Search in sources :

Example 1 with ConnectionException

use of org.jivesoftware.openfire.auth.ConnectionException in project Openfire by igniterealtime.

the class AuthenticateUser method execute.

@Override
public void execute(SessionData data, Element command) {
    Element note = command.addElement("note");
    JID account;
    try {
        account = new JID(data.getData().get("accountjid").get(0));
    } catch (NullPointerException ne) {
        note.addAttribute("type", "error");
        note.setText("JID required parameter.");
        return;
    }
    if (!XMPPServer.getInstance().isLocal(account)) {
        note.addAttribute("type", "error");
        note.setText("Cannot authenticate remote user.");
        return;
    }
    String password = data.getData().get("password").get(0);
    // Get requested user
    User user;
    try {
        user = UserManager.getInstance().getUser(account.getNode());
    } catch (UserNotFoundException e) {
        // User not found
        note.addAttribute("type", "error");
        note.setText("User does not exists.");
        return;
    }
    try {
        AuthFactory.authenticate(user.getUsername(), password);
    } catch (UnauthorizedException | ConnectionException | InternalUnauthenticatedException e) {
        // Auth failed
        note.addAttribute("type", "error");
        note.setText("Authentication failed.");
        return;
    }
    // Answer that the operation was successful
    note.addAttribute("type", "info");
    note.setText("Operation finished successfully.");
}
Also used : UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException) User(org.jivesoftware.openfire.user.User) JID(org.xmpp.packet.JID) Element(org.dom4j.Element) UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException) InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException) ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)

Example 2 with ConnectionException

use of org.jivesoftware.openfire.auth.ConnectionException in project Openfire by igniterealtime.

the class AuthFilter method filter.

/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * com.sun.jersey.spi.container.ContainerRequestFilter#filter(com.sun.jersey
	 * .spi.container.ContainerRequest)
	 */
@Override
public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
    if (!plugin.isEnabled()) {
        throw new WebApplicationException(Status.FORBIDDEN);
    }
    // Let the preflight request through the authentication
    if ("OPTIONS".equals(containerRequest.getMethod())) {
        return containerRequest;
    }
    // To be backwards compatible to userservice 1.*
    if ("restapi/v1/userservice".equals(containerRequest.getPath())) {
        return containerRequest;
    }
    if (!plugin.getAllowedIPs().isEmpty()) {
        // Get client's IP address
        String ipAddress = httpRequest.getHeader("x-forwarded-for");
        if (ipAddress == null) {
            ipAddress = httpRequest.getHeader("X_FORWARDED_FOR");
            if (ipAddress == null) {
                ipAddress = httpRequest.getHeader("X-Forward-For");
                if (ipAddress == null) {
                    ipAddress = httpRequest.getRemoteAddr();
                }
            }
        }
        if (!plugin.getAllowedIPs().contains(ipAddress)) {
            LOG.warn("REST API rejected service to IP address: " + ipAddress);
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
    }
    // Get the authentification passed in HTTP headers parameters
    String auth = containerRequest.getHeaderValue("authorization");
    if (auth == null) {
        throw new WebApplicationException(Status.UNAUTHORIZED);
    }
    // HTTP Basic Auth or Shared Secret key
    if ("basic".equals(plugin.getHttpAuth())) {
        String[] usernameAndPassword = BasicAuth.decode(auth);
        // If username or password fail
        if (usernameAndPassword == null || usernameAndPassword.length != 2) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
        boolean userAdmin = AdminManager.getInstance().isUserAdmin(usernameAndPassword[0], true);
        if (!userAdmin) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
        try {
            AuthFactory.authenticate(usernameAndPassword[0], usernameAndPassword[1]);
        } catch (UnauthorizedException e) {
            LOG.warn("Wrong HTTP Basic Auth authorization", e);
            throw new WebApplicationException(Status.UNAUTHORIZED);
        } catch (ConnectionException e) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        } catch (InternalUnauthenticatedException e) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
    } else {
        if (!auth.equals(plugin.getSecret())) {
            LOG.warn("Wrong secret key authorization. Provided key: " + auth);
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
    }
    return containerRequest;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException) InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException) ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)

Example 3 with ConnectionException

use of org.jivesoftware.openfire.auth.ConnectionException in project Openfire by igniterealtime.

the class AuthFilter method filter.

