Examples with AuthenticationException org.springframework.ldap.AuthenticationException used on opensource projects

Example 1 with AuthenticationException

use of org.springframework.ldap.AuthenticationException in project coprhd-controller by CoprHD.

the class StorageOSLdapAuthenticationHandler method doAuthenticationOverSingleServer.

private boolean doAuthenticationOverSingleServer(LdapOrADServer server, UsernamePasswordCredentials usernamePasswordCredentials) {
    _log.info("Do authentication to the server {}", server.getContextSource().getUrls()[0]);
    String password = usernamePasswordCredentials.getPassword();
    List<String> dns = new ArrayList<String>();
    final String filter = LdapFilterUtil.getPersonFilterWithValues(_rawFilter, usernamePasswordCredentials.getUserName());
    _log.debug("Filter for authentication is {}", filter);
    LdapTemplate ldapTemplate = new LdapTemplate(server.getContextSource());
    // To avoid the exceptions due to referrals returned
    ldapTemplate.setIgnorePartialResultException(true);
    try {
        ldapTemplate.search(new StorageOSSearchExecutor(filter), new StorageOSNameClassPairCallbackHandler(dns));
    } catch (CommunicationException e) {
        _log.warn("Connection to LDAP server {} failed", Arrays.toString(server.getContextSource().getUrls()));
        throw e;
    } catch (AuthenticationException e) {
        _alertLog.error(MessageFormat.format("Manager bind failed during search for user {0} in domain(s) {1}.  Check manager DN and password. {2}. " + "Note that any change to the manager DN username or password in the authentication provider must be manually changed in ViPR.", usernamePasswordCredentials.getUserName(), _domains, e.getMessage()));
        throw UnauthorizedException.unauthorized.managerBindFailed();
    } catch (InvalidNameException e) {
        _alertLog.error(MessageFormat.format("Search failed because the search path provided is syntactically invalid for user {0}. {1}", usernamePasswordCredentials.getUserName(), e.getMessage()));
        throw UnauthorizedException.unauthorized.userSearchFailed();
    } catch (Exception e) {
        _alertLog.error(MessageFormat.format("Search or bind failed.  An exception was thrown while trying to authenticate user {0}. {1}", usernamePasswordCredentials.getUserName(), e.getMessage()));
        throw UnauthorizedException.unauthorized.bindSearchGenericException();
    }
    if (dns.isEmpty()) {
        _log.info("Search for " + filter + " returned 0 results.");
        return false;
    }
    if (dns.size() > 1) {
        _log.warn("Search for " + filter + " returned multiple results, which is not allowed.");
        return false;
    }
    try {
        DirContext test = server.getContextSource().getContext(dns.get(0), password);
        if (test != null) {
            try {
                test.close();
            } catch (NamingException e) {
                _log.error("Failed to close test context", e);
            }
            _log.info("Authenticate user {} against server {} successfully", usernamePasswordCredentials.getUserName(), server.getContextSource().getUrls()[0]);
            return true;
        }
    } catch (AuthenticationException e) {
        _log.warn("Failed to authenticate user {}", usernamePasswordCredentials.getUserName());
        return false;
    } catch (CommunicationException e) {
        _alertLog.error(MessageFormat.format("Connection to LDAP server {0} failed for domain(s) {1}. {2}", Arrays.toString(server.getContextSource().getUrls()), _domains, e.getMessage()));
        throw e;
    } catch (Exception e) {
        _alertLog.error(MessageFormat.format("Second bind failed.  An exception was thrown while trying to authenticate user {0}. {1}", usernamePasswordCredentials.getUserName(), e.getMessage()));
        throw UnauthorizedException.unauthorized.bindSearchGenericException();
    }
    return false;
}

Example 2 with AuthenticationException

use of org.springframework.ldap.AuthenticationException in project nifi by apache.

the class LdapProvider method authenticate.

