use of com.sun.identity.authentication.service.DSAMECallbackHandler.DSAMECallbackHandlerError in project OpenAM by OpenRock.
the class AMLoginContext method runLogin.
/**
* Starts the login process ,calls JAAS Login Context
*/
public void runLogin() {
Thread thread = Thread.currentThread();
String logFailedMessage = bundle.getString("loginFailed");
String logFailedError = null;
AuthenticationFailureReason failureReason = null;
AMAccountLockout amAccountLockout;
boolean loginSuccess = false;
try {
if (isPureJAAS()) {
loginContext.login();
subject = loginContext.getSubject();
} else {
jaasLoginContext.login();
subject = jaasLoginContext.getSubject();
}
loginState.setSubject(subject);
if (!loginState.isAuthValidForInternalUser()) {
if (debug.warningEnabled()) {
debug.warning("AMLoginContext.runLogin():auth failed, " + "using invalid realm name for internal user");
}
logFailedMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_MODULE_DENIED, AuthUtils.ERROR_MESSAGE);
logFailedError = "MODULEDENIED";
failureReason = MODULE_DENIED;
throw new AuthException(AMAuthErrorCode.AUTH_MODULE_DENIED, null);
}
debug.message("user authentication successful");
// retrieve authenticated user's profile or create
// a user profile if dynamic profile creation is
// is true
debug.message("searchUserProfile for Subject :");
boolean profileState = loginState.searchUserProfile(subject, indexType, indexName);
loginState.saveSubjectState();
loginSuccess = true;
if (!profileState) {
debug.error("Profile not found ");
logFailedMessage = bundle.getString("noUserProfile");
logFailedError = "NOUSERPROFILE";
failureReason = NO_USER_PROFILE;
loginState.setErrorCode(AMAuthErrorCode.AUTH_PROFILE_ERROR);
isFailed = true;
} else {
//update loginstate with authlevel , moduleName , role etc.
amAccountLockout = new AMAccountLockout(loginState);
if (amAccountLockout.isLockedOut()) {
debug.message("User locked out!!");
logFailedMessage = bundle.getString("lockOut");
logFailedError = "LOCKEDOUT";
failureReason = LOCKED_OUT;
loginState.setErrorCode(AMAuthErrorCode.AUTH_USER_LOCKED);
isFailed = true;
} else {
boolean accountExpired = false;
if (!loginState.ignoreProfile()) {
accountExpired = amAccountLockout.isAccountExpired();
}
if (accountExpired) {
debug.message("Account expired!!");
logFailedMessage = bundle.getString("accountExpired");
logFailedError = "ACCOUNTEXPIRED";
failureReason = ACCOUNT_EXPIRED;
loginState.setErrorCode(AMAuthErrorCode.AUTH_ACCOUNT_EXPIRED);
isFailed = true;
} else {
// came here successful auth.
if (debug.messageEnabled()) {
debug.message("authContext is : " + authContext);
debug.message("loginSTate is : " + loginState);
}
updateLoginState(indexType, indexName, configName, orgDN);
//activate session
Object lcInSession;
if (isPureJAAS()) {
lcInSession = loginContext;
} else {
lcInSession = jaasLoginContext;
}
boolean sessionActivated = loginState.activateSession(subject, authContext, lcInSession);
if (sessionActivated) {
loginState.logSuccess();
auditor.auditLoginSuccess(loginState);
if (amAccountLockout.isLockoutEnabled()) {
amAccountLockout.resetPasswdLockout(loginState.getUserDN(), true);
}
loginStatus.setStatus(LoginStatus.AUTH_SUCCESS);
loginState.updateSessionForFailover();
debug.message("login success");
} else {
logFailedMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_MAX_SESSION_REACHED, AuthUtils.ERROR_MESSAGE);
logFailedError = "MAXSESSIONREACHED";
failureReason = MAX_SESSION_REACHED;
throw new AuthException(AMAuthErrorCode.AUTH_MAX_SESSION_REACHED, null);
}
}
}
}
} catch (InvalidPasswordException ipe) {
debug.message("Invalid Password : ");
if (debug.messageEnabled()) {
debug.message("Exception ", ipe);
}
String failedUserId = ipe.getTokenId();
if (debug.messageEnabled()) {
debug.message("Invalid Password Exception " + failedUserId);
}
if (failedUserId != null) {
amAccountLockout = new AMAccountLockout(loginState);
accountLocked = amAccountLockout.isLockedOut(failedUserId);
if ((!accountLocked) && (amAccountLockout.isLockoutEnabled())) {
amAccountLockout.invalidPasswd(failedUserId);
checkWarningCount(amAccountLockout);
accountLocked = amAccountLockout.isAccountLocked(failedUserId);
}
}
logFailedMessage = bundle.getString("invalidPasswd");
logFailedError = "INVALIDPASSWORD";
failureReason = INVALID_PASSWORD;
if (accountLocked) {
if (failedUserId != null) {
loginState.logFailed(failedUserId, "LOCKEDOUT");
} else {
loginState.logFailed("LOCKEDOUT");
}
auditor.auditLoginFailure(loginState, LOCKED_OUT);
}
loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
