Search in sources :

Example 1 with DSAMECallbackHandlerError

use of com.sun.identity.authentication.service.DSAMECallbackHandler.DSAMECallbackHandlerError in project OpenAM by OpenRock.

the class AMLoginContext method runLogin.

/**
     * Starts the login process ,calls JAAS Login Context
     */
public void runLogin() {
    Thread thread = Thread.currentThread();
    String logFailedMessage = bundle.getString("loginFailed");
    String logFailedError = null;
    AuthenticationFailureReason failureReason = null;
    AMAccountLockout amAccountLockout;
    boolean loginSuccess = false;
    try {
        if (isPureJAAS()) {
            loginContext.login();
            subject = loginContext.getSubject();
        } else {
            jaasLoginContext.login();
            subject = jaasLoginContext.getSubject();
        }
        loginState.setSubject(subject);
        if (!loginState.isAuthValidForInternalUser()) {
            if (debug.warningEnabled()) {
                debug.warning("AMLoginContext.runLogin():auth failed, " + "using invalid realm name for internal user");
            }
            logFailedMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_MODULE_DENIED, AuthUtils.ERROR_MESSAGE);
            logFailedError = "MODULEDENIED";
            failureReason = MODULE_DENIED;
            throw new AuthException(AMAuthErrorCode.AUTH_MODULE_DENIED, null);
        }
        debug.message("user authentication successful");
        // retrieve authenticated user's profile or create
        // a user profile if dynamic profile creation is
        // is true
        debug.message("searchUserProfile for Subject :");
        boolean profileState = loginState.searchUserProfile(subject, indexType, indexName);
        loginState.saveSubjectState();
        loginSuccess = true;
        if (!profileState) {
            debug.error("Profile not found ");
            logFailedMessage = bundle.getString("noUserProfile");
            logFailedError = "NOUSERPROFILE";
            failureReason = NO_USER_PROFILE;
            loginState.setErrorCode(AMAuthErrorCode.AUTH_PROFILE_ERROR);
            isFailed = true;
        } else {
            //update loginstate with authlevel , moduleName , role etc.
            amAccountLockout = new AMAccountLockout(loginState);
            if (amAccountLockout.isLockedOut()) {
                debug.message("User locked out!!");
                logFailedMessage = bundle.getString("lockOut");
                logFailedError = "LOCKEDOUT";
                failureReason = LOCKED_OUT;
                loginState.setErrorCode(AMAuthErrorCode.AUTH_USER_LOCKED);
                isFailed = true;
            } else {
                boolean accountExpired = false;
                if (!loginState.ignoreProfile()) {
                    accountExpired = amAccountLockout.isAccountExpired();
                }
                if (accountExpired) {
                    debug.message("Account expired!!");
                    logFailedMessage = bundle.getString("accountExpired");
                    logFailedError = "ACCOUNTEXPIRED";
                    failureReason = ACCOUNT_EXPIRED;
                    loginState.setErrorCode(AMAuthErrorCode.AUTH_ACCOUNT_EXPIRED);
                    isFailed = true;
                } else {
                    // came here successful auth.
                    if (debug.messageEnabled()) {
                        debug.message("authContext is : " + authContext);
                        debug.message("loginSTate is : " + loginState);
                    }
                    updateLoginState(indexType, indexName, configName, orgDN);
                    //activate session
                    Object lcInSession;
                    if (isPureJAAS()) {
                        lcInSession = loginContext;
                    } else {
                        lcInSession = jaasLoginContext;
                    }
                    boolean sessionActivated = loginState.activateSession(subject, authContext, lcInSession);
                    if (sessionActivated) {
                        loginState.logSuccess();
                        auditor.auditLoginSuccess(loginState);
                        if (amAccountLockout.isLockoutEnabled()) {
                            amAccountLockout.resetPasswdLockout(loginState.getUserDN(), true);
                        }
                        loginStatus.setStatus(LoginStatus.AUTH_SUCCESS);
                        loginState.updateSessionForFailover();
                        debug.message("login success");