@Override
public final AuthenticationResponse authenticate(final LoginCredentials credentials) throws InvalidLoginCredentialsException, IdentityAccessException {
    if (provider == null) {
        throw new IdentityAccessException("The LDAP authentication provider is not initialized.");
    }
    try {
        // perform the authentication
        final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword());
        final Authentication authentication = provider.authenticate(token);
        // use dn if configured
        if (IdentityStrategy.USE_DN.equals(identityStrategy)) {
            // attempt to get the ldap user details to get the DN
            if (authentication.getPrincipal() instanceof LdapUserDetails) {
                final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal();
                return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration, issuer);
            } else {
                logger.warn(String.format("Unable to determine user DN for %s, using username.", authentication.getName()));
                return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
            }
        } else {
            return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
        }
    } catch (final BadCredentialsException | UsernameNotFoundException | AuthenticationException e) {
        throw new InvalidLoginCredentialsException(e.getMessage(), e);
    } catch (final Exception e) {
        // there appears to be a bug that generates a InternalAuthenticationServiceException wrapped around an AuthenticationException. this
        // shouldn't be the case as they the service exception suggestions that something was wrong with the service. while the authentication
        // exception suggests that username and/or credentials were incorrect. checking the cause seems to address this scenario.
        final Throwable cause = e.getCause();
        if (cause instanceof AuthenticationException) {
            throw new InvalidLoginCredentialsException(e.getMessage(), e);
        }
        logger.error(e.getMessage());
        if (logger.isDebugEnabled()) {
            logger.debug(StringUtils.EMPTY, e);
        }
        throw new IdentityAccessException("Unable to validate the supplied credentials. Please contact the system administrator.", e);
    }
}

Example 3 with AuthenticationException

use of org.springframework.ldap.AuthenticationException in project trainning by fernandotomasio.

the class LDAPNetworkGroupDAO method findOrganization.

@Override
public NetworkGroupDTO findOrganization(String uid) throws DAOException {
    NetworkGroupDTO group = null;
    try {
        DistinguishedName dn = new DistinguishedName();
        dn.add("ou", "groups");
        dn.add("ou", APPLICATION_GROUP_BRANCH);
        dn.add("ou", ORGANIZATIONS_GROUP_BRANCH);
        dn.add("cn", uid);
        group = (NetworkGroupDTO) ldapTemplate.lookup(dn, getGroupContextMapper());
    } catch (AuthenticationException e) {
        Logger.getLogger(this.getClass().getName()).log(Level.INFO, null, e);
        throw new DAOException(MessageHelper.getMessage("systemUsers.find.error"));
    } catch (org.springframework.ldap.NameNotFoundException e) {
        Logger.getLogger(this.getClass().getName()).log(Level.INFO, null, e);
    }
    return group;
}

Example 4 with AuthenticationException

use of org.springframework.ldap.AuthenticationException in project trainning by fernandotomasio.

the class LDAPNetworkUserDAO method find.

@SuppressWarnings("unchecked")
@Override
public NetworkUserDTO find(String uid) throws DAOException {
    NetworkUserDTO user = null;
    try {
        AndFilter filter = new AndFilter();
        filter.and(new EqualsFilter("objectclass", "inetOrgPerson")).and(new EqualsFilter("uid", uid));
        List<NetworkUserDTO> users = ldapTemplate.search(DistinguishedName.EMPTY_PATH, filter.encode(), new UserAttributesMapper());
        if (!users.isEmpty()) {
            user = users.get(0);
        }
    } catch (AuthenticationException e) {
        Logger.getLogger(LDAPNetworkUserDAO.class.getName()).log(Level.INFO, null, e);
        throw new DAOException(MessageHelper.getMessage("systemUsers.find.error"));
    }
    return user;
}

Example 5 with AuthenticationException

use of org.springframework.ldap.AuthenticationException in project trainning by fernandotomasio.

the class LDAPNetworkGroupDAO method findRole.

@Override
public NetworkGroupDTO findRole(String uid) throws DAOException {
    NetworkGroupDTO group = null;
    try {
        DistinguishedName dn = new DistinguishedName();
        dn.add("ou", "groups");
        dn.add("ou", APPLICATION_GROUP_BRANCH);
        dn.add("ou", ROLES_GROUP_BRANCH);
        dn.add("cn", uid);
        group = (NetworkGroupDTO) ldapTemplate.lookup(dn, getGroupContextMapper());
    } catch (AuthenticationException e) {
        Logger.getLogger(this.getClass().getName()).log(Level.INFO, null, e);
        throw new DAOException(MessageHelper.getMessage("systemUsers.find.error"));
    } catch (org.springframework.ldap.NameNotFoundException e) {
        Logger.getLogger(this.getClass().getName()).log(Level.INFO, null, e);
    }
    return group;
}