Search in sources :

Example 6 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class BasicIdmAuthenticationFilter method authorize.

@Override
public boolean authorize(String token, HttpServletRequest req, HttpServletResponse res) {
    try {
        LoginDto loginDto = createLoginDto(getBasicCredentials(token));
        authManager.authenticate(loginDto);
        LOG.debug("User [{}] successfully logged in.", loginDto.getUsername());
        return true;
    } catch (MustChangePasswordException | TwoFactorAuthenticationRequiredException ex) {
        // publish additional authentication requirement
        throw ex;
    } catch (IdmAuthenticationException e) {
        LOG.warn("Authentication exception raised during basic authentication: [{}].", e.getMessage());
    } catch (Exception e) {
        LOG.warn("Exception was raised during basic authentication: [{}].", e.getMessage());
    }
    return false;
}
Also used : MustChangePasswordException(eu.bcvsolutions.idm.core.security.api.exception.MustChangePasswordException) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException) MustChangePasswordException(eu.bcvsolutions.idm.core.security.api.exception.MustChangePasswordException) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException)

Example 7 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class CasAuthenticationFilter method authorize.

@Override
public boolean authorize(String token, HttpServletRequest request, HttpServletResponse response) {
    String casUrl = casConfiguration.getUrl();
    String service = casConfiguration.getService(request, true);
    // 
    if (StringUtils.isBlank(casUrl)) {
        LOG.info("URL for CAS is not set in configuration [{}], CAS authentication will be skipped.", CasConfiguration.PROPERTY_URL);
        return false;
    }
    // 
    try {
        if (StringUtils.isBlank(token)) {
            LOG.info("No token from CAS");
            return false;
        }
        Assertion assertion = validationService.validate(token, service, casUrl);
        if (assertion == null) {
            LOG.info("No principal name.");
            return false;
        }
        if (!assertion.isValid()) {
            LOG.debug("CAS Ticket [{}] validation failed.", token);
            // 
            throw new CasTicketValidationException(MessageFormat.format("CAS Ticket [{0}] validation failed.", token));
        }
        // 
        String userName = assertion.getPrincipal().getName();
        LOG.debug("Username found [{}]", userName);
        // 
        IdmIdentityDto identity = identityService.getByUsername(userName);
        if (identity == null) {
            throw new IdentityNotFoundException(MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", userName));
        }
        // identity is valid
        if (identity.isDisabled()) {
            throw new IdentityDisabledException(MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", userName));
        }
        LoginDto loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(createLoginDto(userName), identity, CoreModuleDescriptor.MODULE_ID);
        // 
        LOG.debug("User [{}] successfully logged in.", loginDto.getUsername());
        return true;
    } catch (TwoFactorAuthenticationRequiredException ex) {
        // must change password exception is never thrown
        ctx.setCodeEx(ex);
        // publish additional authentication requirement
        throw ex;
    } catch (IdmAuthenticationException ex) {
        ctx.setAuthEx(ex);
        LOG.warn("Authentication exception raised during CAS authentication: [{}].", ex.getMessage(), ex);
    } catch (Exception ex) {
        LOG.error("Exception was raised during CAS authentication: [{}].", ex.getMessage(), ex);
    }
    // 
    return false;
}
Also used : IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException) CasTicketValidationException(eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) Assertion(org.jasig.cas.client.validation.Assertion) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) CasTicketValidationException(eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException) TwoFactorAuthenticationRequiredException(eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException)

Example 8 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class DefaultAuthenticationManagerIntegrationTest method testFailWithouMaxUnsuccessfulAttempts.

@Test
public void testFailWithouMaxUnsuccessfulAttempts() {
    IdmPasswordPolicyDto validatePolicy = new IdmPasswordPolicyDto();
    validatePolicy.setName(getHelper().createName());
    validatePolicy.setBlockLoginTime(3);
    validatePolicy.setMaxUnsuccessfulAttempts(null);
    validatePolicy.setDefaultPolicy(true);
    validatePolicy.setType(IdmPasswordPolicyType.VALIDATE);
    validatePolicy = passwordPolicyService.save(validatePolicy);
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmPasswordDto passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getBlockLoginDate());
    assertEquals(0, passwordDto.getUnsuccessfulAttempts());
    // first login
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    GuardedString oldPassword = new GuardedString(String.valueOf(System.currentTimeMillis()));
    loginDto.setPassword(oldPassword);
    try {
        authenticationManager.authenticate(loginDto);
        fail();
    } catch (IdmAuthenticationException ex) {
    // success
    }
    passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getBlockLoginDate());
    assertEquals(1, passwordDto.getUnsuccessfulAttempts());
    try {
        authenticationManager.authenticate(loginDto);
        fail();
    } catch (IdmAuthenticationException ex) {
    // success
    }
    passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getBlockLoginDate());
    assertEquals(2, passwordDto.getUnsuccessfulAttempts());
    try {
        authenticationManager.authenticate(loginDto);
        fail();
    } catch (IdmAuthenticationException ex) {
    // success
    }
    passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getBlockLoginDate());
    assertEquals(3, passwordDto.getUnsuccessfulAttempts());
    try {
        authenticationManager.authenticate(loginDto);
        fail();
    } catch (IdmAuthenticationException ex) {
    // success
    }
    passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getBlockLoginDate());
    assertEquals(4, passwordDto.getUnsuccessfulAttempts());
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 9 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class DefaultAuthenticationManagerIntegrationTest method testClearBlockLoginDate.

