use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class LoginViewBean method getLoginDisplay.
protected void getLoginDisplay() throws Exception {
loginDebug.message("In getLoginDisplay()");
if (!bAuthLevel) {
prepareLoginParams();
}
if (loginDebug.messageEnabled()) {
loginDebug.message("Login Parameters : IndexType = " + indexType + " IndexName = " + indexName);
}
try {
if (indexType != null) {
if (indexType.equals(AuthContext.IndexType.RESOURCE)) {
ac.login(indexType, indexName, envMap, null);
} else {
ac.login(indexType, indexName);
}
} else {
ac.login();
}
} catch (AuthLoginException le) {
loginDebug.message("AuthContext()::login error ", le);
if ((ac.getStatus() == AuthContext.Status.RESET) || (ac.getStatus() == AuthContext.Status.ORG_MISMATCH)) {
loginDebug.message("getLoginDisplay(): Destroying current session!");
InternalSession oldSession = AuthUtils.getOldSession(ac);
if (AuthUtils.isSessionUpgrade(ac)) {
clearCookieAndDestroySession(ac);
loginDebug.message("getLoginDisplay(): Session upgrade - " + " Restoring original Session!");
if (oldSession != null) {
ac.getLoginState().setSession(oldSession);
String redirect_url = AuthUtils.getSuccessURL(request, ac);
if (loginDebug.messageEnabled()) {
loginDebug.message("Session Upgrade - redirect_url : " + redirect_url);
}
response.sendRedirect(redirect_url);
}
forward = false;
} else {
clearCookieAndDestroySession(ac);
if (oldSession != null) {
loginDebug.message("Destroy existing/old valid session");
AuthD authD = AuthD.getAuth();
authD.destroySession(oldSession.getID());
}
ac = null;
handleAuthLoginException(le);
}
} else {
handleAuthLoginException(le);
}
return;
}
try {
// Get the information requested by the respective auth module
if (ac.hasMoreRequirements()) {
loginDebug.message("In getLoginDisplay, has More Requirements");
callbacks = ac.getRequirements();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof HttpCallback) {
processHttpCallback((HttpCallback) callbacks[i]);
return;
} else if (callbacks[i] instanceof RedirectCallback) {
processRedirectCallback((RedirectCallback) callbacks[i]);
return;
} else if (!bAuthLevel && !newOrgExist) {
// Auth Level login will never do one page login.
if (callbacks[i] instanceof NameCallback) {
if (reqDataHash.get(TOKEN + Integer.toString(i)) != null) {
onePageLogin = true;
break;
} else if (reqDataHash.get(TOKEN_OLD + Integer.toString(i)) != null) {
onePageLogin = true;
break;
}
} else if (callbacks[i] instanceof PasswordCallback) {
if (reqDataHash.get(TOKEN + Integer.toString(i)) != null) {
onePageLogin = true;
break;
} else if (reqDataHash.get(TOKEN_OLD + Integer.toString(i)) != null) {
onePageLogin = true;
break;
}
} else if (callbacks[i] instanceof ChoiceCallback) {
if (reqDataHash.get(TOKEN + Integer.toString(i)) != null) {
onePageLogin = true;
break;
} else if (reqDataHash.get(TOKEN_OLD + Integer.toString(i)) != null) {
onePageLogin = true;
break;
}
} else if (callbacks[i] instanceof ConfirmationCallback) {
if (reqDataHash.get(BUTTON) != null) {
onePageLogin = true;
break;
} else if (reqDataHash.get(BUTTON_OLD) != null) {
onePageLogin = true;
break;
}
}
}
}
if (onePageLogin && AuthUtils.isZeroPageLoginAllowed(ac.getLoginState().getZeroPageLoginConfig(), request)) {
// user input login info in URL
loginDebug.message("User input login information in URL!");
processLoginDisplay();
} else {
addLoginCallbackMessage(callbacks);
if (!LoginFail) {
//if the login already failed, then LoginState is already
//nullified, hence any attempt of calling this method
//the errormessage/code/template should be already set
//so a proper error page is shown.
AuthUtils.setCallbacksPerState(ac, pageState, callbacks);
}
}
} else {
if (loginDebug.messageEnabled()) {
loginDebug.message("No more Requirements in getLoginDisplay");
loginDebug.message("Status is : " + ac.getStatus());
}
if (ac.getStatus() == AuthContext.Status.SUCCESS) {
LoginSuccess = true;
ResultVal = rb.getString("authentication.successful");
/*
* redirect to 'goto' parameter or SPI hook or default
* redirect URL.
