Search in sources :

Example 1 with IdentityNotFoundException

use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.

the class DefaultLoginService method getValidIdentity.

private IdmIdentityDto getValidIdentity(LoginDto loginDto, boolean propagateException) {
    String username = loginDto.getUsername();
    LOG.info("Identity with username [{}] authenticating", username);
    IdmIdentityDto identity = identityService.getByUsername(username);
    // identity exists
    if (identity == null) {
        String validationMessage = MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdentityNotFoundException(validationMessage);
    }
    // identity is valid
    if (identity.isDisabled()) {
        String validationMessage = MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdentityDisabledException(validationMessage);
    }
    // GuardedString isn't necessary password is in hash.
    IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
    if (password == null) {
        String validationMessage = MessageFormat.format("Identity [{0}] does not have pasword stored in IdM.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdmAuthenticationException(validationMessage);
    }
    // check if password expired
    if (password.getValidTill() != null && password.getValidTill().isBefore(LocalDate.now())) {
        String validationMessage = MessageFormat.format("Password for identity [{0}] is expired.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new ResultCodeException(CoreResultCode.PASSWORD_EXPIRED);
    }
    // given password is correct
    if (!passwordService.checkPassword(loginDto.getPassword(), password)) {
        String validationMessage = MessageFormat.format("Identity [{0}] password check failed.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdmAuthenticationException(validationMessage);
    }
    // 
    return identity;
}
Also used : IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 2 with IdentityNotFoundException

use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.

the class LoginController method casLoginResponse.

/**
 * Redirect to FE, after CAS authentication.
 *
 * @return redirect to FE
 * @since 12.0.0
 */
@RequestMapping(path = CAS_LOGIN_RESPONSE_PATH, method = RequestMethod.GET)
public ResponseEntity<Void> casLoginResponse() {
    // process ticket + add token into url parameter
    IdmTokenDto currentToken = tokenManager.getCurrentToken();
    StringBuilder url = new StringBuilder(configurationService.getFrontendUrl(CAS_LOGIN_RESPONSE_PATH));
    // set token into url - ok
    if (currentToken != null) {
        IdmJwtAuthentication authentication = jwtTokenMapper.fromDto(currentToken);
        url.append('?');
        url.append(JwtAuthenticationMapper.AUTHENTICATION_TOKEN_NAME.toLowerCase());
        url.append('=');
        url.append(jwtTokenMapper.writeToken(authentication));
    } else if (ctx != null) {
        // not - ok => resolve exception
        ResultCodeException resultCodeException = ctx.getCodeEx();
        if (resultCodeException == null) {
            // resolve concrete exception
            url.append("?status-code=");
            if (ctx.getAuthEx() instanceof IdentityNotFoundException) {
                // same as from standard login
                url.append(CoreResultCode.AUTH_FAILED.getCode().toLowerCase());
            } else if (ctx.getAuthEx() instanceof IdentityDisabledException) {
                // same as from standard login
                url.append(CoreResultCode.AUTH_FAILED.getCode().toLowerCase());
            } else if (ctx.getAuthEx() instanceof CasTicketValidationException) {
                url.append(CoreResultCode.CAS_TICKET_VALIDATION_FAILED.getCode().toLowerCase());
            } else {
                // common error - login failed
                url.append(CoreResultCode.LOG_IN_FAILED.getCode().toLowerCase());
            }
        } else if (resultCodeException instanceof TwoFactorAuthenticationRequiredException) {
            // handle two factor login
            url.append('?');
            url.append(JwtAuthenticationMapper.AUTHENTICATION_TOKEN_NAME.toLowerCase());
            url.append('=');
            url.append(((TwoFactorAuthenticationRequiredException) resultCodeException).getToken());
        } else {
            // concrete status code form result code exception
            url.append("?status-code=");
            url.append(resultCodeException.getError().getError().getStatusEnum().toLowerCase());
        }
    }
    // 
    return ResponseEntity.status(HttpStatus.FOUND).header(HttpHeaders.LOCATION, url.toString()).build();
}
Also used : IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException) IdmTokenDto(eu.bcvsolutions.idm.core.api.dto.IdmTokenDto) CasTicketValidationException(eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with IdentityNotFoundException

use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.

the class CasAuthenticationFilter method authorize.

