use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class BasicIdmAuthenticationFilter method authorize.
@Override
public boolean authorize(String token, HttpServletRequest req, HttpServletResponse res) {
try {
LoginDto loginDto = createLoginDto(getBasicCredentials(token));
authManager.authenticate(loginDto);
LOG.debug("User [{}] successfully logged in.", loginDto.getUsername());
return true;
} catch (MustChangePasswordException | TwoFactorAuthenticationRequiredException ex) {
// publish additional authentication requirement
throw ex;
} catch (IdmAuthenticationException e) {
LOG.warn("Authentication exception raised during basic authentication: [{}].", e.getMessage());
} catch (Exception e) {
LOG.warn("Exception was raised during basic authentication: [{}].", e.getMessage());
}
return false;
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class CasAuthenticationFilter method authorize.
@Override
public boolean authorize(String token, HttpServletRequest request, HttpServletResponse response) {
String casUrl = casConfiguration.getUrl();
String service = casConfiguration.getService(request, true);
//
if (StringUtils.isBlank(casUrl)) {
LOG.info("URL for CAS is not set in configuration [{}], CAS authentication will be skipped.", CasConfiguration.PROPERTY_URL);
return false;
}
//
try {
if (StringUtils.isBlank(token)) {
LOG.info("No token from CAS");
return false;
}
Assertion assertion = validationService.validate(token, service, casUrl);
if (assertion == null) {
LOG.info("No principal name.");
return false;
}
if (!assertion.isValid()) {
LOG.debug("CAS Ticket [{}] validation failed.", token);
//
throw new CasTicketValidationException(MessageFormat.format("CAS Ticket [{0}] validation failed.", token));
}
//
String userName = assertion.getPrincipal().getName();
LOG.debug("Username found [{}]", userName);
//
IdmIdentityDto identity = identityService.getByUsername(userName);
if (identity == null) {
throw new IdentityNotFoundException(MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", userName));
}
// identity is valid
if (identity.isDisabled()) {
throw new IdentityDisabledException(MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", userName));
}
LoginDto loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(createLoginDto(userName), identity, CoreModuleDescriptor.MODULE_ID);
//
LOG.debug("User [{}] successfully logged in.", loginDto.getUsername());
return true;
} catch (TwoFactorAuthenticationRequiredException ex) {
// must change password exception is never thrown
ctx.setCodeEx(ex);
// publish additional authentication requirement
throw ex;
} catch (IdmAuthenticationException ex) {
ctx.setAuthEx(ex);
LOG.warn("Authentication exception raised during CAS authentication: [{}].", ex.getMessage(), ex);
} catch (Exception ex) {
LOG.error("Exception was raised during CAS authentication: [{}].", ex.getMessage(), ex);
}
//
return false;
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class DefaultAuthenticationManagerIntegrationTest method testFailWithouMaxUnsuccessfulAttempts.
@Test
public void testFailWithouMaxUnsuccessfulAttempts() {
IdmPasswordPolicyDto validatePolicy = new IdmPasswordPolicyDto();
validatePolicy.setName(getHelper().createName());
validatePolicy.setBlockLoginTime(3);
validatePolicy.setMaxUnsuccessfulAttempts(null);
validatePolicy.setDefaultPolicy(true);
validatePolicy.setType(IdmPasswordPolicyType.VALIDATE);
validatePolicy = passwordPolicyService.save(validatePolicy);
IdmIdentityDto identity = getHelper().createIdentity();
IdmPasswordDto passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNull(passwordDto.getBlockLoginDate());
assertEquals(0, passwordDto.getUnsuccessfulAttempts());
// first login
LoginDto loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
GuardedString oldPassword = new GuardedString(String.valueOf(System.currentTimeMillis()));
loginDto.setPassword(oldPassword);
try {
authenticationManager.authenticate(loginDto);
fail();
} catch (IdmAuthenticationException ex) {
// success
}
passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNull(passwordDto.getBlockLoginDate());
assertEquals(1, passwordDto.getUnsuccessfulAttempts());
try {
authenticationManager.authenticate(loginDto);
fail();
} catch (IdmAuthenticationException ex) {
// success
}
passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNull(passwordDto.getBlockLoginDate());
assertEquals(2, passwordDto.getUnsuccessfulAttempts());
try {
authenticationManager.authenticate(loginDto);
fail();
} catch (IdmAuthenticationException ex) {
// success
}
passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNull(passwordDto.getBlockLoginDate());
assertEquals(3, passwordDto.getUnsuccessfulAttempts());
try {
authenticationManager.authenticate(loginDto);
fail();
} catch (IdmAuthenticationException ex) {
// success
}
passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNull(passwordDto.getBlockLoginDate());
assertEquals(4, passwordDto.getUnsuccessfulAttempts());
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class DefaultAuthenticationManagerIntegrationTest method testClearBlockLoginDate.
@Test
public void testClearBlockLoginDate() {
IdmPasswordPolicyDto validatePolicy = new IdmPasswordPolicyDto();
validatePolicy.setName(getHelper().createName());
validatePolicy.setBlockLoginTime(150);
validatePolicy.setMaxUnsuccessfulAttempts(3);
validatePolicy.setDefaultPolicy(true);
validatePolicy.setType(IdmPasswordPolicyType.VALIDATE);
validatePolicy = passwordPolicyService.save(validatePolicy);
IdmIdentityDto identity = getHelper().createIdentity();
IdmPasswordDto passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNull(passwordDto.getBlockLoginDate());
assertEquals(0, passwordDto.getUnsuccessfulAttempts());
// first login
LoginDto loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
GuardedString oldPassword = new GuardedString(String.valueOf(System.currentTimeMillis()));
loginDto.setPassword(oldPassword);
try {
authenticationManager.authenticate(loginDto);
fail();
} catch (IdmAuthenticationException ex) {
// success
}
passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNull(passwordDto.getBlockLoginDate());
assertEquals(1, passwordDto.getUnsuccessfulAttempts());
try {
authenticationManager.authenticate(loginDto);
fail();
} catch (IdmAuthenticationException ex) {
// success
}
passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNull(passwordDto.getBlockLoginDate());
assertEquals(2, passwordDto.getUnsuccessfulAttempts());
try {
authenticationManager.authenticate(loginDto);
fail();
} catch (ResultCodeException ex) {
// Another exception
// success
}
passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNotNull(passwordDto.getBlockLoginDate());
assertEquals(3, passwordDto.getUnsuccessfulAttempts());
PasswordChangeDto passwordChangeDto = new PasswordChangeDto();
passwordChangeDto.setAll(true);
passwordChangeDto.setIdm(true);
passwordChangeDto.setOldPassword(oldPassword);
passwordChangeDto.setNewPassword(new GuardedString(String.valueOf(System.currentTimeMillis())));
identityService.passwordChange(identity, passwordChangeDto);
passwordDto = passwordService.findOneByIdentity(identity.getId());
assertNotNull(passwordDto);
assertNull(passwordDto.getBlockLoginDate());
assertEquals(0, passwordDto.getUnsuccessfulAttempts());
passwordPolicyService.delete(validatePolicy);
}
use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class AbstractPasswordFilterIntegrationTest method loginToIdm.
// FIXME: logout is not called!
protected LoginDto loginToIdm(IdmIdentityDto identity, String password, boolean success) {
LoginDto loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
loginDto.setPassword(new GuardedString(password));
LoginDto login = null;
try {
login = loginService.login(loginDto);
} catch (IdmAuthenticationException e) {
if (success) {
throw e;
}
}
if (success) {
assertNotNull(login);
} else {
assertNull(login);
}
return login;
}
Aggregations