Example 1 with AbstractClientCredentials
use of com.haulmont.cuba.security.auth.AbstractClientCredentials in project cuba by cuba-platform.
the class PortalConnection method doLogin.
/**
* Forward login logic to {@link com.haulmont.cuba.security.auth.AuthenticationService}.
* Can be overridden to change login logic.
*
* @param login login name
* @param password encrypted password
* @param locale client locale
* @param ipAddress user IP address
* @param clientInfo client info
* @return created user session
* @throws LoginException in case of unsuccessful login
*/
protected UserSession doLogin(String login, String password, Locale locale, String ipAddress, String clientInfo, Map<String, Object> params) throws LoginException {
AbstractClientCredentials credentials = new LoginPasswordCredentials(login, password, locale);
credentials.setParams(params);
credentials.setClientType(ClientType.PORTAL);
credentials.setIpAddress(ipAddress);
credentials.setClientInfo(clientInfo);
return authenticationService.login(credentials).getSession();
}
Also used :
LoginPasswordCredentials(com.haulmont.cuba.security.auth.LoginPasswordCredentials)
AbstractClientCredentials(com.haulmont.cuba.security.auth.AbstractClientCredentials)
Example 2 with AbstractClientCredentials
use of com.haulmont.cuba.security.auth.AbstractClientCredentials in project cuba by cuba-platform.
the class BruteForceUserCredentialsChecker method onAuthenticationFailure.
@Order(Events.HIGHEST_PLATFORM_PRECEDENCE + 10)
@EventListener
protected void onAuthenticationFailure(AuthenticationFailureEvent event) throws LoginException {
if (bruteForceProtectionAPI.isBruteForceProtectionEnabled()) {
Credentials credentials = event.getCredentials();
if (credentials instanceof AbstractClientCredentials) {
AbstractClientCredentials clientCredentials = (AbstractClientCredentials) credentials;
if (clientCredentials.isCheckClientPermissions()) {
int loginAttemptsLeft = bruteForceProtectionAPI.registerUnsuccessfulLogin(clientCredentials.getUserIdentifier(), clientCredentials.getIpAddress());
String message;
if (loginAttemptsLeft > 0) {
message = messages.formatMessage(MSG_PACK, "LoginException.loginFailedAttemptsLeft", loginAttemptsLeft);
} else {
message = messages.formatMessage(MSG_PACK, "LoginException.loginAttemptsNumberExceeded", bruteForceProtectionAPI.getBruteForceBlockIntervalSec());
}
throw new LoginException(message);
}
}
}
}
Also used :
AbstractClientCredentials(com.haulmont.cuba.security.auth.AbstractClientCredentials)
LoginException(com.haulmont.cuba.security.global.LoginException)
Credentials(com.haulmont.cuba.security.auth.Credentials)
AbstractClientCredentials(com.haulmont.cuba.security.auth.AbstractClientCredentials)
Order(org.springframework.core.annotation.Order)
EventListener(org.springframework.context.event.EventListener)
Example 3 with AbstractClientCredentials
use of com.haulmont.cuba.security.auth.AbstractClientCredentials in project cuba by cuba-platform.
the class ClientTypeUserAccessChecker method check.
@Override
public void check(Credentials credentials, AuthenticationDetails authenticationDetails) throws LoginException {
if (credentials instanceof AbstractClientCredentials) {
AbstractClientCredentials clientCredentials = (AbstractClientCredentials) credentials;
if (clientCredentials.isCheckClientPermissions()) {
ClientType clientType = clientCredentials.getClientType();
if (ClientType.DESKTOP == clientType || ClientType.WEB == clientType) {
if (!authenticationDetails.getSession().isSpecificPermitted("cuba.gui.loginToClient")) {
log.warn("Attempt of login to {} for user '{}' without cuba.gui.loginToClient permission", clientType, clientCredentials);
Locale userLocale;
if (clientCredentials.getLocale() != null) {
userLocale = clientCredentials.getLocale();
} else {
userLocale = messages.getTools().getDefaultLocale();
}
throw new LoginException(getInvalidCredentialsMessage(clientCredentials.getUserIdentifier(), userLocale));
}
}
}
}
}
Also used :
Locale(java.util.Locale)
ClientType(com.haulmont.cuba.core.global.ClientType)
AbstractClientCredentials(com.haulmont.cuba.security.auth.AbstractClientCredentials)
LoginException(com.haulmont.cuba.security.global.LoginException)
Example 4 with AbstractClientCredentials
use of com.haulmont.cuba.security.auth.AbstractClientCredentials in project cuba by cuba-platform.