isFailed = true;
authContext.setLoginException(ipe);
} catch (AuthErrorCodeException e) {
if (debug.messageEnabled()) {
debug.message(e.getMessage());
}
isFailed = true;
java.util.Locale locale = com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale());
loginState.setModuleErrorMessage(e.getL10NMessage(locale));
loginState.setErrorCode(e.getAuthErrorCode());
authContext.setLoginException(e);
} catch (MessageLoginException me) {
if (debug.messageEnabled()) {
debug.message("LOGINFAILED MessageAuthLoginException....");
debug.message("Exception ", me);
}
java.util.Locale locale = com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale());
loginState.setModuleErrorMessage(me.getL10NMessage(locale));
loginState.setErrorMessage(me.getL10NMessage(locale));
isFailed = true;
authContext.setLoginException(me);
} catch (AuthLoginException le) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
if (AMAuthErrorCode.AUTH_MODULE_DENIED.equals(le.getMessage())) {
if (debug.warningEnabled()) {
debug.warning("AMLoginContext.runLogin():auth failed, using invalid auth module name for internal user");
}
logFailedMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_MODULE_DENIED, AuthUtils.ERROR_MESSAGE);
logFailedError = "MODULEDENIED";
failureReason = MODULE_DENIED;
loginState.setErrorCode(AMAuthErrorCode.AUTH_MODULE_DENIED);
} else if (AMAuthErrorCode.AUTH_TIMEOUT.equals(le.getMessage())) {
debug.message("LOGINFAILED Error Timed Out....");
} else if (ISAuthConstants.EXCEED_RETRY_LIMIT.equals(le.getErrorCode())) {
debug.message("LOGINFAILED ExceedRetryLimit");
} else {
debug.message("LOGINFAILED Error....");
}
if (debug.messageEnabled()) {
debug.message("Exception : ", le);
}
isFailed = true;
if (loginState.isTimedOut()) {
logFailedMessage = bundle.getString("loginTimeout");
logFailedError = "LOGINTIMEOUT";
failureReason = LOGIN_TIMEOUT;
loginState.setErrorCode(AMAuthErrorCode.AUTH_TIMEOUT);
} else if (ISAuthConstants.EXCEED_RETRY_LIMIT.equals(le.getErrorCode())) {
loginState.setErrorMessage(exceedRetryLimit);
loginState.setErrorCode(AMAuthErrorCode.AUTH_USER_LOCKED_IN_DS);
} else if (ISAuthConstants.SERVER_UNWILLING.equals(le.getErrorCode())) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
}
authContext.setLoginException(le);
} catch (AuthException e) {
if (debug.messageEnabled()) {
debug.message("Exception : " + e.getMessage());
}
isFailed = true;
loginState.setErrorCode(e.getErrorCode());
loginState.logFailed(bundle.getString("loginFailed"));
logFailedError = null;
authContext.setLoginException(new AuthLoginException(BUNDLE_NAME, "loginFailed", null, e));
} catch (Exception e) {
debug.message("Error during login.. ");
if (debug.messageEnabled()) {
debug.message("Exception ", e);
}
isFailed = true;
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
loginState.logFailed(bundle.getString("loginFailed"));
logFailedError = null;
authContext.setLoginException(new AuthLoginException(BUNDLE_NAME, "loginFailed", null, e));
} catch (DSAMECallbackHandlerError error) {
debug.message("Caught error returned from DSAMEHandler");
return;
}
debug.message("Came to before if Failed loop");
if (isFailed) {
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
if (loginSuccess) {
// this is the case where authentication to modules
// succeeded but framework failed to validate the
// user, in this case populate with all module user
// successfully authenticated as.
loginState.setFailureModuleList(getSuccessModuleString(orgDN));
} else {
loginState.setFailureModuleList(getFailureModuleList(orgDN));
}
loginState.logFailed(logFailedMessage, logFailedError);
auditor.auditLoginFailure(loginState, failureReason);
setErrorMsgAndTemplate();
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
if (indexType == IndexType.USER) {
if (debug.messageEnabled()) {
debug.message("Set failureId in user based auth " + indexName);
}
loginState.setFailedUserId(indexName);
}
} else {
if (debug.messageEnabled()) {
debug.message("AMLoginContext.runLogin: calling incSsoServerAuthenticationSuccessCount");
}
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
}
if (authImpl != null && !loginState.isNoSession()) {
authImpl.incSsoServerAuthenticationSuccessCount();
}
}
if (debug.messageEnabled()) {
debug.message("finished...login notify all threads\n" + "AMLoginContext:LoginStatus: " + loginStatus.getStatus());
}
if (isPureJAAS()) {
authThread.removeFromHash(thread, "timeoutHash");
// notify possible waiting thread
loginState.setReceivedCallback(null, this);
}
isFailed = false;
nullifyUsedVars();
}
Aggregations