Example 6 with IdentityNotFoundException
use of eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException in project CzechIdMng by bcvsolutions.
the class SsoIdmAuthenticationFilter method authorize.
@Override
public boolean authorize(String token, HttpServletRequest request, HttpServletResponse response) {
try {
LOG.debug("Starting SSO filter authorization, value of the SSO header is: [{}]", token);
if (Strings.isNullOrEmpty(token)) {
return false;
}
// Remove suffix from the token - typically the domain
String userName = removeUidSuffix(token);
// Check forbidden uids
if (isForbiddenUid(userName)) {
LOG.info("The uid [{}] is forbidden for SSO authentication.", userName);
return false;
}
// Find the corresponding identity
IdmIdentityDto identity = (IdmIdentityDto) lookupService.lookupDto(IdmIdentityDto.class, userName);
if (identity == null) {
throw new IdentityNotFoundException(MessageFormat.format("Check identity can login: The identity [{0}] either doesn't exist or is deleted.", userName));
}
// identity is valid
if (identity.isDisabled()) {
throw new IdentityDisabledException(MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", userName));
}
// Check forbidden identity - identity can be found by different attribute than id / username - depends on registered lookup
if (isForbidden(identity)) {
LOG.info("The uid [{}] is forbidden for SSO authentication.", userName);
return false;
}
// Check that the identity can authenticate by SSO
if (isSsoDisabledForIdentity(identity)) {
LOG.info("The user [{}] can't be authenticated by SSO due to security reasons.", userName);
return false;
}
// Authenticate the user
LOG.info("User [{}] will be authenticated by SSO.", userName);
LoginDto loginDto = createLoginDto(userName);
LoginDto fullLoginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, CoreModuleDescriptor.MODULE_ID);
//
return fullLoginDto != null;
} catch (IdmAuthenticationException e) {
LOG.warn("Authentication exception raised during SSO authentication: [{}].", e.getMessage());
}
return false;
}
Also used :
IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException)
IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)
Aggregations
IdentityNotFoundException (eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException)6
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)5
IdentityDisabledException (eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException)5
IdmAuthenticationException (eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException)4
LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)3
IdmTokenDto (eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)2
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)2
CasTicketValidationException (eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException)2
TwoFactorAuthenticationRequiredException (eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException)2
IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)1
IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)1
Assertion (org.jasig.cas.client.validation.Assertion)1
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1