/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * com.sun.jersey.spi.container.ContainerRequestFilter#filter(com.sun.jersey
	 * .spi.container.ContainerRequest)
	 */
@Override
public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
    if (!plugin.isEnabled()) {
        throw new WebApplicationException(Status.FORBIDDEN);
    }
    if (!plugin.getAllowedIPs().isEmpty()) {
        // Get client's IP address
        String ipAddress = httpRequest.getHeader("x-forwarded-for");
        if (ipAddress == null) {
            ipAddress = httpRequest.getHeader("X_FORWARDED_FOR");
            if (ipAddress == null) {
                ipAddress = httpRequest.getHeader("X-Forward-For");
                if (ipAddress == null) {
                    ipAddress = httpRequest.getRemoteAddr();
                }
            }
        }
        if (!plugin.getAllowedIPs().contains(ipAddress)) {
            LOG.warn("User service rejected service to IP address: " + ipAddress);
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
    }
    // To be backwards compatible to userservice 1.*
    if ("userService/userservice".equals(containerRequest.getPath())) {
        return containerRequest;
    }
    // Get the authentification passed in HTTP headers parameters
    String auth = containerRequest.getHeaderValue("authorization");
    if (auth == null) {
        throw new WebApplicationException(Status.UNAUTHORIZED);
    }
    // HTTP Basic Auth or Shared Secret key
    if (plugin.isHttpBasicAuth()) {
        String[] usernameAndPassword = BasicAuth.decode(auth);
        // If username or password fail
        if (usernameAndPassword == null || usernameAndPassword.length != 2) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
        boolean userAdmin = AdminManager.getInstance().isUserAdmin(usernameAndPassword[0], true);
        if (!userAdmin) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
        try {
            AuthFactory.authenticate(usernameAndPassword[0], usernameAndPassword[1]);
        } catch (UnauthorizedException e) {
            LOG.warn("Wrong HTTP Basic Auth authorization", e);
            throw new WebApplicationException(Status.UNAUTHORIZED);
        } catch (ConnectionException e) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        } catch (InternalUnauthenticatedException e) {
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
    } else {
        if (!auth.equals(plugin.getSecret())) {
            LOG.warn("Wrong secret key authorization. Provided key: " + auth);
            throw new WebApplicationException(Status.UNAUTHORIZED);
        }
    }
    return containerRequest;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException) InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException) ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)

Example 4 with ConnectionException

use of org.jivesoftware.openfire.auth.ConnectionException in project Openfire by igniterealtime.

the class AuthFilter method filter.

/**
	 * Apply the filter : check input request, validate or not with user auth
	 * 
	 * @param containerRequest
	 *            The request from Tomcat server
	 */
@Override
public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
    // Get the authentification passed in HTTP headers parameters
    String auth = containerRequest.getHeaderValue("authorization");
    // Auth)
    if (auth == null) {
        throw new WebApplicationException(Status.UNAUTHORIZED);
    }
    // lap : loginAndPassword
    String[] lap = BasicAuth.decode(auth);
    // If login or password fail
    if (lap == null || lap.length != 2) {
        throw new WebApplicationException(Status.UNAUTHORIZED);
    }
    boolean userAdmin = AdminManager.getInstance().isUserAdmin(lap[0], true);
    if (!userAdmin) {
        throw new WebApplicationException(Status.UNAUTHORIZED);
    }
    try {
        AuthFactory.authenticate(lap[0], lap[1]);
    } catch (UnauthorizedException e) {
        throw new WebApplicationException(Status.UNAUTHORIZED);
    } catch (ConnectionException e) {
        throw new WebApplicationException(Status.UNAUTHORIZED);
    } catch (InternalUnauthenticatedException e) {
        throw new WebApplicationException(Status.UNAUTHORIZED);
    }
    return containerRequest;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException) InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException) ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)

Example 5 with ConnectionException

use of org.jivesoftware.openfire.auth.ConnectionException in project Openfire by igniterealtime.

the class IQAuthHandler method handleIQ.

