Example 1 with UserIpRestrictedException
use of com.haulmont.cuba.security.global.UserIpRestrictedException in project cuba by cuba-platform.
the class IpMaskUserAccessChecker method check.
@Override
public void check(Credentials credentials, AuthenticationDetails authenticationDetails) throws LoginException {
if (credentials instanceof AbstractClientCredentials) {
AbstractClientCredentials clientCredentials = (AbstractClientCredentials) credentials;
if (clientCredentials.isCheckClientPermissions() && clientCredentials.getIpAddress() != null) {
String ipAddress = clientCredentials.getIpAddress();
UserSession session = authenticationDetails.getSession();
if (session.getUser().getIpMask() != null) {
IpMatcher ipMatcher = new IpMatcher(session.getUser().getIpMask());
if (!ipMatcher.match(ipAddress)) {
log.info("IP address {} is not permitted for user {}", ipAddress, session.getUser());
throw new UserIpRestrictedException(messages.getMessage(MSG_PACK, "LoginException.invalidIP"));
}
}
}
}
}
Also used :
IpMatcher(com.haulmont.cuba.security.global.IpMatcher)
UserIpRestrictedException(com.haulmont.cuba.security.global.UserIpRestrictedException)
UserSession(com.haulmont.cuba.security.global.UserSession)
AbstractClientCredentials(com.haulmont.cuba.security.auth.AbstractClientCredentials)
Example 2 with UserIpRestrictedException
use of com.haulmont.cuba.security.global.UserIpRestrictedException in project cuba by cuba-platform.
the class PortalAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (authentication instanceof UsernamePasswordAuthenticationToken) {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
PortalSession session;
String login = null;
String ipAddress = null;
try {
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
HttpServletRequest request = attributes.getRequest();
login = (String) token.getPrincipal();
ipAddress = request.getRemoteAddr();
HttpSession httpSession = request.getSession();
Connection connection = (Connection) httpSession.getAttribute(Connection.NAME);
if (connection == null || connection.getSession() == null || !connection.isConnected()) {
connection = AppBeans.get(Connection.NAME);
}
PasswordEncryption passwordEncryption = AppBeans.get(PasswordEncryption.NAME);
connection.login(login, passwordEncryption.getPlainHash((String) token.getCredentials()), request.getLocale(), ipAddress, request.getHeader("User-Agent"));
httpSession.setAttribute(Connection.NAME, connection);
session = connection.getSession();
} catch (AccountLockedException e) {
log.info("Blocked user login attempt: login={}, ip={}", login, ipAddress);
throw new LockedException(e.getMessage());
} catch (UserIpRestrictedException e) {
log.info("Incorrect user IP: {} {} - {}", login, ipAddress);
throw new BadCredentialsException(e.getMessage());
} catch (LoginException e) {
log.info("Authentication failed: {} {} - {}", login, ipAddress, e.getMessage());
throw new BadCredentialsException(e.getMessage());
}
return new UsernamePasswordAuthenticationToken(session, session.getId(), getRoleUserAuthorities(session));
}
return null;
}
Also used :
AccountLockedException(com.haulmont.cuba.security.global.AccountLockedException)
LockedException(org.springframework.security.authentication.LockedException)
AccountLockedException(com.haulmont.cuba.security.global.AccountLockedException)
HttpSession(javax.servlet.http.HttpSession)
ServletRequestAttributes(org.springframework.web.context.request.ServletRequestAttributes)
Connection(com.haulmont.cuba.portal.Connection)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PasswordEncryption(com.haulmont.cuba.core.global.PasswordEncryption)
UserIpRestrictedException(com.haulmont.cuba.security.global.UserIpRestrictedException)
LoginException(com.haulmont.cuba.security.global.LoginException)
Aggregations
UserIpRestrictedException (com.haulmont.cuba.security.global.UserIpRestrictedException)2
PasswordEncryption (com.haulmont.cuba.core.global.PasswordEncryption)1
Connection (com.haulmont.cuba.portal.Connection)1
AbstractClientCredentials (com.haulmont.cuba.security.auth.AbstractClientCredentials)1
AccountLockedException (com.haulmont.cuba.security.global.AccountLockedException)1
IpMatcher (com.haulmont.cuba.security.global.IpMatcher)1
LoginException (com.haulmont.cuba.security.global.LoginException)1
UserSession (com.haulmont.cuba.security.global.UserSession)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpSession (javax.servlet.http.HttpSession)1
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1
LockedException (org.springframework.security.authentication.LockedException)1
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1
ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)1
