Example 31 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class LDAP method processLoginScreen.
private void processLoginScreen(ModuleState newState) throws AuthLoginException {
try {
switch(newState) {
case SUCCESS:
validatedUserID = ldapUtil.getUserId();
createProfile();
currentState = ISAuthConstants.LOGIN_SUCCEED;
setForceCallbacksRead(false);
break;
case PASSWORD_EXPIRING:
{
String fmtMsg = bundle.getString("PasswordExp");
String msg = com.sun.identity.shared.locale.Locale.formatMessage(fmtMsg, ldapUtil.getExpTime());
/**
* In case of sharedstate if the chain breaks in ldap
* because of abnormal condition like pwd expiring
* then the callbacks has to be read fresh so that new
* screen appears for the user.
*/
setForceCallbacksRead(true);
forceCallbacksInit();
replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), msg);
}
currentState = LoginScreen.PASSWORD_CHANGE.intValue();
break;
case PASSWORD_RESET_STATE:
case CHANGE_AFTER_RESET:
isReset = true;
String resetMsg = bundle.getString("PasswordReset");
/**
* In case of sharedstate if the chain breaks in ldap
* because of abnormal condition like pwd reset
* then the callbacks has to be read fresh so that new
* screen appears for the user.
*/
setForceCallbacksRead(true);
forceCallbacksInit();
replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), resetMsg);
currentState = LoginScreen.PASSWORD_CHANGE.intValue();
break;
case PASSWORD_EXPIRED_STATE:
setFailureID(ldapUtil.getUserId(userName));
currentState = LoginScreen.PASSWORD_EXPIRED_SCREEN.intValue();
break;
case ACCOUNT_LOCKED:
setFailureID(ldapUtil.getUserId(userName));
currentState = LoginScreen.ACCOUNT_LOCKED.intValue();
break;
case GRACE_LOGINS:
{
String fmtMsg = bundle.getString("GraceLogins");
String msg = com.sun.identity.shared.locale.Locale.formatMessage(fmtMsg, ldapUtil.getGraceLogins());
setForceCallbacksRead(true);
forceCallbacksInit();
if (ldapUtil.getGraceLogins() == 1) {
Callback[] callback = getCallback(LoginScreen.PASSWORD_CHANGE.intValue());
for (int i = 0; i < callback.length; i++) {
Callback cbk = callback[i];
if (cbk instanceof ConfirmationCallback) {
ConfirmationCallback confirm = (ConfirmationCallback) cbk;
String[] options = confirm.getOptions();
String[] newOptions = new String[1];
System.arraycopy(options, 0, newOptions, 0, 1);
ConfirmationCallback newConfirm = new ConfirmationCallback(confirm.getMessageType(), newOptions, confirm.getDefaultOption());
replaceCallback(LoginScreen.PASSWORD_CHANGE.intValue(), i, newConfirm);
}
}
}
replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), msg);
}
currentState = LoginScreen.PASSWORD_CHANGE.intValue();
break;
case TIME_BEFORE_EXPIRATION:
{
String fmtMsg = bundle.getString("TimeBeforeExpiration");
String msg = com.sun.identity.shared.locale.Locale.formatMessage(fmtMsg, ldapUtil.getExpTime());
setForceCallbacksRead(true);
forceCallbacksInit();
replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), msg);
}
currentState = LoginScreen.PASSWORD_CHANGE.intValue();
case USER_NOT_FOUND:
throw new LDAPUtilException("noUserMatchFound", (Object[]) null);
case SERVER_DOWN:
throw new AuthLoginException(AM_AUTH, "LDAPex", null);
default:
}
} catch (LDAPUtilException ex) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
currentState = LoginScreen.LOGIN_START.intValue();
return;
}
if (newState != ModuleState.USER_NOT_FOUND) {
debug.error("Unknown Login State:", ex);
}
throw new AuthLoginException(AM_AUTH, "LDAPex", null, ex);
}
}
Also used :
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback)
Callback(javax.security.auth.callback.Callback)
ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException)
Example 32 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class Membership method loginUser.
