Search in sources :

Example 11 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class DefaultLoginService method loginAuthenticatedUser.

@Override
public LoginDto loginAuthenticatedUser() {
    if (!securityService.isAuthenticated()) {
        throw new IdmAuthenticationException("Not authenticated!");
    }
    String username = securityService.getAuthentication().getCurrentUsername();
    LOG.info("Identity with username [{}] authenticating", username);
    // 
    IdmIdentityDto identity = identityService.getByUsername(username);
    // identity doesn't exist
    if (identity == null) {
        throw new IdentityNotFoundException(MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username));
    }
    // 
    // prevent to create duplicate token for logged identity
    IdmTokenDto preparedToken = tokenManager.getCurrentToken();
    if (preparedToken == null || !Objects.equals(preparedToken.getOwnerId(), identity.getId())) {
        preparedToken = new IdmTokenDto();
        preparedToken.setModuleId(CoreModuleDescriptor.MODULE_ID);
    }
    // 
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(username);
    loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, preparedToken);
    LOG.info("Identity with username [{}] is authenticated", username);
    return loginDto;
}
Also used : IdmTokenDto(eu.bcvsolutions.idm.core.api.dto.IdmTokenDto) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)

Example 12 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class OAuthAuthenticationManager method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (!(authentication instanceof IdmJwtAuthentication)) {
        throw new IdmAuthenticationException("Unsupported granted authority " + authentication.getClass().getName());
    }
    // 
    IdmJwtAuthentication idmJwtAuthentication = verifyAuthentication(authentication);
    // Set logged user to workflow engine
    workflowIdentityService.setAuthenticatedUserId(idmJwtAuthentication.getCurrentUsername());
    // set authentication
    securityService.setAuthentication(idmJwtAuthentication);
    // 
    return idmJwtAuthentication;
}
Also used : IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)

Example 13 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class DefaultAccMultipleSystemAuthenticatorIntegrationTest method login.

/**
 * Process authentication against {@link AuthenticationManager} - IdM and all available system.
 *
 * @param identity
 * @param password
 * @param failed
 * @return
 */
private LoginDto login(IdmIdentityDto identity, String password, boolean failed, String module) {
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(new GuardedString(password));
    LoginDto authenticate = null;
    try {
        authenticate = authenticationManager.authenticate(loginDto);
    } catch (IdmAuthenticationException e) {
        authenticate = null;
    }
    if (failed) {
        assertNull(authenticate);
    } else {
        assertNotNull(authenticate);
        assertEquals(module, authenticate.getAuthenticationModule());
    }
    return authenticate;
}
Also used : IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)

Example 14 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class PasswordChangeController method passwordChange.

/**
 * Changes identity password. Could be public, because previous password is required.
 *
 * @param identityId
 * @param passwordChangeDto
 * @return
 */
@ResponseBody
@ResponseStatus(code = HttpStatus.OK)
@RequestMapping(value = BaseController.BASE_PATH + "/public/identities/{backendId}/password-change", method = RequestMethod.PUT)
@ApiOperation(value = "Change identity's password", nickname = "passwordChange", tags = { PasswordChangeController.TAG })
public List<OperationResult> passwordChange(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable String backendId, @RequestBody @Valid PasswordChangeDto passwordChangeDto) {
    IdmIdentityDto identity = (IdmIdentityDto) entityLookupService.lookupDto(IdmIdentityDto.class, backendId);
    if (identity == null) {
        // we don't result not found by security reasons, it public endpoint
        throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_CURRENT_FAILED_IDM);
    }
    // we need to login as identity, if no one is logged in
    try {
        if (!securityService.isAuthenticated()) {
            LoginDto loginDto = new LoginDto();
            // we are changing password => skip check
            loginDto.setSkipMustChange(true);
            loginDto.setUsername(identity.getUsername());
            loginDto.setPassword(passwordChangeDto.getOldPassword());
            loginDto = authenticationManager.authenticate(loginDto);
            // 
            // public password change password for all system including idm
            passwordChangeDto.setAll(true);
            // check if is allowed change password trough IdM, otherwise leave value as it is
            passwordChangeDto.setIdm(identityConfiguration.isAllowedPublicChangePasswordForIdm());
        }
    } catch (IdmAuthenticationException ex) {
        throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_CURRENT_FAILED_IDM, ex);
    }
    // 
    // check permission for password change
    identityService.checkAccess(identity, IdentityBasePermission.PASSWORDCHANGE);
    // 
    return identityService.passwordChange(identity, passwordChangeDto);
}
Also used : IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus) ApiOperation(io.swagger.annotations.ApiOperation) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 15 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class SsoIdmAuthenticationFilter method authorize.