@Override
public boolean authorize(String token, HttpServletRequest request, HttpServletResponse response) {
    String casUrl = casConfiguration.getUrl();
    String service = casConfiguration.getService(request, true);
    // 
    if (StringUtils.isBlank(casUrl)) {
        LOG.info("URL for CAS is not set in configuration [{}], CAS authentication will be skipped.", CasConfiguration.PROPERTY_URL);
        return false;
    }
    // 
    try {
        if (StringUtils.isBlank(token)) {
            LOG.info("No token from CAS");
            return false;
        }
        Assertion assertion = validationService.validate(token, service, casUrl);
        if (assertion == null) {
            LOG.info("No principal name.");
            return false;
        }
        if (!assertion.isValid()) {
            LOG.debug("CAS Ticket [{}] validation failed.", token);
            // 
            throw new CasTicketValidationException(MessageFormat.format("CAS Ticket [{0}] validation failed.", token));
        }
        // 
        String userName = assertion.getPrincipal().getName();
        LOG.debug("Username found [{}]", userName);
        // 
        IdmIdentityDto identity = identityService.getByUsername(userName);
        if (identity == null) {
            throw new IdentityNotFoundException(MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", userName));
        }
        // identity is valid
        if (identity.isDisabled()) {
            throw new IdentityDisabledException(MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", userName));
        }
        LoginDto loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(createLoginDto(userName), identity, CoreModuleDescriptor.MODULE_ID);
        // 
        LOG.debug("User [{}] successfully logged in.", loginDto.getUsername());
        return true;
    } catch (TwoFactorAuthenticationRequiredException ex) {
        // must change password exception is never thrown
        ctx.setCodeEx(ex);
        // publish additional authentication requirement
        throw ex;
    } catch (IdmAuthenticationException ex) {
        ctx.setAuthEx(ex);
        LOG.warn("Authentication exception raised during CAS authentication: [{}].", ex.getMessage(), ex);
    } catch (Exception ex) {
        LOG.error("Exception was raised during CAS authentication: [{}].", ex.getMessage(), ex);
    }
    // 
    return false;
}
Also used : IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException) CasTicketValidationException(eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) Assertion(org.jasig.cas.client.validation.Assertion) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) CasTicketValidationException(eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException)

Example 4 with IdentityNotFoundException

use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.

the class AbstractAuthenticator method getValidIdentity.

/**
 * Get valid identity by username.
 *
 * @param loginDto input
 * @param propagateException authenticate / validate usage
 * @return valid identity, {@code null} or exception
 * @since 10.7.0
 */
protected IdmIdentityDto getValidIdentity(String username, boolean propagateException) {
    Assert.hasLength(username, "Identity username is required.");
    IdmIdentityDto identity = (IdmIdentityDto) lookupService.lookupDto(IdmIdentityDto.class, username);
    // check identity exists
    if (identity == null) {
        String validationMessage = MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdentityNotFoundException(validationMessage);
    }
    // check valid identity
    if (identity.isDisabled()) {
        String validationMessage = MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", username);
        if (!propagateException) {
            LOG.debug(validationMessage);
            return null;
        }
        throw new IdentityDisabledException(validationMessage);
    }
    // 
    return identity;
}
Also used : IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 5 with IdentityNotFoundException

use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.

the class DefaultLoginService method loginAuthenticatedUser.

@Override
public LoginDto loginAuthenticatedUser() {
    if (!securityService.isAuthenticated()) {
        throw new IdmAuthenticationException("Not authenticated!");
    }
    String username = securityService.getAuthentication().getCurrentUsername();
    LOG.info("Identity with username [{}] authenticating", username);
    // 
    IdmIdentityDto identity = identityService.getByUsername(username);
    // identity doesn't exist
    if (identity == null) {
        throw new IdentityNotFoundException(MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username));
    }
    // 
    // prevent to create duplicate token for logged identity
    IdmTokenDto preparedToken = tokenManager.getCurrentToken();
    if (preparedToken == null || !Objects.equals(preparedToken.getOwnerId(), identity.getId())) {
        preparedToken = new IdmTokenDto();
        preparedToken.setModuleId(CoreModuleDescriptor.MODULE_ID);
    }
    // 
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(username);
    loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, preparedToken);
    LOG.info("Identity with username [{}] is authenticated", username);
    return loginDto;
}
Also used : IdmTokenDto(eu.bcvsolutions.idm.core.api.dto.IdmTokenDto) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)

Aggregations

IdentityNotFoundException (eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException)6 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)5 IdentityDisabledException (eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException)5 IdmAuthenticationException (eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException)4 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)3 IdmTokenDto (eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)2 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)2 CasTicketValidationException (eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException)2 TwoFactorAuthenticationRequiredException (eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException)2 IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)1 IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)1 Assertion (org.jasig.cas.client.validation.Assertion)1 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1