use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.
the class SMPostAuthPlugin method onLoginSuccess.
/**
* Post processing on successful authentication.
*
* @param requestParamsMap map containing <code>HttpServletRequest</code>
* parameters
* @param request <code>HttpServletRequest</code> object.
* @param response <code>HttpServletResponse</code> object.
* @param ssoToken authenticated user's single sign token.
* @exception AuthenticationException if there is an error.
*/
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
Set configuredHTTPHeaders = (Set) request.getAttribute("SM-HTTPHeaders");
if (configuredHTTPHeaders == null || configuredHTTPHeaders.isEmpty()) {
System.out.println("HTTP headers in auth module are not configured");
return;
}
for (Iterator iter = configuredHTTPHeaders.iterator(); iter.hasNext(); ) {
String configHeader = (String) iter.next();
String headerValue = request.getHeader(configHeader);
if (headerValue == null) {
System.out.println("Config Header " + configHeader + " is not present");
continue;
}
try {
ssoToken.setProperty(configHeader, headerValue);
} catch (SSOException se) {
throw new AuthenticationException(se.getMessage());
}
}
}
use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.
the class AccountExpirePlugin method onLoginSuccess.
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken token) throws AuthenticationException {
Map<String, Set<String>> attrMap = new HashMap<String, Set<String>>();
Debug debug = Debug.getInstance("AccountExpirePlugin");
try {
// Fetch the expiry time from service config
// We update the user account expiry, since we have a valid login
// Since there is no convenient way to pass init params to a postAuthN,
// We simply get the value from a System defined property.
// If not defined, use a default of 30 days
String daysToExpireDefault = SystemProperties.get(EXPIRPROPERTY);
int daysToExpire = Integer.getInteger(daysToExpireDefault, 30);
Calendar cal = Calendar.getInstance();
cal.add(Calendar.DATE, daysToExpire);
Set attrValue = new HashSet();
attrValue.add(Locale.getNormalizedDateString(cal.getTime()));
attrMap.put(ISAuthConstants.ACCOUNT_LIFE, attrValue);
AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
id.setAttributes(attrMap);
id.store();
} catch (Exception e) {
debug.error("AccountExpirePlugin.onLoginSuccess : Unable to save ExpireTime : ", e);
}
}
use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.
the class PersistentCookieAuthModule method onLoginSuccess.
/**
* Sets the required information that needs to be in the jwt.
*
* @param messageInfo {@inheritDoc}
* @param requestParamsMap {@inheritDoc}
* @param request {@inheritDoc}
* @param response {@inheritDoc}
* @param ssoToken {@inheritDoc}
* @throws AuthenticationException {@inheritDoc}
*/
@Override
public void onLoginSuccess(MessageInfo messageInfo, Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
try {
Map<String, Object> contextMap = getServerAuthModule().getContextMap(messageInfo);
contextMap.put(OPENAM_USER_CLAIM_KEY, ssoToken.getPrincipal().getName());
contextMap.put(OPENAM_AUTH_TYPE_CLAIM_KEY, ssoToken.getAuthType());
contextMap.put(OPENAM_SESSION_ID_CLAIM_KEY, ssoToken.getTokenID().toString());
contextMap.put(OPENAM_REALM_CLAIM_KEY, ssoToken.getProperty(SSO_TOKEN_ORGANIZATION_PROPERTY_KEY));
contextMap.put(OPENAM_CLIENT_IP_CLAIM_KEY, ClientUtils.getClientIPAddress(request));
String jwtString = ssoToken.getProperty(JwtSessionModule.JWT_VALIDATED_KEY);
if (jwtString != null) {
messageInfo.getMap().put(JwtSessionModule.JWT_VALIDATED_KEY, Boolean.parseBoolean(jwtString));
}
} catch (SSOException e) {
DEBUG.error("Could not secure response", e);
throw new AuthenticationException(e.getLocalizedMessage());
}
}
use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.
the class PersistentCookieAuthModule method initialize.
/**
* Initialises the JwtSessionModule for use by the Post Authentication Process.