the class IpMaskUserAccessChecker method check.
@Override
public void check(Credentials credentials, AuthenticationDetails authenticationDetails) throws LoginException {
if (credentials instanceof AbstractClientCredentials) {
AbstractClientCredentials clientCredentials = (AbstractClientCredentials) credentials;
if (clientCredentials.isCheckClientPermissions() && clientCredentials.getIpAddress() != null) {
String ipAddress = clientCredentials.getIpAddress();
UserSession session = authenticationDetails.getSession();
if (session.getUser().getIpMask() != null) {
IpMatcher ipMatcher = new IpMatcher(session.getUser().getIpMask());
if (!ipMatcher.match(ipAddress)) {
log.info("IP address {} is not permitted for user {}", ipAddress, session.getUser());
throw new UserIpRestrictedException(messages.getMessage(MSG_PACK, "LoginException.invalidIP"));
}
}
}
}
}
Also used :
IpMatcher(com.haulmont.cuba.security.global.IpMatcher)
UserIpRestrictedException(com.haulmont.cuba.security.global.UserIpRestrictedException)
UserSession(com.haulmont.cuba.security.global.UserSession)
AbstractClientCredentials(com.haulmont.cuba.security.auth.AbstractClientCredentials)
Example 5 with AbstractClientCredentials
use of com.haulmont.cuba.security.auth.AbstractClientCredentials in project cuba by cuba-platform.
the class Connection method doLogin.
/**
* Forward login logic to {@link com.haulmont.cuba.security.auth.AuthenticationService}.
* Can be overridden to change login logic.
*
* @param login login name
* @param password encrypted password
* @param locale client locale
* @param loginParams login parameters
* @return created user session
* @throws LoginException in case of unsuccessful login
*/
protected UserSession doLogin(String login, String password, Locale locale, Map<String, Object> loginParams) throws LoginException {
AbstractClientCredentials credentials = new LoginPasswordCredentials(login, password, locale);
setCredentialsParams(credentials, loginParams);
AuthenticationService authenticationService = AppBeans.get(AuthenticationService.NAME);
return authenticationService.login(credentials).getSession();
}
Also used :
LoginPasswordCredentials(com.haulmont.cuba.security.auth.LoginPasswordCredentials)
AbstractClientCredentials(com.haulmont.cuba.security.auth.AbstractClientCredentials)
AuthenticationService(com.haulmont.cuba.security.auth.AuthenticationService)
Aggregations
AbstractClientCredentials (com.haulmont.cuba.security.auth.AbstractClientCredentials)7
LoginPasswordCredentials (com.haulmont.cuba.security.auth.LoginPasswordCredentials)3
LoginException (com.haulmont.cuba.security.global.LoginException)3
AuthenticationService (com.haulmont.cuba.security.auth.AuthenticationService)2
UserSession (com.haulmont.cuba.security.global.UserSession)2
Locale (java.util.Locale)2
ClientType (com.haulmont.cuba.core.global.ClientType)1
SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)1
Credentials (com.haulmont.cuba.security.auth.Credentials)1
IpMatcher (com.haulmont.cuba.security.global.IpMatcher)1
UserIpRestrictedException (com.haulmont.cuba.security.global.UserIpRestrictedException)1
OutputStreamWriter (java.io.OutputStreamWriter)1
PrintWriter (java.io.PrintWriter)1
EventListener (org.springframework.context.event.EventListener)1
Order (org.springframework.core.annotation.Order)1