*/
redirect_url = AuthUtils.getLoginSuccessURL(ac);
if ((redirect_url != null) && (redirect_url.length() != 0)) {
if (loginDebug.messageEnabled()) {
loginDebug.message("LoginSuccessURL in getLoginDisplay " + "(in case of successful auth) : " + redirect_url);
}
}
} else if (ac.getStatus() == AuthContext.Status.FAILED) {
handleAuthLoginException(null);
/*
* redirect to 'goto' parameter or SPI hook or default
* redirect URL.
*/
redirect_url = AuthUtils.getLoginFailedURL(ac);
if ((redirect_url != null) && (redirect_url.length() != 0)) {
if (loginDebug.messageEnabled()) {
loginDebug.message("LoginFailedURL in getLoginDisplay : " + redirect_url);
}
}
} else {
/*
* redirect to 'goto' parameter or SPI hook or default
* redirect URL.
*/
redirect_url = AuthUtils.getLoginFailedURL(ac);
if (loginDebug.warningEnabled()) {
loginDebug.warning("Login Status is " + ac.getStatus() + " - redirect to loginFailedURL : " + redirect_url);
}
setErrorMessage(null);
}
}
} catch (Exception e) {
setErrorMessage(e);
throw new L10NMessageImpl(bundleName, "loginDisplay.get", new Object[] { e.getMessage() });
}
}
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class Federation method process.
/**
* Process the authentication request.
* @return ISAuthConstants.LOGIN_SUCCEED as succeeded;
* ISAuthConstants.LOGIN_IGNORE as failed.
* @exception AuthLoginException upon any failure. login state should be
* kept on exceptions for status check in auth chaining.
*/
public int process(Callback[] callbacks, int state) throws AuthLoginException {
String randomSecret = null;
String principalName = null;
String authLevel = null;
try {
Callback[] cbs = new Callback[3];
cbs[0] = new NameCallback(FMSessionProvider.RANDOM_SECRET);
cbs[1] = new NameCallback(SessionProvider.PRINCIPAL_NAME);
cbs[2] = new NameCallback(SessionProvider.AUTH_LEVEL);
callbackHandler.handle(cbs);
randomSecret = ((NameCallback) cbs[0]).getName();
principalName = ((NameCallback) cbs[1]).getName();
authLevel = ((NameCallback) cbs[2]).getName();
} catch (IllegalArgumentException ill) {
throw new AuthLoginException(fmAuthFederation, "IllegalArgs", null);
} catch (IOException ioe) {
throw new AuthLoginException(ioe);
} catch (UnsupportedCallbackException uce) {
throw new AuthLoginException(fmAuthFederation, "UnsupportedCallback", null);
}
if (!FMSessionProvider.matchSecret(randomSecret)) {
throw new AuthLoginException(fmAuthFederation, "NoMatchingSecret", null);
}
HttpServletRequest request = getHttpServletRequest();
if (request != null) {
Map<String, Set<String>> attrs = (Map<String, Set<String>>) request.getAttribute(SessionProvider.ATTR_MAP);
if (attrs != null) {
setUserAttributes(attrs);
request.removeAttribute(SessionProvider.ATTR_MAP);
}
}
// TBD: This piece may or may not be needed
/*
DN dnObject = new DN(userName);
String [] array = dnObject.explodeDN(true);
userName = array[0];
*/
debug.message("Module is successful");
storeUsernamePasswd(principalName, null);
userName = principalName;
if (authLevel != null && authLevel.length() != 0) {
try {
int authLevelInt = Integer.parseInt(authLevel);
setAuthLevel(authLevelInt);
} catch (Exception e) {
debug.error("Unable to set auth level " + authLevel, e);
}
}
return ISAuthConstants.LOGIN_SUCCEED;
}
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class LogSampleUtils method realmLogin.
public SSOToken realmLogin(String userid, String password, AuthContext ac) throws SSOException, AuthLoginException, Exception {
String adminDN;
String adminPassword;
SSOToken ssoToken = null;
String userID = null;
try {
ac.login();
} catch (AuthLoginException le) {
System.err.println("LogSampleUtils: Failed to start login " + "for default auth module.");
throw le;
}
userID = userid;
Callback[] callbacks = null;
Hashtable values = new Hashtable();
values.put(AuthXMLTags.NAME_CALLBACK, userid);
values.put(AuthXMLTags.PASSWORD_CALLBACK, password);
while (ac.hasMoreRequirements()) {
callbacks = ac.getRequirements();
try {
fillCallbacks(callbacks, values);
ac.submitRequirements(callbacks);
} catch (Exception e) {
System.err.println("Failed to submit callbacks!");
e.printStackTrace();
return null;
}
}
AuthContext.Status istat = ac.getStatus();
if (istat == AuthContext.Status.SUCCESS) {
System.out.println("==>Authentication SUCCESSFUL for user " + userid);
} else if (istat == AuthContext.Status.COMPLETED) {
System.out.println("==>Authentication Status for user " + userid + " = " + istat);
return null;
}
try {
ssoToken = ac.getSSOToken();
} catch (Exception e) {
System.err.println("Failed to get SSO token!");
throw e;
}
return ssoToken;
}
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class IdRepoSampleUtils method realmLogin.
