Example 1 with UserNamePasswordValidationException
use of com.sun.identity.authentication.spi.UserNamePasswordValidationException in project OpenAM by OpenRock.
the class DataStore method process.
public int process(Callback[] callbacks, int state) throws AuthLoginException {
currentState = state;
int retVal = 0;
Callback[] idCallbacks = new Callback[2];
try {
if (currentState == ISAuthConstants.LOGIN_START) {
if (callbacks != null && callbacks.length == 0) {
userName = (String) sharedState.get(getUserKey());
userPassword = (String) sharedState.get(getPwdKey());
if (userName == null || userPassword == null) {
return ISAuthConstants.LOGIN_START;
}
NameCallback nameCallback = new NameCallback("dummy");
nameCallback.setName(userName);
idCallbacks[0] = nameCallback;
PasswordCallback passwordCallback = new PasswordCallback("dummy", false);
passwordCallback.setPassword(userPassword.toCharArray());
idCallbacks[1] = passwordCallback;
} else {
idCallbacks = callbacks;
//callbacks is not null
userName = ((NameCallback) callbacks[0]).getName();
char[] password = ((PasswordCallback) callbacks[1]).getPassword();
userPassword = password == null ? null : String.valueOf(password);
}
if (userName == null) {
debug.message("DataStore.process: Username is null/empty");
throw new UserNamePasswordValidationException("amAuth", "InvalidUP", null);
}
if (userPassword == null || userPassword.length() == 0) {
debug.message("DataStore.process: Password is null/empty");
throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
}
//store username password both in success and failure case
storeUsernamePasswd(userName, userPassword);
/*
Fix for OPENAM-1872. Reject usernames with illegal characters (e.g. * or ! or ) or ( or & ), just
like the LDAP LoginModule does. List of invalid characters comes from a new configuration entry (though
the list of illegal characters does not seem to be processed in validateUserName). I want the invocation
to be just like the LDAP LoginModule, and to handle the case in which the username format validator
cannot be successfully loaded in validateUserName.
*/
validateUserName(userName, CollectionHelper.getMapAttr(currentConfig, INVALID_CHARS));
AMIdentityRepository idrepo = getAMIdentityRepository(getRequestOrg());
boolean success = idrepo.authenticate(idCallbacks);
if (success) {
retVal = ISAuthConstants.LOGIN_SUCCEED;
validatedUserID = userName;
} else {
throw new AuthLoginException(amAuthDataStore, "authFailed", null);
}
} else {
setFailureID(userName);
throw new AuthLoginException(amAuthDataStore, "authFailed", null);
}
} catch (IdRepoException ex) {
debug.message("idRepo Exception");
setFailureID(userName);
throw new AuthLoginException(amAuthDataStore, "authFailed", null, ex);
}
return retVal;
}
Also used :
UserNamePasswordValidationException(com.sun.identity.authentication.spi.UserNamePasswordValidationException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
IdRepoException(com.sun.identity.idm.IdRepoException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Example 2 with UserNamePasswordValidationException
use of com.sun.identity.authentication.spi.UserNamePasswordValidationException in project OpenAM by OpenRock.
the class LDAP method process.
public int process(Callback[] callbacks, int state) throws AuthLoginException {
currentState = state;
ModuleState newState;
LoginScreen loginScreen = LoginScreen.get(state);
try {
if (loginScreen.equals(LoginScreen.LOGIN_START)) {
if (callbacks == null || callbacks.length == 0) {
userName = (String) sharedState.get(getUserKey());
userPassword = (String) sharedState.get(getPwdKey());
if (userName == null || userPassword == null) {
return LoginScreen.LOGIN_START.intValue();
}
getCredentialsFromSharedState = true;
} else {
//callbacks is not null
userName = ((NameCallback) callbacks[0]).getName();
userPassword = charToString(((PasswordCallback) callbacks[1]).getPassword(), callbacks[1]);
}
if (userPassword == null || userPassword.length() == 0) {
if (debug.messageEnabled()) {
debug.message("LDAP.process: Password is null/empty");
}
throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
}
//store username password both in success and failure case
storeUsernamePasswd(userName, userPassword);
if (initializeLDAP()) {
//validate username
validateUserName(userName, regEx);
ldapUtil.authenticateUser(userName, userPassword);
newState = ldapUtil.getState();
} else {
newState = ModuleState.SERVER_DOWN;
}
boolean passwordValidationSuccessFlag = true;
// information entered is correct
if (newState == ModuleState.SUCCESS) {
try {
validatePassword(userPassword);
} catch (UserNamePasswordValidationException upve) {
if (debug.messageEnabled()) {
debug.message("Password does not satisfy " + "password policy rules specified" + " in OpenAM");
}
isReset = true;
String invalidMsg = bundle.getString("PasswordInvalid");
replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), invalidMsg);
currentState = LoginScreen.PASSWORD_CHANGE.intValue();
