Example 1 with AccountLockedException
use of com.haulmont.cuba.security.global.AccountLockedException in project cuba by cuba-platform.
the class CubaUserAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
HttpServletRequest request = attributes.getRequest();
String ipAddress = request.getRemoteAddr();
if (authentication instanceof UsernamePasswordAuthenticationToken) {
RestApiConfig config = configuration.getConfig(RestApiConfig.class);
if (!config.getStandardAuthenticationEnabled()) {
log.debug("Standard authentication is disabled. Property cuba.rest.standardAuthenticationEnabled is false");
throw new InvalidGrantException("Authentication disabled");
}
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
String login = (String) token.getPrincipal();
UserSession session;
try {
String passwordHash = passwordEncryption.getPlainHash((String) token.getCredentials());
LoginPasswordCredentials credentials = new LoginPasswordCredentials(login, passwordHash);
credentials.setIpAddress(ipAddress);
credentials.setClientType(ClientType.REST_API);
credentials.setClientInfo(makeClientInfo(request.getHeader(HttpHeaders.USER_AGENT)));
// if the locale value is explicitly passed in the Accept-Language header then set its value to the
// credentials. Otherwise, the locale of the user should be used
Locale locale = restAuthUtils.extractLocaleFromRequestHeader(request);
if (locale != null) {
credentials.setLocale(locale);
credentials.setOverrideLocale(true);
} else {
credentials.setOverrideLocale(false);
}
session = authenticationService.login(credentials).getSession();
} catch (AccountLockedException le) {
log.info("Blocked user login attempt: login={}, ip={}", login, ipAddress);
throw new LockedException("User temporarily blocked");
} catch (RestApiAccessDeniedException ex) {
log.info("User is not allowed to use the REST API {}", login);
throw new BadCredentialsException("User is not allowed to use the REST API");
} catch (LoginException e) {
log.info("REST API authentication failed: {} {}", login, ipAddress);
throw new BadCredentialsException("Bad credentials");
}
AppContext.setSecurityContext(new SecurityContext(session));
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), getRoleUserAuthorities(authentication));
@SuppressWarnings("unchecked") Map<String, String> details = (Map<String, String>) authentication.getDetails();
details.put(SESSION_ID_DETAILS_ATTRIBUTE, session.getId().toString());
result.setDetails(details);
return result;
}
return null;
}
Also used :
RestApiConfig(com.haulmont.restapi.config.RestApiConfig)
Locale(java.util.Locale)
AccountLockedException(com.haulmont.cuba.security.global.AccountLockedException)
LockedException(org.springframework.security.authentication.LockedException)
AccountLockedException(com.haulmont.cuba.security.global.AccountLockedException)
ServletRequestAttributes(org.springframework.web.context.request.ServletRequestAttributes)
LoginPasswordCredentials(com.haulmont.cuba.security.auth.LoginPasswordCredentials)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
InvalidGrantException(org.springframework.security.oauth2.common.exceptions.InvalidGrantException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserSession(com.haulmont.cuba.security.global.UserSession)
SecurityContext(com.haulmont.cuba.core.sys.SecurityContext)
LoginException(com.haulmont.cuba.security.global.LoginException)
RestApiAccessDeniedException(com.haulmont.cuba.security.global.RestApiAccessDeniedException)
Map(java.util.Map)
Example 2 with AccountLockedException
use of com.haulmont.cuba.security.global.AccountLockedException in project cuba by cuba-platform.
the class BruteForceUserCredentialsChecker method check.