public SSOToken realmLogin(String userid, String password, String realm) throws SSOException, AuthLoginException, Exception {
SSOTokenManager mgr;
String adminDN;
String adminPassword;
SSOToken ssoToken = null;
AuthContext.IndexType authType = AuthContext.IndexType.MODULE_INSTANCE;
try {
lc = new AuthContext(realm);
} catch (AuthLoginException le) {
System.err.println("IdRepoSampleUtils: could not get AuthContext for realm " + realm);
throw le;
}
try {
lc.login();
} catch (AuthLoginException le) {
System.err.println("IdRepoSampleUtils: Failed to start login " + "for default authmodule");
throw le;
}
userID = userid;
Callback[] callbacks = null;
Hashtable values = new Hashtable();
values.put(AuthXMLTags.NAME_CALLBACK, userid);
values.put(AuthXMLTags.PASSWORD_CALLBACK, password);
while (lc.hasMoreRequirements()) {
callbacks = lc.getRequirements();
try {
fillCallbacks(callbacks, values);
lc.submitRequirements(callbacks);
} catch (Exception e) {
System.err.println("Failed to submit callbacks!");
e.printStackTrace();
return null;
}
}
AuthContext.Status istat = lc.getStatus();
if (istat == AuthContext.Status.SUCCESS) {
System.out.println("==>Authentication SUCCESSFUL for user " + userid);
} else if (istat == AuthContext.Status.COMPLETED) {
System.out.println("==>Authentication Status for user " + userid + " = " + istat);
return null;
}
try {
ssoToken = lc.getSSOToken();
} catch (Exception e) {
System.err.println("Failed to get SSO token! " + e.getMessage());
throw e;
}
return ssoToken;
}
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class DJLDAPv3Repo method authenticate.
/**
* Tries to bind as the user with the credentials passed in via callbacks. This authentication mechanism does not
* handle password policies, nor password expiration.
*
* @param credentials The username/password combination.
* @return <code>true</code> if the bind operation was successful.
* @throws IdRepoException If the passed in username/password was null, or if the specified user cannot be found.
* @throws AuthLoginException If an LDAP error occurs during authentication.
* @throws InvalidPasswordException If the provided password is not valid, so Account Lockout can be triggered.
*/
@Override
public boolean authenticate(Callback[] credentials) throws IdRepoException, AuthLoginException {
if (DEBUG.messageEnabled()) {
DEBUG.message("authenticate invoked");
}
String userName = null;
char[] password = null;
for (Callback callback : credentials) {
if (callback instanceof NameCallback) {
userName = ((NameCallback) callback).getName();
} else if (callback instanceof PasswordCallback) {
password = ((PasswordCallback) callback).getPassword();
}
}
if (userName == null || password == null) {
throw newIdRepoException(IdRepoErrorCode.UNABLE_TO_AUTHENTICATE, CLASS_NAME);
}
String dn = findDNForAuth(IdType.USER, userName);
Connection conn = null;
try {
BindRequest bindRequest = LDAPRequests.newSimpleBindRequest(dn, password);
conn = bindConnectionFactory.getConnection();
BindResult bindResult = conn.bind(bindRequest);
return bindResult.isSuccess();
} catch (LdapException ere) {
ResultCode resultCode = ere.getResult().getResultCode();
if (DEBUG.messageEnabled()) {
DEBUG.message("An error occurred while trying to authenticate a user: " + ere.toString());
}
if (resultCode.equals(ResultCode.INVALID_CREDENTIALS)) {
throw new InvalidPasswordException(AM_AUTH, "InvalidUP", null, userName, null);
} else if (resultCode.equals(ResultCode.UNWILLING_TO_PERFORM) || resultCode.equals(ResultCode.CONSTRAINT_VIOLATION)) {
throw new AuthLoginException(AM_AUTH, "FAuth", null);
} else if (resultCode.equals(ResultCode.INAPPROPRIATE_AUTHENTICATION)) {
throw new AuthLoginException(AM_AUTH, "InappAuth", null);
} else {
throw new AuthLoginException(AM_AUTH, "LDAPex", null);
}
} finally {
IOUtils.closeIfNotNull(conn);
}
}
Aggregations