Example 1 with AuthErrorCodeException
use of com.sun.identity.authentication.spi.AuthErrorCodeException in project OpenAM by OpenRock.
the class AMLoginContext method runLogin.
/**
* Starts the login process ,calls JAAS Login Context
*/
public void runLogin() {
Thread thread = Thread.currentThread();
String logFailedMessage = bundle.getString("loginFailed");
String logFailedError = null;
AuthenticationFailureReason failureReason = null;
AMAccountLockout amAccountLockout;
boolean loginSuccess = false;
try {
if (isPureJAAS()) {
loginContext.login();
subject = loginContext.getSubject();
} else {
jaasLoginContext.login();
subject = jaasLoginContext.getSubject();
}
loginState.setSubject(subject);
if (!loginState.isAuthValidForInternalUser()) {
if (debug.warningEnabled()) {
debug.warning("AMLoginContext.runLogin():auth failed, " + "using invalid realm name for internal user");
}
logFailedMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_MODULE_DENIED, AuthUtils.ERROR_MESSAGE);
logFailedError = "MODULEDENIED";
failureReason = MODULE_DENIED;
throw new AuthException(AMAuthErrorCode.AUTH_MODULE_DENIED, null);
}
debug.message("user authentication successful");
// retrieve authenticated user's profile or create
// a user profile if dynamic profile creation is
// is true
debug.message("searchUserProfile for Subject :");
boolean profileState = loginState.searchUserProfile(subject, indexType, indexName);
loginState.saveSubjectState();
loginSuccess = true;
if (!profileState) {
debug.error("Profile not found ");
logFailedMessage = bundle.getString("noUserProfile");
logFailedError = "NOUSERPROFILE";
failureReason = NO_USER_PROFILE;
loginState.setErrorCode(AMAuthErrorCode.AUTH_PROFILE_ERROR);
isFailed = true;
} else {
//update loginstate with authlevel , moduleName , role etc.
amAccountLockout = new AMAccountLockout(loginState);
if (amAccountLockout.isLockedOut()) {
debug.message("User locked out!!");
logFailedMessage = bundle.getString("lockOut");
logFailedError = "LOCKEDOUT";
failureReason = LOCKED_OUT;
loginState.setErrorCode(AMAuthErrorCode.AUTH_USER_LOCKED);
isFailed = true;
} else {
boolean accountExpired = false;
if (!loginState.ignoreProfile()) {
accountExpired = amAccountLockout.isAccountExpired();
}
if (accountExpired) {
debug.message("Account expired!!");
logFailedMessage = bundle.getString("accountExpired");
logFailedError = "ACCOUNTEXPIRED";
failureReason = ACCOUNT_EXPIRED;
loginState.setErrorCode(AMAuthErrorCode.AUTH_ACCOUNT_EXPIRED);
isFailed = true;
} else {
// came here successful auth.
if (debug.messageEnabled()) {
debug.message("authContext is : " + authContext);
debug.message("loginSTate is : " + loginState);
}
updateLoginState(indexType, indexName, configName, orgDN);
//activate session
Object lcInSession;
if (isPureJAAS()) {
lcInSession = loginContext;
} else {
lcInSession = jaasLoginContext;
}
boolean sessionActivated = loginState.activateSession(subject, authContext, lcInSession);
if (sessionActivated) {
loginState.logSuccess();
auditor.auditLoginSuccess(loginState);
if (amAccountLockout.isLockoutEnabled()) {
amAccountLockout.resetPasswdLockout(loginState.getUserDN(), true);
}
loginStatus.setStatus(LoginStatus.AUTH_SUCCESS);
loginState.updateSessionForFailover();
debug.message("login success");
} else {
logFailedMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_MAX_SESSION_REACHED, AuthUtils.ERROR_MESSAGE);
logFailedError = "MAXSESSIONREACHED";
failureReason = MAX_SESSION_REACHED;
throw new AuthException(AMAuthErrorCode.AUTH_MAX_SESSION_REACHED, null);
}
}
}
}
} catch (InvalidPasswordException ipe) {
debug.message("Invalid Password : ");
if (debug.messageEnabled()) {
debug.message("Exception ", ipe);
}
String failedUserId = ipe.getTokenId();
if (debug.messageEnabled()) {
debug.message("Invalid Password Exception " + failedUserId);
}
if (failedUserId != null) {
amAccountLockout = new AMAccountLockout(loginState);
accountLocked = amAccountLockout.isLockedOut(failedUserId);