private ModuleState loginUser(Callback[] callbacks) throws AuthLoginException {
String password = null;
Callback[] idCallbacks = new Callback[2];
try {
if (callbacks != null && callbacks.length == 0) {
userName = (String) sharedState.get(getUserKey());
password = (String) sharedState.get(getPwdKey());
if (userName == null || password == null) {
return ModuleState.LOGIN_START;
}
getCredentialsFromSharedState = true;
NameCallback nameCallback = new NameCallback("dummy");
nameCallback.setName(userName);
idCallbacks[0] = nameCallback;
PasswordCallback passwordCallback = new PasswordCallback("dummy", false);
passwordCallback.setPassword(password.toCharArray());
idCallbacks[1] = passwordCallback;
} else {
idCallbacks = callbacks;
//callbacks is not null
userName = ((NameCallback) callbacks[0]).getName();
password = String.valueOf(((PasswordCallback) callbacks[1]).getPassword());
}
if (password == null || password.length() == 0) {
if (debug.messageEnabled()) {
debug.message("Membership.loginUser: Password is null/empty");
}
throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
}
//store username password both in success and failure case
storeUsernamePasswd(userName, password);
initAuthConfig();
AMIdentityRepository idrepo = getAMIdentityRepository(getRequestOrg());
boolean success = idrepo.authenticate(idCallbacks);
if (success) {
validatedUserID = userName;
return ModuleState.COMPLETE;
} else {
throw new AuthLoginException(amAuthMembership, "authFailed", null);
}
} catch (IdRepoException ex) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
return ModuleState.LOGIN_START;
}
if (debug.warningEnabled()) {
debug.warning("idRepo Exception");
}
setFailureID(userName);
throw new AuthLoginException(amAuthMembership, "authFailed", null, ex);
}
}
Also used :
PasswordCallback(javax.security.auth.callback.PasswordCallback)
ChoiceCallback(javax.security.auth.callback.ChoiceCallback)
NameCallback(javax.security.auth.callback.NameCallback)
ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdRepoException(com.sun.identity.idm.IdRepoException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Example 33 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class AuthenticationServiceV1Test method shouldReturnFrenchErrorMessageFromCause.
@Test
public void shouldReturnFrenchErrorMessageFromCause() throws IOException {
// given
Request httpRequest = new Request();
AuthLoginException ale = new AuthLoginException("amAuth", "120", null);
RestAuthException exception = new RestAuthException(401, ale);
httpRequest.getHeaders().put("Accept-Language", "fr-fr");
// when
String message = authServiceV1.getLocalizedMessage(httpRequest, exception);
// then
assertThat(message).isEqualTo("L’authentification sur module n’est pas autorisée.");
}
Also used :
RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)
Request(org.forgerock.http.protocol.Request)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Test(org.testng.annotations.Test)
Example 34 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class AuthContext method getAuthenticationHandle.
protected String getAuthenticationHandle(Document document) throws AuthLoginException {
Node responseNode = XMLUtils.getRootNode(document, AuthXMLTags.RESPONSE);
if (responseNode == null) {
throw new AuthLoginException(amAuthContext, "responseError", null);
}
String authID = XMLUtils.getNodeAttributeValue(responseNode, AuthXMLTags.AUTH_ID_HANDLE);
return (authID);
}
Also used :
Node(org.w3c.dom.Node)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Example 35 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class AuthContext method runRemoteLogin.
