Example 16 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class Application method process.
/**
* Implementation of <code>AMLoginModule</code> abstract method.
* Refer to <code>AMLoginModule</code> for method syntax.
*/
public int process(Callback[] callbacks, int state) throws AuthLoginException {
// check if there is any error during initialize
if (errorMsg != null) {
throw new AuthLoginException(amAuthApplication, errorMsg, null);
}
HttpServletRequest req = getHttpServletRequest();
String userName = null;
String newUserName = null;
String secretParam = null;
if (req != null) {
userName = req.getParameter("IDToken0");
secretParam = req.getParameter("IDToken1");
if (userName == null && secretParam == null) {
userName = req.getParameter("Login.Token0");
secretParam = req.getParameter("Login.Token1");
}
}
if (secretParam == null && userName == null) {
Map map = sendCallback();
if (map == null || map.isEmpty()) {
throw new AuthLoginException(amAuthApplication, "wrongSecret", null);
}
secretParam = (String) map.get("secret");
userName = (String) map.get("uid");
}
if (secretParam == null || secretParam.length() == 0) {
throw new AuthLoginException(amAuthApplication, "noPassword", null);
}
if (secret != null && secret.length() != 0 && secretParam.equals(secret)) {
if (debug.messageEnabled()) {
debug.message("App.validate, secret matched for user : " + userName);
}
if (userName == null || userName.length() == 0) {
// backward compatible with the gateway for portal
newUserName = ISAuthConstants.APPLICATION_USER_PREFIX + "gateway";
} else {
newUserName = ISAuthConstants.APPLICATION_USER_PREFIX + userName;
}
String userDNString = ISAuthConstants.APPLICATION_USER_NAMING_ATTR + "=" + newUserName + "," + ISAuthConstants.SPECIAL_USERS_CONTAINER + "," + SMSEntry.getRootSuffix();
if (!isValidUserEntry(userDNString)) {
debug.message(userDNString + " is not a valid special user entry");
if (!doFallbackAuth(userName, secretParam)) {
debug.error("App validation failed, User not Valid: " + userName);
setFailureID(userName);
throw new AuthLoginException(amAuthApplication, "userInvalid", null);
}
} else {
userTokenId = userDNString;
}
} else if (!doFallbackAuth(userName, secretParam)) {
debug.error("App validation failed, User not Valid: " + userName);
setFailureID(userName);
throw new AuthLoginException(amAuthApplication, "userInvalid", null);
}
return ISAuthConstants.LOGIN_SUCCEED;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 17 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class DataStore method process.
public int process(Callback[] callbacks, int state) throws AuthLoginException {
currentState = state;
int retVal = 0;
Callback[] idCallbacks = new Callback[2];
try {
if (currentState == ISAuthConstants.LOGIN_START) {
if (callbacks != null && callbacks.length == 0) {
userName = (String) sharedState.get(getUserKey());
userPassword = (String) sharedState.get(getPwdKey());
if (userName == null || userPassword == null) {
return ISAuthConstants.LOGIN_START;
}
NameCallback nameCallback = new NameCallback("dummy");
nameCallback.setName(userName);
idCallbacks[0] = nameCallback;
PasswordCallback passwordCallback = new PasswordCallback("dummy", false);
passwordCallback.setPassword(userPassword.toCharArray());
idCallbacks[1] = passwordCallback;
} else {
idCallbacks = callbacks;
//callbacks is not null
userName = ((NameCallback) callbacks[0]).getName();
char[] password = ((PasswordCallback) callbacks[1]).getPassword();
userPassword = password == null ? null : String.valueOf(password);
}
if (userName == null) {
debug.message("DataStore.process: Username is null/empty");
throw new UserNamePasswordValidationException("amAuth", "InvalidUP", null);
}
if (userPassword == null || userPassword.length() == 0) {
debug.message("DataStore.process: Password is null/empty");
throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
}
//store username password both in success and failure case
storeUsernamePasswd(userName, userPassword);
/*
Fix for OPENAM-1872. Reject usernames with illegal characters (e.g. * or ! or ) or ( or & ), just
like the LDAP LoginModule does. List of invalid characters comes from a new configuration entry (though
the list of illegal characters does not seem to be processed in validateUserName). I want the invocation
to be just like the LDAP LoginModule, and to handle the case in which the username format validator
cannot be successfully loaded in validateUserName.
*/
validateUserName(userName, CollectionHelper.getMapAttr(currentConfig, INVALID_CHARS));
AMIdentityRepository idrepo = getAMIdentityRepository(getRequestOrg());
boolean success = idrepo.authenticate(idCallbacks);
if (success) {
retVal = ISAuthConstants.LOGIN_SUCCEED;
validatedUserID = userName;
} else {
throw new AuthLoginException(amAuthDataStore, "authFailed", null);
}
} else {
setFailureID(userName);
throw new AuthLoginException(amAuthDataStore, "authFailed", null);
}
} catch (IdRepoException ex) {
debug.message("idRepo Exception");
setFailureID(userName);
throw new AuthLoginException(amAuthDataStore, "authFailed", null, ex);
}
return retVal;
}
Also used :
UserNamePasswordValidationException(com.sun.identity.authentication.spi.UserNamePasswordValidationException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdRepoException(com.sun.identity.idm.IdRepoException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Example 18 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class Adaptive method init.