@Test
public void testClearBlockLoginDate() {
    IdmPasswordPolicyDto validatePolicy = new IdmPasswordPolicyDto();
    validatePolicy.setName(getHelper().createName());
    validatePolicy.setBlockLoginTime(150);
    validatePolicy.setMaxUnsuccessfulAttempts(3);
    validatePolicy.setDefaultPolicy(true);
    validatePolicy.setType(IdmPasswordPolicyType.VALIDATE);
    validatePolicy = passwordPolicyService.save(validatePolicy);
    IdmIdentityDto identity = getHelper().createIdentity();
    IdmPasswordDto passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getBlockLoginDate());
    assertEquals(0, passwordDto.getUnsuccessfulAttempts());
    // first login
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    GuardedString oldPassword = new GuardedString(String.valueOf(System.currentTimeMillis()));
    loginDto.setPassword(oldPassword);
    try {
        authenticationManager.authenticate(loginDto);
        fail();
    } catch (IdmAuthenticationException ex) {
    // success
    }
    passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getBlockLoginDate());
    assertEquals(1, passwordDto.getUnsuccessfulAttempts());
    try {
        authenticationManager.authenticate(loginDto);
        fail();
    } catch (IdmAuthenticationException ex) {
    // success
    }
    passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getBlockLoginDate());
    assertEquals(2, passwordDto.getUnsuccessfulAttempts());
    try {
        authenticationManager.authenticate(loginDto);
        fail();
    } catch (ResultCodeException ex) {
    // Another exception
    // success
    }
    passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNotNull(passwordDto.getBlockLoginDate());
    assertEquals(3, passwordDto.getUnsuccessfulAttempts());
    PasswordChangeDto passwordChangeDto = new PasswordChangeDto();
    passwordChangeDto.setAll(true);
    passwordChangeDto.setIdm(true);
    passwordChangeDto.setOldPassword(oldPassword);
    passwordChangeDto.setNewPassword(new GuardedString(String.valueOf(System.currentTimeMillis())));
    identityService.passwordChange(identity, passwordChangeDto);
    passwordDto = passwordService.findOneByIdentity(identity.getId());
    assertNotNull(passwordDto);
    assertNull(passwordDto.getBlockLoginDate());
    assertEquals(0, passwordDto.getUnsuccessfulAttempts());
    passwordPolicyService.delete(validatePolicy);
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 10 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class AbstractPasswordFilterIntegrationTest method loginToIdm.

// FIXME: logout is not called!
protected LoginDto loginToIdm(IdmIdentityDto identity, String password, boolean success) {
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(new GuardedString(password));
    LoginDto login = null;
    try {
        login = loginService.login(loginDto);
    } catch (IdmAuthenticationException e) {
        if (success) {
            throw e;
        }
    }
    if (success) {
        assertNotNull(login);
    } else {
        assertNull(login);
    }
    return login;
}
Also used : IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)

Aggregations

IdmAuthenticationException (eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException)15 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)11 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)10 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)6 Test (org.junit.Test)5 IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)4 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)4 IdentityNotFoundException (eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException)4 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)4 IdentityDisabledException (eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException)3 IdmPasswordPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)2 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)2 IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)2 TwoFactorAuthenticationRequiredException (eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException)2 IdmAuditDto (eu.bcvsolutions.idm.core.api.audit.dto.IdmAuditDto)1 IdmAuditFilter (eu.bcvsolutions.idm.core.api.audit.dto.filter.IdmAuditFilter)1 IdmTokenDto (eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)1 CasTicketValidationException (eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException)1 MustChangePasswordException (eu.bcvsolutions.idm.core.security.api.exception.MustChangePasswordException)1 AbstractUnitTest (eu.bcvsolutions.idm.test.api.AbstractUnitTest)1