@Override
public boolean authorize(String token, HttpServletRequest request, HttpServletResponse response) {
    try {
        LOG.debug("Starting SSO filter authorization, value of the SSO header is: [{}]", token);
        if (Strings.isNullOrEmpty(token)) {
            return false;
        }
        // Remove suffix from the token - typically the domain
        String userName = removeUidSuffix(token);
        // Check forbidden uids
        if (isForbiddenUid(userName)) {
            LOG.info("The uid [{}] is forbidden for SSO authentication.", userName);
            return false;
        }
        // Find the corresponding identity
        IdmIdentityDto identity = (IdmIdentityDto) lookupService.lookupDto(IdmIdentityDto.class, userName);
        if (identity == null) {
            throw new IdentityNotFoundException(MessageFormat.format("Check identity can login: The identity [{0}] either doesn't exist or is deleted.", userName));
        }
        // identity is valid
        if (identity.isDisabled()) {
            throw new IdentityDisabledException(MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", userName));
        }
        // Check forbidden identity - identity can be found by different attribute than id / username - depends on registered lookup
        if (isForbidden(identity)) {
            LOG.info("The uid [{}] is forbidden for SSO authentication.", userName);
            return false;
        }
        // Check that the identity can authenticate by SSO
        if (isSsoDisabledForIdentity(identity)) {
            LOG.info("The user [{}] can't be authenticated by SSO due to security reasons.", userName);
            return false;
        }
        // Authenticate the user
        LOG.info("User [{}] will be authenticated by SSO.", userName);
        LoginDto loginDto = createLoginDto(userName);
        LoginDto fullLoginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, CoreModuleDescriptor.MODULE_ID);
        // 
        return fullLoginDto != null;
    } catch (IdmAuthenticationException e) {
        LOG.warn("Authentication exception raised during SSO authentication: [{}].", e.getMessage());
    }
    return false;
}
Also used : IdentityDisabledException(eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException) IdmAuthenticationException(eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException) IdentityNotFoundException(eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)

Aggregations

IdmAuthenticationException (eu.bcvsolutions.idm.core.security.api.exception.IdmAuthenticationException)15 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)11 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)10 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)6 Test (org.junit.Test)5 IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)4 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)4 IdentityNotFoundException (eu.bcvsolutions.idm.core.security.api.exception.IdentityNotFoundException)4 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)4 IdentityDisabledException (eu.bcvsolutions.idm.core.security.api.exception.IdentityDisabledException)3 IdmPasswordPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)2 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)2 IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)2 TwoFactorAuthenticationRequiredException (eu.bcvsolutions.idm.core.security.api.exception.TwoFactorAuthenticationRequiredException)2 IdmAuditDto (eu.bcvsolutions.idm.core.api.audit.dto.IdmAuditDto)1 IdmAuditFilter (eu.bcvsolutions.idm.core.api.audit.dto.filter.IdmAuditFilter)1 IdmTokenDto (eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)1 CasTicketValidationException (eu.bcvsolutions.idm.core.security.api.exception.CasTicketValidationException)1 MustChangePasswordException (eu.bcvsolutions.idm.core.security.api.exception.MustChangePasswordException)1 AbstractUnitTest (eu.bcvsolutions.idm.test.api.AbstractUnitTest)1