if ((!accountLocked) && (amAccountLockout.isLockoutEnabled())) {
amAccountLockout.invalidPasswd(failedUserId);
checkWarningCount(amAccountLockout);
accountLocked = amAccountLockout.isAccountLocked(failedUserId);
}
}
logFailedMessage = bundle.getString("invalidPasswd");
logFailedError = "INVALIDPASSWORD";
failureReason = INVALID_PASSWORD;
if (accountLocked) {
if (failedUserId != null) {
loginState.logFailed(failedUserId, "LOCKEDOUT");
} else {
loginState.logFailed("LOCKEDOUT");
}
auditor.auditLoginFailure(loginState, LOCKED_OUT);
}
loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
isFailed = true;
authContext.setLoginException(ipe);
} catch (AuthErrorCodeException e) {
if (debug.messageEnabled()) {
debug.message(e.getMessage());
}
isFailed = true;
java.util.Locale locale = com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale());
loginState.setModuleErrorMessage(e.getL10NMessage(locale));
loginState.setErrorCode(e.getAuthErrorCode());
authContext.setLoginException(e);
} catch (MessageLoginException me) {
if (debug.messageEnabled()) {
debug.message("LOGINFAILED MessageAuthLoginException....");
debug.message("Exception ", me);
}
java.util.Locale locale = com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale());
loginState.setModuleErrorMessage(me.getL10NMessage(locale));
loginState.setErrorMessage(me.getL10NMessage(locale));
isFailed = true;
authContext.setLoginException(me);
} catch (AuthLoginException le) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
if (AMAuthErrorCode.AUTH_MODULE_DENIED.equals(le.getMessage())) {
if (debug.warningEnabled()) {
debug.warning("AMLoginContext.runLogin():auth failed, using invalid auth module name for internal user");
}
logFailedMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_MODULE_DENIED, AuthUtils.ERROR_MESSAGE);
logFailedError = "MODULEDENIED";
failureReason = MODULE_DENIED;
loginState.setErrorCode(AMAuthErrorCode.AUTH_MODULE_DENIED);
} else if (AMAuthErrorCode.AUTH_TIMEOUT.equals(le.getMessage())) {
debug.message("LOGINFAILED Error Timed Out....");
} else if (ISAuthConstants.EXCEED_RETRY_LIMIT.equals(le.getErrorCode())) {
debug.message("LOGINFAILED ExceedRetryLimit");
} else {
debug.message("LOGINFAILED Error....");
}
if (debug.messageEnabled()) {
debug.message("Exception : ", le);
}
isFailed = true;
if (loginState.isTimedOut()) {
logFailedMessage = bundle.getString("loginTimeout");
logFailedError = "LOGINTIMEOUT";
failureReason = LOGIN_TIMEOUT;
loginState.setErrorCode(AMAuthErrorCode.AUTH_TIMEOUT);
} else if (ISAuthConstants.EXCEED_RETRY_LIMIT.equals(le.getErrorCode())) {
loginState.setErrorMessage(exceedRetryLimit);
loginState.setErrorCode(AMAuthErrorCode.AUTH_USER_LOCKED_IN_DS);
} else if (ISAuthConstants.SERVER_UNWILLING.equals(le.getErrorCode())) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
}
authContext.setLoginException(le);
} catch (AuthException e) {
if (debug.messageEnabled()) {
debug.message("Exception : " + e.getMessage());
}
isFailed = true;
loginState.setErrorCode(e.getErrorCode());
loginState.logFailed(bundle.getString("loginFailed"));
logFailedError = null;
authContext.setLoginException(new AuthLoginException(BUNDLE_NAME, "loginFailed", null, e));
} catch (Exception e) {
debug.message("Error during login.. ");
if (debug.messageEnabled()) {
debug.message("Exception ", e);
}
isFailed = true;
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
loginState.logFailed(bundle.getString("loginFailed"));
logFailedError = null;
authContext.setLoginException(new AuthLoginException(BUNDLE_NAME, "loginFailed", null, e));
} catch (DSAMECallbackHandlerError error) {
debug.message("Caught error returned from DSAMEHandler");
return;
}
debug.message("Came to before if Failed loop");
if (isFailed) {
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
if (loginSuccess) {
// this is the case where authentication to modules
// succeeded but framework failed to validate the
// user, in this case populate with all module user
// successfully authenticated as.