                    } else {
                        logFailedMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_MAX_SESSION_REACHED, AuthUtils.ERROR_MESSAGE);
                        logFailedError = "MAXSESSIONREACHED";
                        failureReason = MAX_SESSION_REACHED;
                        throw new AuthException(AMAuthErrorCode.AUTH_MAX_SESSION_REACHED, null);
                    }
                }
            }
        }
    } catch (InvalidPasswordException ipe) {
        debug.message("Invalid Password : ");
        if (debug.messageEnabled()) {
            debug.message("Exception ", ipe);
        }
        String failedUserId = ipe.getTokenId();
        if (debug.messageEnabled()) {
            debug.message("Invalid Password Exception " + failedUserId);
        }
        if (failedUserId != null) {
            amAccountLockout = new AMAccountLockout(loginState);
            accountLocked = amAccountLockout.isLockedOut(failedUserId);
            if ((!accountLocked) && (amAccountLockout.isLockoutEnabled())) {
                amAccountLockout.invalidPasswd(failedUserId);
                checkWarningCount(amAccountLockout);
                accountLocked = amAccountLockout.isAccountLocked(failedUserId);
            }
        }
        logFailedMessage = bundle.getString("invalidPasswd");
        logFailedError = "INVALIDPASSWORD";
        failureReason = INVALID_PASSWORD;
        if (accountLocked) {
            if (failedUserId != null) {
                loginState.logFailed(failedUserId, "LOCKEDOUT");
            } else {
                loginState.logFailed("LOCKEDOUT");
            }
            auditor.auditLoginFailure(loginState, LOCKED_OUT);
        }
        loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
        isFailed = true;
        authContext.setLoginException(ipe);
    } catch (AuthErrorCodeException e) {
        if (debug.messageEnabled()) {
            debug.message(e.getMessage());
        }
        isFailed = true;
        java.util.Locale locale = com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale());
        loginState.setModuleErrorMessage(e.getL10NMessage(locale));
        loginState.setErrorCode(e.getAuthErrorCode());
        authContext.setLoginException(e);
    } catch (MessageLoginException me) {
        if (debug.messageEnabled()) {
            debug.message("LOGINFAILED MessageAuthLoginException....");
            debug.message("Exception ", me);
        }
        java.util.Locale locale = com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale());
        loginState.setModuleErrorMessage(me.getL10NMessage(locale));
        loginState.setErrorMessage(me.getL10NMessage(locale));
        isFailed = true;
        authContext.setLoginException(me);
    } catch (AuthLoginException le) {
        loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
        if (AMAuthErrorCode.AUTH_MODULE_DENIED.equals(le.getMessage())) {
            if (debug.warningEnabled()) {
                debug.warning("AMLoginContext.runLogin():auth failed, using invalid auth module name for internal user");
            }
            logFailedMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_MODULE_DENIED, AuthUtils.ERROR_MESSAGE);
            logFailedError = "MODULEDENIED";
            failureReason = MODULE_DENIED;
            loginState.setErrorCode(AMAuthErrorCode.AUTH_MODULE_DENIED);
        } else if (AMAuthErrorCode.AUTH_TIMEOUT.equals(le.getMessage())) {
            debug.message("LOGINFAILED Error Timed Out....");
        } else if (ISAuthConstants.EXCEED_RETRY_LIMIT.equals(le.getErrorCode())) {
            debug.message("LOGINFAILED ExceedRetryLimit");
        } else {
            debug.message("LOGINFAILED Error....");
        }
        if (debug.messageEnabled()) {
            debug.message("Exception : ", le);
        }
        isFailed = true;
        if (loginState.isTimedOut()) {
            logFailedMessage = bundle.getString("loginTimeout");
            logFailedError = "LOGINTIMEOUT";
            failureReason = LOGIN_TIMEOUT;
            loginState.setErrorCode(AMAuthErrorCode.AUTH_TIMEOUT);
        } else if (ISAuthConstants.EXCEED_RETRY_LIMIT.equals(le.getErrorCode())) {
            loginState.setErrorMessage(exceedRetryLimit);
            loginState.setErrorCode(AMAuthErrorCode.AUTH_USER_LOCKED_IN_DS);
        } else if (ISAuthConstants.SERVER_UNWILLING.equals(le.getErrorCode())) {
            loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
        }