*
* @param requestParamsMap {@inheritDoc}
* @param request {@inheritDoc}
* @param response {@inheritDoc}
* @param ssoToken {@inheritDoc}
* @return {@inheritDoc}
* @throws AuthenticationException {@inheritDoc}
*/
@Override
protected Map<String, Object> initialize(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
try {
final String tokenIdleTime = ssoToken.getProperty(JwtSessionModule.TOKEN_IDLE_TIME_IN_MINUTES_CLAIM_KEY);
final String maxTokenLife = ssoToken.getProperty(JwtSessionModule.MAX_TOKEN_LIFE_IN_MINUTES_KEY);
final boolean enforceClientIP = Boolean.parseBoolean(ssoToken.getProperty(ENFORCE_CLIENT_IP_SETTING_KEY));
final String realm = ssoToken.getProperty(SSO_TOKEN_ORGANIZATION_PROPERTY_KEY);
boolean secureCookie = Boolean.parseBoolean(ssoToken.getProperty(SECURE_COOKIE_KEY));
boolean httpOnlyCookie = Boolean.parseBoolean(ssoToken.getProperty(HTTP_ONLY_COOKIE_KEY));
String cookieName = ssoToken.getProperty(COOKIE_NAME_KEY);
String cookieDomainsString = ssoToken.getProperty(COOKIE_DOMAINS_KEY);
Collection<String> cookieDomains;
if (cookieDomainsString.isEmpty()) {
cookieDomains = Collections.singleton(null);
} else {
cookieDomains = Arrays.asList(cookieDomainsString.split(","));
}
return initialize(tokenIdleTime, maxTokenLife, enforceClientIP, realm, secureCookie, httpOnlyCookie, cookieName, cookieDomains);
} catch (SSOException e) {
DEBUG.error("Could not initialise the Auth Module", e);
throw new AuthenticationException(e.getLocalizedMessage());
} catch (SMSException e) {
DEBUG.error("Could not initialise the Auth Module", e);
throw new AuthenticationException(e.getLocalizedMessage());
}
}
use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.
the class JaspiAuthModuleWrapper method onLoginSuccess.
/**
* Post processing of successful authentication, which initialises the underlying JASPI ServerAuthModule, as a new
* instance of this class is created for the Post Authentication Process, and then calls the subtypes
* onLoginSuccess method, and then finally calls the JASPI ServerAuthModule's secureResponse method.
*
* @param requestParamsMap {@inheritDoc}
* @param request {@inheritDoc}
* @param response {@inheritDoc}
* @param ssoToken {@inheritDoc}
* @throws AuthenticationException {@inheritDoc}
*/
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
try {
Map<String, Object> config = initialize(requestParamsMap, request, response, ssoToken);
serverAuthModule.initialize(createRequestMessagePolicy(), null, null, config);
MessageInfo messageInfo = prepareMessageInfo(request, response);
onLoginSuccess(messageInfo, requestParamsMap, request, response, ssoToken);
AuthStatus authStatus = serverAuthModule.secureResponse(messageInfo, null);
if (AuthStatus.SEND_SUCCESS.equals(authStatus)) {
// nothing to do here just carry on
debug.message("Successfully secured response.");
} else if (AuthStatus.SEND_FAILURE.equals(authStatus)) {
// Send HttpServletResponse to client and exit.
debug.message("Failed to secured response, included response message");
throw new AuthenticationException(resourceBundleName, "authFailed", null);
} else if (AuthStatus.SEND_CONTINUE.equals(authStatus)) {
// Send HttpServletResponse to client and exit.
debug.message("Has not finished securing response. Requires more information from client.");
throw new AuthenticationException(resourceBundleName, "authFailed", null);
} else {
debug.error("Invalid AuthStatus, " + authStatus.toString());
throw new AuthenticationException(resourceBundleName, "authFailed", null);
}
} catch (AuthException e) {
debug.error("Authentication Failed", e);
throw new AuthenticationException(resourceBundleName, "authFailed", null);
}
}
Aggregations