private void runRemoteLogin(IndexType indexType, String indexName, String[] params, Map envMap, String locale, HttpServletRequest req, HttpServletResponse res) throws AuthLoginException {
try {
String xmlString;
// remote auth
StringBuilder request = new StringBuilder(100);
String authHandle = getAuthHandle();
if (ssoTokenID != null && "0".equals(authHandle)) {
if (authDebug.messageEnabled()) {
authDebug.message("AuthContext.runRemoteLogin: Found SSOTokenID " + ssoTokenID);
}
authHandle = ssoTokenID;
}
request.append(MessageFormat.format(AuthXMLTags.XML_REQUEST_PREFIX, authHandle));
if (appSSOToken != null) {
request.append(AuthXMLTags.APPSSOTOKEN_BEGIN);
request.append(appSSOToken.getTokenID().toString());
request.append(AuthXMLTags.APPSSOTOKEN_END);
}
request.append(AuthXMLTags.LOGIN_BEGIN);
if (!useOldStyleRemoteAuthentication) {
request.append(AuthXMLTags.SPACE).append(AuthXMLTags.ORG_NAME_ATTR).append(AuthXMLTags.EQUAL).append(AuthXMLTags.QUOTE).append(XMLUtils.escapeSpecialCharacters(organizationName)).append(AuthXMLTags.QUOTE);
if (hostName != null) {
request.append(AuthXMLTags.SPACE).append(AuthXMLTags.HOST_NAME_ATTR).append(AuthXMLTags.EQUAL).append(AuthXMLTags.QUOTE).append(XMLUtils.escapeSpecialCharacters(hostName)).append(AuthXMLTags.QUOTE);
}
if (locale != null && !locale.isEmpty()) {
request.append(AuthXMLTags.SPACE).append(AuthXMLTags.LOCALE).append(AuthXMLTags.EQUAL).append(AuthXMLTags.QUOTE).append(XMLUtils.escapeSpecialCharacters(locale)).append(AuthXMLTags.QUOTE);
}
if (forceAuth) {
request.append(AuthXMLTags.SPACE).append(AuthXMLTags.FORCE_AUTH_ATTR).append(AuthXMLTags.EQUAL).append(AuthXMLTags.QUOTE).append("true").append(AuthXMLTags.QUOTE);
}
}
request.append(AuthXMLTags.ELEMENT_END);
if (indexType != null) {
request.append(AuthXMLTags.INDEX_TYPE_PAIR_BEGIN).append(AuthXMLTags.SPACE).append(AuthXMLTags.INDEX_TYPE).append(AuthXMLTags.EQUAL).append(AuthXMLTags.QUOTE);
if (indexType == IndexType.USER) {
request.append(AuthXMLTags.INDEX_TYPE_USER_ATTR);
} else if (indexType == IndexType.ROLE) {
request.append(AuthXMLTags.INDEX_TYPE_ROLE_ATTR);
} else if (indexType == IndexType.SERVICE) {
request.append(AuthXMLTags.INDEX_TYPE_SVC_ATTR);
} else if (indexType == IndexType.MODULE_INSTANCE) {
request.append(AuthXMLTags.INDEX_TYPE_MODULE_ATTR);
} else if (indexType == IndexType.LEVEL) {
request.append(AuthXMLTags.INDEX_TYPE_LEVEL_ATTR);
} else if (indexType == IndexType.COMPOSITE_ADVICE) {
request.append(AuthXMLTags.INDEX_TYPE_COMPOSITE_ADVICE_ATTR);
} else if (indexType == IndexType.RESOURCE) {
request.append(AuthXMLTags.INDEX_TYPE_RESOURCE);
}
request.append(AuthXMLTags.QUOTE).append(AuthXMLTags.ELEMENT_END).append(AuthXMLTags.INDEX_NAME_BEGIN).append(XMLUtils.escapeSpecialCharacters(indexName)).append(AuthXMLTags.INDEX_NAME_END).append(AuthXMLTags.INDEX_TYPE_PAIR_END);
}
if (locale != null && locale.length() > 0) {
request.append(AuthXMLTags.LOCALE_BEGIN);
request.append(XMLUtils.escapeSpecialCharacters(locale));
request.append(AuthXMLTags.LOCALE_END);
}
if (params != null) {
StringBuilder paramString = new StringBuilder();
for (int i = 0; i < params.length; i++) {
if (i != 0) {
paramString.append(ISAuthConstants.PIPE_SEPARATOR);
}
paramString.append(XMLUtils.escapeSpecialCharacters(params[i]));
}
request.append(AuthXMLTags.PARAMS_BEGIN).append(paramString.toString()).append(AuthXMLTags.PARAMS_END);
}
if (envMap != null && !envMap.isEmpty()) {
StringBuilder envString = new StringBuilder();
for (Map.Entry<String, Set<String>> entry : ((Map<String, Set<String>>) envMap).entrySet()) {
// convert Map to XMLString as follows:
// <EnvValue>keyname|value1|value2|...</EnvValue>
String keyName = entry.getKey();
Set<String> values = entry.getValue();
