(RealmService realmService) {
             policy = ReferencePolicy.DYNAMIC,
             unbind = "unsetAuthenticator"
     )
-    protected void setAuthenticator(ApplicationAuthenticator authenticator) {
-
+    protected void setAuthenticator(ApplicationAuthenticator authenticator)
+            throws IdentityProviderManagementServerException {
+
+        /* All custom authenticator names must start with the `custom-` prefix. If a system-defined authenticator is
+         attempted to be registered at server startup with a name starting with this prefix, an error will be thrown. */
+        if (authenticator.getName().startsWith(CUSTOM_AUTHENTICATOR_PREFIX)) {
+            throw new IdentityProviderManagementServerException(String.format("System-defined authenticator names " +
+                    "are not allowed to have the %s prefix. Therefore, %s cannot be registered.",
+                    CUSTOM_AUTHENTICATOR_PREFIX, authenticator.getName()));
+        }
         ApplicationAuthenticatorManager.getInstance().addSystemDefinedAuthenticator(authenticator);
 
         Property[] configProperties = null;

diff --git a/...rg/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java b/...rg/wso2/carbon/identity/application/authentication/framework/util/FrameworkConstants.java
@@ -34,6 +34,7 @@ public abstract class FrameworkConstants {
     public static final String COMMONAUTH_COOKIE = "commonAuthId";
     public static final String ALLOW_SESSION_CREATION = "allowSessionCreation";
     public static final String CONTEXT_PROP_INVALID_EMAIL_USERNAME = "InvalidEmailUsername";
+    public static final String CUSTOM_AUTHENTICATOR_PREFIX = "custom-";
     // Cookie used for post authenticaion sequence tracking
     public static final String PASTR_COOKIE = "pastr";
     public static final String CLAIM_URI_WSO2_EXT_IDP = "http://wso2.org/claims/externalIDP";