use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.
the class DefaultLoginService method getValidIdentity.
private IdmIdentityDto getValidIdentity(LoginDto loginDto, boolean propagateException) {
String username = loginDto.getUsername();
LOG.info("Identity with username [{}] authenticating", username);
IdmIdentityDto identity = identityService.getByUsername(username);
// identity exists
if (identity == null) {
String validationMessage = MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdentityNotFoundException(validationMessage);
}
// identity is valid
if (identity.isDisabled()) {
String validationMessage = MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdentityDisabledException(validationMessage);
}
// GuardedString isn't necessary password is in hash.
IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
if (password == null) {
String validationMessage = MessageFormat.format("Identity [{0}] does not have pasword stored in IdM.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdmAuthenticationException(validationMessage);
}
// check if password expired
if (password.getValidTill() != null && password.getValidTill().isBefore(LocalDate.now())) {
String validationMessage = MessageFormat.format("Password for identity [{0}] is expired.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new ResultCodeException(CoreResultCode.PASSWORD_EXPIRED);
}
// given password is correct
if (!passwordService.checkPassword(loginDto.getPassword(), password)) {
String validationMessage = MessageFormat.format("Identity [{0}] password check failed.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdmAuthenticationException(validationMessage);
}
//
return identity;
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.
the class LoginController method casLoginResponse.
/**
* Redirect to FE, after CAS authentication.
*
* @return redirect to FE
* @since 12.0.0
*/
@RequestMapping(path = CAS_LOGIN_RESPONSE_PATH, method = RequestMethod.GET)
public ResponseEntity<Void> casLoginResponse() {
// process ticket + add token into url parameter
IdmTokenDto currentToken = tokenManager.getCurrentToken();
StringBuilder url = new StringBuilder(configurationService.getFrontendUrl(CAS_LOGIN_RESPONSE_PATH));
// set token into url - ok
if (currentToken != null) {
IdmJwtAuthentication authentication = jwtTokenMapper.fromDto(currentToken);
url.append('?');
url.append(JwtAuthenticationMapper.AUTHENTICATION_TOKEN_NAME.toLowerCase());
url.append('=');
url.append(jwtTokenMapper.writeToken(authentication));
} else if (ctx != null) {
// not - ok => resolve exception
ResultCodeException resultCodeException = ctx.getCodeEx();
if (resultCodeException == null) {
// resolve concrete exception
url.append("?status-code=");
if (ctx.getAuthEx() instanceof IdentityNotFoundException) {
// same as from standard login
url.append(CoreResultCode.AUTH_FAILED.getCode().toLowerCase());
} else if (ctx.getAuthEx() instanceof IdentityDisabledException) {
// same as from standard login
url.append(CoreResultCode.AUTH_FAILED.getCode().toLowerCase());
} else if (ctx.getAuthEx() instanceof CasTicketValidationException) {
url.append(CoreResultCode.CAS_TICKET_VALIDATION_FAILED.getCode().toLowerCase());
} else {
// common error - login failed
url.append(CoreResultCode.LOG_IN_FAILED.getCode().toLowerCase());
}
} else if (resultCodeException instanceof TwoFactorAuthenticationRequiredException) {
// handle two factor login
url.append('?');
url.append(JwtAuthenticationMapper.AUTHENTICATION_TOKEN_NAME.toLowerCase());
url.append('=');
url.append(((TwoFactorAuthenticationRequiredException) resultCodeException).getToken());
} else {
// concrete status code form result code exception
url.append("?status-code=");
url.append(resultCodeException.getError().getError().getStatusEnum().toLowerCase());
}
}
//
return ResponseEntity.status(HttpStatus.FOUND).header(HttpHeaders.LOCATION, url.toString()).build();
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.
the class CasAuthenticationFilter method authorize.
@Override
public boolean authorize(String token, HttpServletRequest request, HttpServletResponse response) {
String casUrl = casConfiguration.getUrl();
String service = casConfiguration.getService(request, true);
//
if (StringUtils.isBlank(casUrl)) {
LOG.info("URL for CAS is not set in configuration [{}], CAS authentication will be skipped.", CasConfiguration.PROPERTY_URL);
return false;
}
//
try {
if (StringUtils.isBlank(token)) {
LOG.info("No token from CAS");
return false;
}
Assertion assertion = validationService.validate(token, service, casUrl);
if (assertion == null) {
LOG.info("No principal name.");
return false;
}
if (!assertion.isValid()) {
LOG.debug("CAS Ticket [{}] validation failed.", token);
//
throw new CasTicketValidationException(MessageFormat.format("CAS Ticket [{0}] validation failed.", token));
}
//
String userName = assertion.getPrincipal().getName();
LOG.debug("Username found [{}]", userName);
//
IdmIdentityDto identity = identityService.getByUsername(userName);
if (identity == null) {
throw new IdentityNotFoundException(MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", userName));
}
// identity is valid
if (identity.isDisabled()) {
throw new IdentityDisabledException(MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", userName));
}
LoginDto loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(createLoginDto(userName), identity, CoreModuleDescriptor.MODULE_ID);
//
LOG.debug("User [{}] successfully logged in.", loginDto.getUsername());
return true;
} catch (TwoFactorAuthenticationRequiredException ex) {
// must change password exception is never thrown
ctx.setCodeEx(ex);
// publish additional authentication requirement
throw ex;
} catch (IdmAuthenticationException ex) {
ctx.setAuthEx(ex);
LOG.warn("Authentication exception raised during CAS authentication: [{}].", ex.getMessage(), ex);
} catch (Exception ex) {
LOG.error("Exception was raised during CAS authentication: [{}].", ex.getMessage(), ex);
}
//
return false;
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.
the class AbstractAuthenticator method getValidIdentity.
/**
* Get valid identity by username.
*
* @param loginDto input
* @param propagateException authenticate / validate usage
* @return valid identity, {@code null} or exception
* @since 10.7.0
*/
protected IdmIdentityDto getValidIdentity(String username, boolean propagateException) {
Assert.hasLength(username, "Identity username is required.");
IdmIdentityDto identity = (IdmIdentityDto) lookupService.lookupDto(IdmIdentityDto.class, username);
// check identity exists
if (identity == null) {
String validationMessage = MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdentityNotFoundException(validationMessage);
}
// check valid identity
if (identity.isDisabled()) {
String validationMessage = MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", username);
if (!propagateException) {
LOG.debug(validationMessage);
return null;
}
throw new IdentityDisabledException(validationMessage);
}
//
return identity;
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.
the class DefaultLoginService method loginAuthenticatedUser.
@Override
public LoginDto loginAuthenticatedUser() {
if (!securityService.isAuthenticated()) {
throw new IdmAuthenticationException("Not authenticated!");
}
String username = securityService.getAuthentication().getCurrentUsername();
LOG.info("Identity with username [{}] authenticating", username);
//
IdmIdentityDto identity = identityService.getByUsername(username);
// identity doesn't exist
if (identity == null) {
throw new IdentityNotFoundException(MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username));
}
//
// prevent to create duplicate token for logged identity
IdmTokenDto preparedToken = tokenManager.getCurrentToken();
if (preparedToken == null || !Objects.equals(preparedToken.getOwnerId(), identity.getId())) {
preparedToken = new IdmTokenDto();
preparedToken.setModuleId(CoreModuleDescriptor.MODULE_ID);
}
//
LoginDto loginDto = new LoginDto();
loginDto.setUsername(username);
loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, preparedToken);
LOG.info("Identity with username [{}] is authenticated", username);
return loginDto;
}
Aggregations