passwordValidationSuccessFlag = false;
}
}
if (passwordValidationSuccessFlag) {
processLoginScreen(newState);
}
return currentState;
} else if (loginScreen.equals(LoginScreen.PASSWORD_CHANGE)) {
if (debug.messageEnabled()) {
debug.message("you are in Password Screen:" + currentState);
}
// callbacks[3] is a user selected button index
// PwdAction == 0 is a Submit button
int pwdAction = ((ConfirmationCallback) callbacks[3]).getSelectedIndex();
if (pwdAction == 0) {
String oldPassword = charToString(((PasswordCallback) callbacks[0]).getPassword(), callbacks[0]);
String newPassword = charToString(((PasswordCallback) callbacks[1]).getPassword(), callbacks[1]);
String confirmPassword = charToString(((PasswordCallback) callbacks[2]).getPassword(), callbacks[2]);
try {
validatePassword(newPassword);
// check minimal password length requirement
int newPasswordLength = 0;
if (newPassword != null) {
newPasswordLength = newPassword.length();
}
if (newPasswordLength < requiredPasswordLength) {
if (debug.messageEnabled()) {
debug.message("LDAP.process: new password less" + " than the minimal length of " + requiredPasswordLength);
}
newState = ModuleState.PASSWORD_MIN_CHARACTERS;
// add log
getLoginState("LDAP").logFailed(newState.name(), "CHANGE_USER_PASSWORD_FAILED", false, null);
} else {
ldapUtil.changePassword(oldPassword, newPassword, confirmPassword);
newState = ldapUtil.getState();
if (newState == ModuleState.PASSWORD_UPDATED_SUCCESSFULLY) {
// log change password success
getLoginState("LDAP").logSuccess("changePasswdSucceeded", "CHANGE_USER_PASSWORD_SUCCEEDED");
} else {
// add log
getLoginState("LDAP").logFailed(newState.name(), "CHANGE_USER_PASSWORD_FAILED", false, null);
}
}
processPasswordScreen(newState);
if (debug.messageEnabled()) {
debug.message("Password change state :" + newState);
}
} catch (UserNamePasswordValidationException upve) {
if (debug.messageEnabled()) {
debug.message("Password could not be validated, " + "need a different password");
}
String invalidMsg = bundle.getString("NewPasswordInvalid");
replaceHeader(LoginScreen.PASSWORD_CHANGE.intValue(), invalidMsg);
currentState = LoginScreen.PASSWORD_CHANGE.intValue();
}
return currentState;
} else {
if (isReset) {
isReset = false;
return LoginScreen.LOGIN_START.intValue();
}
validatedUserID = ldapUtil.getUserId();
return ISAuthConstants.LOGIN_SUCCEED;
}
} else {
setFailureID(ldapUtil.getUserId(userName));
throw new AuthLoginException(AM_AUTH, "LDAPex", null);
}
} catch (LDAPUtilException ex) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
return LoginScreen.LOGIN_START.intValue();
}
setFailureID((ldapUtil != null) ? ldapUtil.getUserId(userName) : userName);
if (ex.getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
if (debug.messageEnabled()) {
debug.message("The specified user does not exist.");
}
throw new AuthLoginException(AM_AUTH, "NoUser", null);
} else if (ex.getResultCode().equals(ResultCode.INVALID_CREDENTIALS)) {
if (debug.messageEnabled()) {
debug.message("Invalid password.");
}
String failureUserID = ldapUtil.getUserId();
throw new InvalidPasswordException(AM_AUTH, "InvalidUP", null, failureUserID, null);
} else if (ex.getResultCode().equals(ResultCode.UNWILLING_TO_PERFORM)) {
if (debug.messageEnabled()) {
debug.message("Unwilling to perform. Account inactivated.");
}
currentState = LoginScreen.USER_INACTIVE.intValue();
return currentState;
} else if (ex.getResultCode().equals(ResultCode.INAPPROPRIATE_AUTHENTICATION)) {
if (debug.messageEnabled()) {
debug.message("Inappropriate authentication.");
}
throw new AuthLoginException(AM_AUTH, "InappAuth", null);
} else if (ex.getResultCode().equals(ResultCode.CONSTRAINT_VIOLATION)) {
if (debug.messageEnabled()) {
debug.message("Exceed password retry limit.");
}
throw new AuthLoginException(amAuthLDAP, ISAuthConstants.EXCEED_RETRY_LIMIT, null);
} else {
throw new AuthLoginException(AM_AUTH, "LDAPex", null);
}
} catch (UserNamePasswordValidationException upve) {
// Note: Do not set failure Id for this exception
if (debug.messageEnabled()) {
debug.message("Invalid Characters detected");
}
throw new AuthLoginException(upve);
}
}
Also used :
UserNamePasswordValidationException(com.sun.identity.authentication.spi.UserNamePasswordValidationException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException)
ModuleState(org.forgerock.openam.ldap.ModuleState)
Aggregations
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2
InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)2
UserNamePasswordValidationException (com.sun.identity.authentication.spi.UserNamePasswordValidationException)2
PasswordCallback (javax.security.auth.callback.PasswordCallback)2
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)1
IdRepoException (com.sun.identity.idm.IdRepoException)1
Callback (javax.security.auth.callback.Callback)1
NameCallback (javax.security.auth.callback.NameCallback)1
LDAPUtilException (org.forgerock.openam.ldap.LDAPUtilException)1
ModuleState (org.forgerock.openam.ldap.ModuleState)1
