Example 1 with SimpleSecurityContext
use of com.nimbusds.jose.proc.SimpleSecurityContext in project cas by apereo.
the class AmazonCognitoAuthenticationAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException {
try {
val authParams = new HashMap<String, String>();
authParams.put("USERNAME", credential.getUsername());
authParams.put("PASSWORD", credential.getPassword());
val authRequest = AdminInitiateAuthRequest.builder();
val request = authRequest.authFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).clientId(properties.getClientId()).userPoolId(properties.getUserPoolId()).authParameters(authParams).build();
val result = cognitoIdentityProvider.adminInitiateAuth(request);
if ("NEW_PASSWORD_REQUIRED".equalsIgnoreCase(result.challengeNameAsString())) {
throw new CredentialExpiredException();
}
val authenticationResult = result.authenticationResult();
val claims = jwtProcessor.process(authenticationResult.idToken(), new SimpleSecurityContext());
if (StringUtils.isBlank(claims.getSubject())) {
throw new FailedLoginException("Unable to accept the id token with an invalid [sub] claim");
}
val userResult = cognitoIdentityProvider.adminGetUser(AdminGetUserRequest.builder().userPoolId(properties.getUserPoolId()).username(credential.getUsername()).build());
val attributes = new LinkedHashMap<String, List<Object>>();
attributes.put("userStatus", CollectionUtils.wrap(userResult.userStatusAsString()));
attributes.put("userCreatedDate", CollectionUtils.wrap(userResult.userCreateDate().toEpochMilli()));
attributes.put("userModifiedDate", CollectionUtils.wrap(userResult.userLastModifiedDate().toEpochMilli()));
val userAttributes = userResult.userAttributes();
userAttributes.forEach(attr -> {
if (!properties.getMappedAttributes().isEmpty() && properties.getMappedAttributes().containsKey(attr.name())) {
val newName = properties.getMappedAttributes().get(attr.name());
attributes.put(newName, CollectionUtils.wrap(attr.value()));
} else {
attributes.put(attr.name(), CollectionUtils.wrap(attr.value()));
}
});
val principal = principalFactory.createPrincipal(userResult.username(), attributes);
return createHandlerResult(credential, principal, new ArrayList<>(0));
} catch (final NotAuthorizedException e) {
val message = e.getMessage();
if (message.contains("expired")) {
throw new AccountExpiredException(message);
}
if (message.contains("disabled")) {
throw new AccountDisabledException(message);
}
throw new FailedLoginException(e.getMessage());
} catch (final UserNotFoundException e) {
throw new AccountNotFoundException(e.getMessage());
} catch (final CredentialExpiredException e) {
throw new AccountPasswordMustChangeException(e.getMessage());
} catch (final InvalidPasswordException e) {
throw new AccountPasswordMustChangeException(e.getMessage());
} catch (final Exception e) {
throw new FailedLoginException(e.getMessage());
}
}
Also used :
lombok.val(lombok.val)
UserNotFoundException(software.amazon.awssdk.services.cognitoidentityprovider.model.UserNotFoundException)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
NotAuthorizedException(software.amazon.awssdk.services.cognitoidentityprovider.model.NotAuthorizedException)
UserNotFoundException(software.amazon.awssdk.services.cognitoidentityprovider.model.UserNotFoundException)
AccountExpiredException(javax.security.auth.login.AccountExpiredException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
InvalidPasswordException(software.amazon.awssdk.services.cognitoidentityprovider.model.InvalidPasswordException)
NotAuthorizedException(software.amazon.awssdk.services.cognitoidentityprovider.model.NotAuthorizedException)
AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
AccountPasswordMustChangeException(org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException)
LinkedHashMap(java.util.LinkedHashMap)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountExpiredException(javax.security.auth.login.AccountExpiredException)
SimpleSecurityContext(com.nimbusds.jose.proc.SimpleSecurityContext)
InvalidPasswordException(software.amazon.awssdk.services.cognitoidentityprovider.model.InvalidPasswordException)
AccountPasswordMustChangeException(org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)
Aggregations
SimpleSecurityContext (com.nimbusds.jose.proc.SimpleSecurityContext)1
GeneralSecurityException (java.security.GeneralSecurityException)1
HashMap (java.util.HashMap)1
LinkedHashMap (java.util.LinkedHashMap)1
AccountExpiredException (javax.security.auth.login.AccountExpiredException)1
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1
CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)1
FailedLoginException (javax.security.auth.login.FailedLoginException)1
lombok.val (lombok.val)1
AccountDisabledException (org.apereo.cas.authentication.exceptions.AccountDisabledException)1
AccountPasswordMustChangeException (org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException)1
InvalidPasswordException (software.amazon.awssdk.services.cognitoidentityprovider.model.InvalidPasswordException)1
NotAuthorizedException (software.amazon.awssdk.services.cognitoidentityprovider.model.NotAuthorizedException)1
UserNotFoundException (software.amazon.awssdk.services.cognitoidentityprovider.model.UserNotFoundException)1
