Empty username is not allowed

mujina-common/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.openconext</groupId>
     <artifactId>mujina</artifactId>
-    <version>7.0.2</version>
+    <version>7.0.3</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

mujina-idp/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.openconext</groupId>
     <artifactId>mujina</artifactId>
-    <version>7.0.2</version>
+    <version>7.0.3</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

mujina-idp/src/main/java/mujina/idp/AuthenticationProvider.java

@@ -5,6 +5,7 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.util.StringUtils;
 
 import java.util.Arrays;
 
@@ -20,6 +21,9 @@ public AuthenticationProvider(IdpConfiguration idpConfiguration) {
 
   @Override
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+    if (StringUtils.isEmpty(authentication.getPrincipal())) {
+      throw new InvalidAuthenticationException("Principal may not be empty");
+    }
     if (idpConfiguration.getAuthenticationMethod().equals(ALL)) {
       return new FederatedUserAuthenticationToken(
         authentication.getPrincipal(),
@@ -33,7 +37,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
         .findFirst().map(userAuthenticationToken ->
           //need to copy or else credentials are erased for future logins
           userAuthenticationToken.clone())
-        .orElseThrow(() -> new AuthenticationException("User not found or bad credentials") {
+        .orElseThrow(() -> new InvalidAuthenticationException("User not found or bad credentials") {
         });
     }
   }

mujina-idp/src/main/java/mujina/idp/InvalidAuthenticationException.java

@@ -0,0 +1,10 @@
+package mujina.idp;
+
+import org.springframework.security.core.AuthenticationException;
+
+public class InvalidAuthenticationException extends AuthenticationException {
+
+  public InvalidAuthenticationException(String msg) {
+    super(msg);
+  }
+}

mujina-idp/src/main/resources/application.yml

@@ -29,7 +29,7 @@ idp:
   # Number of seconds after a message issue instant after which the message is considered expired
   expires: 300
   # Authentication method ALL for every username / password combination and USER for the configured users
-  auth_method: USER
+  auth_method: ALL
   # Are endpoints compared. If so then pay notice to the base_url when behind a load balancer
   compare_endpoints: true
 

mujina-idp/src/test/java/mujina/AbstractIntegrationTest.java

@@ -14,7 +14,7 @@
 import static org.apache.http.HttpStatus.SC_OK;
 
 @RunWith(SpringRunner.class)
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, properties = {"idp.auth_method=USER"})
 public abstract class AbstractIntegrationTest {
 
   @Autowired

mujina-sp/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.openconext</groupId>
     <artifactId>mujina</artifactId>
-    <version>7.0.2</version>
+    <version>7.0.3</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

pom.xml

@@ -20,7 +20,7 @@
 
   <groupId>org.openconext</groupId>
   <artifactId>mujina</artifactId>
-  <version>7.0.2</version>
+  <version>7.0.3</version>
   <packaging>pom</packaging>
 
   <properties>