loginState.setFailureModuleList(getSuccessModuleString(orgDN));
} else {
loginState.setFailureModuleList(getFailureModuleList(orgDN));
}
loginState.logFailed(logFailedMessage, logFailedError);
auditor.auditLoginFailure(loginState, failureReason);
setErrorMsgAndTemplate();
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
if (indexType == IndexType.USER) {
if (debug.messageEnabled()) {
debug.message("Set failureId in user based auth " + indexName);
}
loginState.setFailedUserId(indexName);
}
} else {
if (debug.messageEnabled()) {
debug.message("AMLoginContext.runLogin: calling incSsoServerAuthenticationSuccessCount");
}
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
}
if (authImpl != null && !loginState.isNoSession()) {
authImpl.incSsoServerAuthenticationSuccessCount();
}
}
if (debug.messageEnabled()) {
debug.message("finished...login notify all threads\n" + "AMLoginContext:LoginStatus: " + loginStatus.getStatus());
}
if (isPureJAAS()) {
authThread.removeFromHash(thread, "timeoutHash");
// notify possible waiting thread
loginState.setReceivedCallback(null, this);
}
isFailed = false;
nullifyUsedVars();
}
Also used :
DSAMECallbackHandlerError(com.sun.identity.authentication.service.DSAMECallbackHandler.DSAMECallbackHandlerError)
MessageLoginException(com.sun.identity.authentication.spi.MessageLoginException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
LoginException(javax.security.auth.login.LoginException)
MessageLoginException(com.sun.identity.authentication.spi.MessageLoginException)
AuthErrorCodeException(com.sun.identity.authentication.spi.AuthErrorCodeException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
SSOException(com.iplanet.sso.SSOException)
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
AuthenticationFailureReason(org.forgerock.openam.audit.AuditConstants.AuthenticationFailureReason)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
AuthErrorCodeException(com.sun.identity.authentication.spi.AuthErrorCodeException)
Example 2 with AuthErrorCodeException
use of com.sun.identity.authentication.spi.AuthErrorCodeException in project OpenAM by OpenRock.
the class HOTP method process.
public int process(Callback[] callbacks, int state) throws AuthLoginException {
if (skip) {
debug.message("Skipping HOTP module");
return ISAuthConstants.LOGIN_SUCCEED;
}
if (userName == null || userName.length() == 0) {
throw new AuthLoginException("amAuth", "noUserName", null);
}
if (state == 1) {
if (hotpAutoClicking) {
debug.message("Auto sending OTP code");
try {
hotpService.sendHOTP();
substituteHeader(START_STATE, bundle.getString("send.success"));
} catch (AuthLoginException ale) {
throw new AuthErrorCodeException(AMAuthErrorCode.AUTH_ERROR, amAuthHOTP, "send.failure");
}
}
return START_STATE;
}
currentState = state;
int action = 0;
try {
if (currentState == START_STATE) {
// action = 1 is Request HOTP Code Button
if (callbacks != null && callbacks.length == 2) {
action = ((ConfirmationCallback) callbacks[1]).getSelectedIndex();
if (debug.messageEnabled()) {
debug.message("HOTP.process() : " + "LOGIN page button index: " + action);
}
if (action == 0) {
//Submit HOTP Code
enteredHOTPCode = String.valueOf(((PasswordCallback) callbacks[0]).getPassword());
if (enteredHOTPCode == null || enteredHOTPCode.length() == 0) {
if (debug.messageEnabled()) {
debug.message("HOTP.process() : " + "invalid HOTP code");
}
setFailureID(userName);
throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
}
// Enforce the code validate time HOTP module config
if (hotpService.isValidHOTP(enteredHOTPCode)) {
return ISAuthConstants.LOGIN_SUCCEED;
} else {
setFailureID(userName);
throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
}
} else {
// Send HOTP Code
try {
hotpService.sendHOTP();
substituteHeader(START_STATE, bundle.getString("send.success"));
} catch (AuthLoginException ale) {
throw new AuthErrorCodeException(AMAuthErrorCode.AUTH_ERROR, amAuthHOTP, "send.failure");
}
return START_STATE;
}
} else {
setFailureID(userName);
throw new AuthLoginException(amAuthHOTP, "authFailed", null);
}
} else {
setFailureID(userName);
throw new AuthLoginException(amAuthHOTP, "authFailed", null);
}
} catch (NumberFormatException ex) {
debug.error("HOTP.process() : NumberFormatException Exception", ex);
if (userName != null && userName.length() != 0) {
setFailureID(userName);
}
throw new AuthLoginException(amAuthHOTP, "authFailed", null, ex);
}
}
Also used :
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
AuthErrorCodeException(com.sun.identity.authentication.spi.AuthErrorCodeException)
Aggregations
AuthErrorCodeException (com.sun.identity.authentication.spi.AuthErrorCodeException)2
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2
InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)2
SSOException (com.iplanet.sso.SSOException)1
AMConfigurationException (com.sun.identity.authentication.config.AMConfigurationException)1
DSAMECallbackHandlerError (com.sun.identity.authentication.service.DSAMECallbackHandler.DSAMECallbackHandlerError)1
MessageLoginException (com.sun.identity.authentication.spi.MessageLoginException)1
PasswordCallback (javax.security.auth.callback.PasswordCallback)1
LoginException (javax.security.auth.login.LoginException)1
AuthenticationFailureReason (org.forgerock.openam.audit.AuditConstants.AuthenticationFailureReason)1