        authContext.setLoginException(le);
    } catch (AuthException e) {
        if (debug.messageEnabled()) {
            debug.message("Exception : " + e.getMessage());
        }
        isFailed = true;
        loginState.setErrorCode(e.getErrorCode());
        loginState.logFailed(bundle.getString("loginFailed"));
        logFailedError = null;
        authContext.setLoginException(new AuthLoginException(BUNDLE_NAME, "loginFailed", null, e));
    } catch (Exception e) {
        debug.message("Error during login.. ");
        if (debug.messageEnabled()) {
            debug.message("Exception ", e);
        }
        isFailed = true;
        loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
        loginState.logFailed(bundle.getString("loginFailed"));
        logFailedError = null;
        authContext.setLoginException(new AuthLoginException(BUNDLE_NAME, "loginFailed", null, e));
    } catch (DSAMECallbackHandlerError error) {
        debug.message("Caught error returned from DSAMEHandler");
        return;
    }
    debug.message("Came to before if Failed loop");
    if (isFailed) {
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
            if (authImpl != null) {
                authImpl.incSsoServerAuthenticationFailureCount();
            }
        }
        if (loginSuccess) {
            // this is the case where authentication to modules
            // succeeded but framework failed to validate the
            // user, in this case populate with all module user
            // successfully authenticated as.
            loginState.setFailureModuleList(getSuccessModuleString(orgDN));
        } else {
            loginState.setFailureModuleList(getFailureModuleList(orgDN));
        }
        loginState.logFailed(logFailedMessage, logFailedError);
        auditor.auditLoginFailure(loginState, failureReason);
        setErrorMsgAndTemplate();
        loginStatus.setStatus(LoginStatus.AUTH_FAILED);
        if (indexType == IndexType.USER) {
            if (debug.messageEnabled()) {
                debug.message("Set failureId in user based auth " + indexName);
            }
            loginState.setFailedUserId(indexName);
        }
    } else {
        if (debug.messageEnabled()) {
            debug.message("AMLoginContext.runLogin: calling incSsoServerAuthenticationSuccessCount");
        }
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
        }
        if (authImpl != null && !loginState.isNoSession()) {
            authImpl.incSsoServerAuthenticationSuccessCount();
        }
    }
    if (debug.messageEnabled()) {
        debug.message("finished...login notify all threads\n" + "AMLoginContext:LoginStatus: " + loginStatus.getStatus());
    }
    if (isPureJAAS()) {
        authThread.removeFromHash(thread, "timeoutHash");
        // notify possible waiting thread
        loginState.setReceivedCallback(null, this);
    }
    isFailed = false;
    nullifyUsedVars();
}
Also used : DSAMECallbackHandlerError(com.sun.identity.authentication.service.DSAMECallbackHandler.DSAMECallbackHandlerError) MessageLoginException(com.sun.identity.authentication.spi.MessageLoginException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) LoginException(javax.security.auth.login.LoginException) MessageLoginException(com.sun.identity.authentication.spi.MessageLoginException) AuthErrorCodeException(com.sun.identity.authentication.spi.AuthErrorCodeException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException) SSOException(com.iplanet.sso.SSOException) AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException) AuthenticationFailureReason(org.forgerock.openam.audit.AuditConstants.AuthenticationFailureReason) InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException) AuthErrorCodeException(com.sun.identity.authentication.spi.AuthErrorCodeException)

Aggregations

SSOException (com.iplanet.sso.SSOException)1 AMConfigurationException (com.sun.identity.authentication.config.AMConfigurationException)1 DSAMECallbackHandlerError (com.sun.identity.authentication.service.DSAMECallbackHandler.DSAMECallbackHandlerError)1 AuthErrorCodeException (com.sun.identity.authentication.spi.AuthErrorCodeException)1 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1 InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)1 MessageLoginException (com.sun.identity.authentication.spi.MessageLoginException)1 LoginException (javax.security.auth.login.LoginException)1 AuthenticationFailureReason (org.forgerock.openam.audit.AuditConstants.AuthenticationFailureReason)1