@Override
public void check(Credentials credentials) throws LoginException {
if (bruteForceProtectionAPI.isBruteForceProtectionEnabled()) {
if (credentials instanceof AbstractClientCredentials) {
AbstractClientCredentials clientCredentials = (AbstractClientCredentials) credentials;
if (clientCredentials.isCheckClientPermissions() && clientCredentials.getIpAddress() != null && bruteForceProtectionAPI.loginAttemptsLeft(clientCredentials.getUserIdentifier(), clientCredentials.getIpAddress()) <= 0) {
Locale locale = clientCredentials.getLocale() == null ? messages.getTools().getDefaultLocale() : clientCredentials.getLocale();
String message = messages.formatMessage(MSG_PACK, "LoginException.loginAttemptsNumberExceeded", locale, bruteForceProtectionAPI.getBruteForceBlockIntervalSec());
throw new AccountLockedException(message);
}
}
}
}
Also used :
Locale(java.util.Locale)
AccountLockedException(com.haulmont.cuba.security.global.AccountLockedException)
AbstractClientCredentials(com.haulmont.cuba.security.auth.AbstractClientCredentials)
Example 3 with AccountLockedException
use of com.haulmont.cuba.security.global.AccountLockedException in project cuba by cuba-platform.
the class PortalAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (authentication instanceof UsernamePasswordAuthenticationToken) {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
PortalSession session;
String login = null;
String ipAddress = null;
try {
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
HttpServletRequest request = attributes.getRequest();
login = (String) token.getPrincipal();
ipAddress = request.getRemoteAddr();
HttpSession httpSession = request.getSession();
Connection connection = (Connection) httpSession.getAttribute(Connection.NAME);
if (connection == null || connection.getSession() == null || !connection.isConnected()) {
connection = AppBeans.get(Connection.NAME);
}
String password = (String) token.getCredentials();
connection.login(login, password, request.getLocale(), ipAddress, request.getHeader("User-Agent"));
httpSession.setAttribute(Connection.NAME, connection);
session = connection.getSession();
} catch (AccountLockedException e) {
log.info("Blocked user login attempt: login={}, ip={}", login, ipAddress);
throw new LockedException(e.getMessage());
} catch (UserIpRestrictedException e) {
log.info("Incorrect user IP: {} {} - {}", login, ipAddress);
throw new BadCredentialsException(e.getMessage());
} catch (LoginException e) {
log.info("Authentication failed: {} {} - {}", login, ipAddress, e.getMessage());
throw new BadCredentialsException(e.getMessage());
}
return new UsernamePasswordAuthenticationToken(session, session.getId(), getRoleUserAuthorities(session));
}
return null;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AccountLockedException(com.haulmont.cuba.security.global.AccountLockedException)
LockedException(org.springframework.security.authentication.LockedException)
AccountLockedException(com.haulmont.cuba.security.global.AccountLockedException)
HttpSession(javax.servlet.http.HttpSession)
UserIpRestrictedException(com.haulmont.cuba.security.global.UserIpRestrictedException)
ServletRequestAttributes(org.springframework.web.context.request.ServletRequestAttributes)
Connection(com.haulmont.cuba.portal.Connection)
LoginException(com.haulmont.cuba.security.global.LoginException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Aggregations
AccountLockedException (com.haulmont.cuba.security.global.AccountLockedException)3
LoginException (com.haulmont.cuba.security.global.LoginException)2
Locale (java.util.Locale)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)2
LockedException (org.springframework.security.authentication.LockedException)2
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2
ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)2
SecurityContext (com.haulmont.cuba.core.sys.SecurityContext)1
Connection (com.haulmont.cuba.portal.Connection)1
AbstractClientCredentials (com.haulmont.cuba.security.auth.AbstractClientCredentials)1
LoginPasswordCredentials (com.haulmont.cuba.security.auth.LoginPasswordCredentials)1
RestApiAccessDeniedException (com.haulmont.cuba.security.global.RestApiAccessDeniedException)1
UserIpRestrictedException (com.haulmont.cuba.security.global.UserIpRestrictedException)1
UserSession (com.haulmont.cuba.security.global.UserSession)1
RestApiConfig (com.haulmont.restapi.config.RestApiConfig)1
Map (java.util.Map)1
HttpSession (javax.servlet.http.HttpSession)1
InvalidGrantException (org.springframework.security.oauth2.common.exceptions.InvalidGrantException)1