if (values != null && !values.isEmpty()) {
envString.append(AuthXMLTags.ENV_AV_BEGIN).append(AuthClientUtils.escapePipe(XMLUtils.escapeSpecialCharacters(keyName)));
for (String value : values) {
envString.append(ISAuthConstants.PIPE_SEPARATOR).append(AuthClientUtils.escapePipe(XMLUtils.escapeSpecialCharacters(value)));
}
envString.append(AuthXMLTags.ENV_AV_END);
}
}
request.append(AuthXMLTags.ENV_BEGIN).append(envString.toString()).append(AuthXMLTags.ENV_END);
}
request.append(AuthXMLTags.LOGIN_END);
if (includeReqRes) {
request.append(AuthXMLTags.REMOTE_REQUEST_RESPONSE_START).append(AuthXMLTags.HTTP_SERVLET_REQUEST_START);
String encObj = "";
if (req != null) {
try {
encObj = AuthXMLUtils.serializeToString(new RemoteHttpServletRequest(req));
} catch (IOException ioe) {
authDebug.error("AuthXMLUtils::runRemoteLogin Unable to serailize http request", ioe);
}
if (authDebug.messageEnabled()) {
authDebug.message("req=" + new RemoteHttpServletRequest(req).toString());
}
request.append(encObj);
}
request.append(AuthXMLTags.HTTP_SERVLET_REQUEST_END);
request.append(AuthXMLTags.HTTP_SERVLET_RESPONSE_START);
if (res != null) {
encObj = "";
try {
encObj = AuthXMLUtils.serializeToString(new RemoteHttpServletResponse(res));
} catch (IOException ioe) {
authDebug.error("AuthXMLUtils::runRemoteLogin Unable to serailize http response", ioe);
}
if (authDebug.messageEnabled()) {
authDebug.message("res=" + res);
}
request.append(encObj);
}
request.append(AuthXMLTags.HTTP_SERVLET_RESPONSE_END).append(AuthXMLTags.REMOTE_REQUEST_RESPONSE_END);
} else {
if (authDebug.messageEnabled()) {
authDebug.message("Not including req/res " + includeReqRes);
}
}
request.append(AuthXMLTags.XML_REQUEST_SUFFIX);
xmlString = request.toString();
// process the request, which will check for exceptions
// and also get the authentication handle ID
receivedDocument = processRequest(xmlString);
// Check set the login status
checkAndSetLoginStatus();
// if the app token was refreshed, retry remote login
if (loginException != null && loginException.getErrorCode().equals(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN) && retryRunLogin > 0) {
retryRunLogin--;
if (authDebug.messageEnabled()) {
authDebug.message("Run remote login failed due to expired app token, retying");
}
// reset as we are starting again
loginStatus = Status.IN_PROGRESS;
runRemoteLogin(indexType, indexName, params, envMap, locale, req, res);
}
} catch (AuthLoginException le) {
// Login has failed
loginStatus = Status.FAILED;
loginException = le;
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
RequestSet(com.iplanet.services.comm.share.RequestSet)
RemoteHttpServletResponse(org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
IOException(java.io.IOException)
RemoteHttpServletRequest(org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)118
SSOException (com.iplanet.sso.SSOException)39
Callback (javax.security.auth.callback.Callback)29
IdRepoException (com.sun.identity.idm.IdRepoException)27
InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)25
NameCallback (javax.security.auth.callback.NameCallback)24
PasswordCallback (javax.security.auth.callback.PasswordCallback)23
IOException (java.io.IOException)20
Set (java.util.Set)18
HttpServletRequest (javax.servlet.http.HttpServletRequest)15
SSOToken (com.iplanet.sso.SSOToken)14
HashMap (java.util.HashMap)14
AuthContext (com.sun.identity.authentication.AuthContext)13
Map (java.util.Map)12
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12
Test (org.testng.annotations.Test)12
HashSet (java.util.HashSet)9
LoginException (javax.security.auth.login.LoginException)8
SSOTokenManager (com.iplanet.sso.SSOTokenManager)7
AuthException (com.sun.identity.authentication.service.AuthException)7