@Override
public IQ handleIQ(IQ packet) throws UnauthorizedException, PacketException {
    JID from = packet.getFrom();
    LocalClientSession session = (LocalClientSession) sessionManager.getSession(from);
    // If no session was found then answer an error (if possible)
    if (session == null) {
        Log.error("Error during authentication. Session not found in " + sessionManager.getPreAuthenticatedKeys() + " for key " + from);
        // This error packet will probably won't make it through
        IQ reply = IQ.createResultIQ(packet);
        reply.setChildElement(packet.getChildElement().createCopy());
        reply.setError(PacketError.Condition.internal_server_error);
        return reply;
    }
    IQ response;
    boolean resourceBound = false;
    if (JiveGlobals.getBooleanProperty("xmpp.auth.iqauth", true)) {
        try {
            Element iq = packet.getElement();
            Element query = iq.element("query");
            Element queryResponse = probeResponse.createCopy();
            if (IQ.Type.get == packet.getType()) {
                String username = query.elementText("username");
                if (username != null) {
                    queryResponse.element("username").setText(username);
                }
                response = IQ.createResultIQ(packet);
                response.setChildElement(queryResponse);
                // JID until the user actually authenticates with the server.
                if (session.getStatus() != Session.STATUS_AUTHENTICATED) {
                    response.setTo((JID) null);
                }
            } else // Otherwise set query
            {
                if (query.elements().isEmpty()) {
                    // Anonymous authentication
                    response = anonymousLogin(session, packet);
                    resourceBound = session.getStatus() == Session.STATUS_AUTHENTICATED;
                } else {
                    String username = query.elementText("username");
                    // Login authentication
                    String password = query.elementText("password");
                    String digest = null;
                    if (query.element("digest") != null) {
                        digest = query.elementText("digest").toLowerCase();
                    }
                    // If we're already logged in, this is a password reset
                    if (session.getStatus() == Session.STATUS_AUTHENTICATED) {
                        // Check that a new password has been specified
                        if (password == null || password.trim().length() == 0) {
                            response = IQ.createResultIQ(packet);
                            response.setError(PacketError.Condition.not_allowed);
                            response.setType(IQ.Type.error);
                        } else {
                            // Check if a user is trying to change his own password
                            if (session.getUsername().equalsIgnoreCase(username)) {
                                response = passwordReset(password, packet, username, session);
                            } else // Check if an admin is trying to set the password for another user
                            if (XMPPServer.getInstance().getAdmins().contains(new JID(from.getNode(), from.getDomain(), null, true))) {
                                response = passwordReset(password, packet, username, session);
                            } else {
                                // User not authorized to change the password of another user
                                throw new UnauthorizedException();
                            }
                        }
                    } else {
                        // it is an auth attempt
                        response = login(username, query, packet, password, session, digest);
                        resourceBound = session.getStatus() == Session.STATUS_AUTHENTICATED;
                    }
                }
            }
        } catch (UserNotFoundException | UnauthorizedException e) {
            response = IQ.createResultIQ(packet);
            response.setChildElement(packet.getChildElement().createCopy());
            response.setError(PacketError.Condition.not_authorized);
        } catch (ConnectionException | InternalUnauthenticatedException e) {
            response = IQ.createResultIQ(packet);
            response.setChildElement(packet.getChildElement().createCopy());
            response.setError(PacketError.Condition.internal_server_error);
        }
    } else {
        response = IQ.createResultIQ(packet);
        response.setChildElement(packet.getChildElement().createCopy());
        response.setError(PacketError.Condition.not_authorized);
    }
    // Send the response directly since we want to be sure that we are sending it back
    // to the correct session. Any other session of the same user but with different
    // resource is incorrect.
    session.process(response);
    if (resourceBound) {
        // After the client has been informed, inform all listeners as well.
        SessionEventDispatcher.dispatchEvent(session, SessionEventDispatcher.EventType.resource_bound);
    }
    return null;
}
Also used : LocalClientSession(org.jivesoftware.openfire.session.LocalClientSession) UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException) JID(org.xmpp.packet.JID) Element(org.dom4j.Element) IQ(org.xmpp.packet.IQ) UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException) InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException) ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)

Aggregations

ConnectionException (org.jivesoftware.openfire.auth.ConnectionException)7 UnauthorizedException (org.jivesoftware.openfire.auth.UnauthorizedException)7 InternalUnauthenticatedException (org.jivesoftware.openfire.auth.InternalUnauthenticatedException)6 WebApplicationException (javax.ws.rs.WebApplicationException)3 UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)3 JID (org.xmpp.packet.JID)3 Element (org.dom4j.Element)2 LocalClientSession (org.jivesoftware.openfire.session.LocalClientSession)2 IQ (org.xmpp.packet.IQ)2 StringprepException (gnu.inet.encoding.StringprepException)1 RemoteException (java.rmi.RemoteException)1 PacketException (org.jivesoftware.openfire.PacketException)1 AuthToken (org.jivesoftware.openfire.auth.AuthToken)1 ClientSession (org.jivesoftware.openfire.session.ClientSession)1 User (org.jivesoftware.openfire.user.User)1 StreamError (org.xmpp.packet.StreamError)1