@Override
public void init(Subject subject, Map sharedState, Map options) {
postAuthNMap = new HashMap<String, String>();
String authLevel = CollectionHelper.getMapAttr(options, AUTHLEVEL);
if (authLevel != null) {
try {
setAuthLevel(Integer.parseInt(authLevel));
} catch (Exception e) {
debug.error("{}.init : Unable to set auth level {}", ADAPTIVE, authLevel, e);
}
}
Locale locale = getLoginLocale();
initParams(options);
try {
userName = (String) sharedState.get(getUserKey());
} catch (Exception e) {
debug.error("{}.init : Unable to set userName", ADAPTIVE, e);
}
try {
userSearchAttributes = getUserAliasList();
} catch (final AuthLoginException ale) {
debug.warning("{}.init: unable to retrieve search attributes", ADAPTIVE, ale);
}
if (debug.messageEnabled()) {
debug.message("{}.init : resbundle locale={}, user search attributes={}", ADAPTIVE, locale, userSearchAttributes);
}
}
Also used :
Locale(java.util.Locale)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
ParseException(java.text.ParseException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IdRepoException(com.sun.identity.idm.IdRepoException)
GeoIp2Exception(com.maxmind.geoip2.exception.GeoIp2Exception)
IOException(java.io.IOException)
AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException)
Example 19 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class Anonymous method processAnonUser.
private boolean processAnonUser(String usernameParam) throws AuthLoginException {
if (usernameParam == null || usernameParam.length() == 0) {
debug.message("User Name entered is either NULL or Empty");
if (useSharedstate) {
return false;
}
throw new AuthLoginException(amAuthAnonymous, "UserError", null);
} else if (usernameParam.equalsIgnoreCase(defaultAnonUser)) {
debug.message("User Type: default Anon User");
if (isCaseSensitive && !usernameParam.equals(defaultAnonUser)) {
if (useSharedstate) {
return false;
}
setFailureID(usernameParam);
throw new AuthLoginException(amAuthAnonymous, "AnonValidateEx", null);
}
userTokenId = usernameParam;
} else if (validAnonUsernames != null && isValidAnonUserName()) {
debug.message("user is in anonymoususer's list");
debug.message("UserType: non default Anon User");
userTokenId = usernameParam;
} else {
if (useSharedstate) {
return false;
}
setFailureID(usernameParam);
throw new AuthLoginException(amAuthAnonymous, "AnonValidateEx", null);
}
return true;
}
Also used :
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Example 20 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class Anonymous method sendCallback.
private String sendCallback() throws AuthLoginException {
if (callbackHandler == null) {
throw new AuthLoginException(amAuthAnonymous, "NoCallbackHandler", null);
}
String username = null;
try {
Callback[] callbacks = new Callback[2];
String header = bundle.getString("moduleHeader");
PagePropertiesCallback ppc = new PagePropertiesCallback(null, header, null, 0, null, false, null);
callbacks[0] = ppc;
callbacks[1] = new NameCallback(bundle.getString("username"));
if (debug.messageEnabled()) {
debug.message("Callback 0 is.. :" + callbacks[0]);
debug.message("Callback 1 is.. :" + callbacks[1]);
}
callbackHandler.handle(callbacks);
username = ((NameCallback) callbacks[1]).getName();
return username;
} catch (IllegalArgumentException ill) {
debug.message("message type missing");
throw new AuthLoginException(amAuthAnonymous, "IllegalArgs", null);
} catch (java.io.IOException ioe) {
throw new AuthLoginException(ioe);
} catch (UnsupportedCallbackException uce) {
throw new AuthLoginException(amAuthAnonymous, "NoCallbackHandler", null);
}
}
Also used :
PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Aggregations
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)118
SSOException (com.iplanet.sso.SSOException)39
Callback (javax.security.auth.callback.Callback)29
IdRepoException (com.sun.identity.idm.IdRepoException)27
InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)25
NameCallback (javax.security.auth.callback.NameCallback)24
PasswordCallback (javax.security.auth.callback.PasswordCallback)23
IOException (java.io.IOException)20
Set (java.util.Set)18
HttpServletRequest (javax.servlet.http.HttpServletRequest)15
SSOToken (com.iplanet.sso.SSOToken)14
HashMap (java.util.HashMap)14
AuthContext (com.sun.identity.authentication.AuthContext)13
Map (java.util.Map)12
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12
Test (org.testng.annotations.Test)12
HashSet (java.util.HashSet)9
LoginException (javax.security.auth.login.LoginException)8
SSOTokenManager (com.iplanet.sso.SSOTokenManager)7
AuthException (com.sun.identity.authentication.service.AuthException)7
