Example 1 with IdmAuthenticationException
use of eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class BasicIdmAuthenticationFilter method authorize.
@Override
public boolean authorize(String token, HttpServletRequest req, HttpServletResponse res) {
try {
LoginDto loginDto = createLoginDto(getBasicCredentials(token));
authManager.authenticate(loginDto);
LOG.debug("User [{}] successfully logged in.", loginDto.getUsername());
return true;
} catch (IdmAuthenticationException e) {
LOG.warn("Authentication exception raised during basic authentication: [{}].", e.getMessage());
} catch (Exception e) {
LOG.warn("Exception was raised during basic authentication: [{}].", e.getMessage());
}
return false;
}
Also used :
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)
LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)
Example 2 with IdmAuthenticationException
use of eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class AuthenticationExceptionContextTest method testDisabledOrNotFound.
@Test
public void testDisabledOrNotFound() {
AuthenticationException e = new IdmAuthenticationException("test");
AuthenticationExceptionContext ctx = new AuthenticationExceptionContext();
ctx.setAuthEx(e);
Assert.assertFalse(ctx.isAuthoritiesChanged());
Assert.assertTrue(ctx.isDisabledOrNotExists());
Assert.assertFalse(ctx.isExpired());
}
Also used :
AuthenticationException(org.springframework.security.core.AuthenticationException)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)
AbstractUnitTest(eu.bcvsolutions.idm.test.api.AbstractUnitTest)
Test(org.junit.Test)
Example 3 with IdmAuthenticationException
use of eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class DefaultIdmPasswordServiceIntegrationTest method testResetUsuccessfulAttemptsAfterPasswordChange.
@Test
@Transactional
public void testResetUsuccessfulAttemptsAfterPasswordChange() {
IdmIdentityDto identity = testHelper.createIdentity();
// login
LoginDto loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
loginDto.setPassword(new GuardedString("wrong"));
try {
loginController.login(loginDto);
} catch (IdmAuthenticationException ex) {
// nothing
}
try {
loginController.login(loginDto);
} catch (IdmAuthenticationException ex) {
// nothing
}
IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
//
Assert.assertEquals(2, password.getUnsuccessfulAttempts());
//
// password change
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setIdm(true);
passwordChange.setNewPassword(new GuardedString("new"));
passwordService.save(identity, passwordChange);
//
password = passwordService.findOneByIdentity(identity.getId());
//
Assert.assertEquals(0, password.getUnsuccessfulAttempts());
}
Also used :
PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)
IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 4 with IdmAuthenticationException
use of eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class DefaultAccAuthenticator method authenticate.
@Override
public LoginDto authenticate(LoginDto loginDto) {
// temporary solution for get system id, this is not nice.
String systemCodeable = configurationService.getValue(PROPERTY_AUTH_SYSTEM_ID);
if (StringUtils.isEmpty(systemCodeable)) {
// without system can't check
return null;
}
//
SysSystemDto system = (SysSystemDto) lookupService.lookupDto(SysSystemDto.class, systemCodeable);
//
if (system == null) {
LOG.warn("System by codeable identifier [{}] not found. Check configuration property [{}]", systemCodeable, PROPERTY_AUTH_SYSTEM_ID);
// system doesn't exist
return null;
}
IdmIdentityDto identity = (IdmIdentityDto) lookupService.lookupDto(IdmIdentityDto.class, loginDto.getUsername());
if (identity == null) {
throw new IdmAuthenticationException(MessageFormat.format("Check identity can login: The identity [{0}] either doesn't exist or is deleted.", loginDto.getUsername()));
}
//
// search authentication attribute for system with provisioning mapping, only for identity
SysSystemAttributeMappingDto attribute = systemAttributeMappingService.getAuthenticationAttribute(system.getId(), SystemEntityType.IDENTITY);
//
if (attribute == null) {
// attribute MUST exist
throw new ResultCodeException(AccResultCode.AUTHENTICATION_AUTHENTICATION_ATTRIBUTE_DONT_SET, ImmutableMap.of("name", system.getName()));
}
//
// find if identity has account on system
List<AccAccountDto> accounts = accountService.getAccounts(system.getId(), identity.getId());
if (accounts.isEmpty()) {
// user hasn't account on system, continue
return null;
}
//
ResultCodeException authFailedException = null;
IcUidAttribute auth = null;
for (AccAccountDto account : accounts) {
SysSchemaAttributeDto schemaAttribute = schemaAttributeService.get(attribute.getSchemaAttribute());
SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(schemaAttribute, SysSchemaAttribute_.objectClass, SysSchemaObjectClassDto.class);
SysSystemEntityDto systemEntityDto = systemEntityService.get(account.getSystemEntity());
IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassDto.getObjectClassName());
IcConnectorObject connectorObject = systemService.readConnectorObject(system.getId(), systemEntityDto.getUid(), objectClass);
//
if (connectorObject == null) {
continue;
}
//
String transformUsername = null;
// iterate over all attributes to find authentication attribute
for (IcAttribute icAttribute : connectorObject.getAttributes()) {
if (icAttribute.getName().equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName())) {
transformUsername = String.valueOf(icAttribute.getValue());
break;
}
}
if (transformUsername == null) {
throw new ResultCodeException(AccResultCode.AUTHENTICATION_USERNAME_DONT_EXISTS, ImmutableMap.of("username", loginDto.getUsername(), "name", system.getName()));
}
// authentication over system, when password or username not exist or bad credentials - throw error
try {
// authentication against system
auth = provisioningService.authenticate(transformUsername, loginDto.getPassword(), system, SystemEntityType.IDENTITY);
authFailedException = null;
// check auth
if (auth == null || auth.getValue() == null) {
authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
// failed, continue to another
break;
}
// everything success break
break;
} catch (ResultCodeException e) {
// failed, continue to another
authFailedException = new ResultCodeException(CoreResultCode.AUTH_FAILED, "Invalid login or password.", e);
}
}
if (auth == null || auth.getValue() == null) {
authFailedException = new ResultCodeException(AccResultCode.AUTHENTICATION_AGAINST_SYSTEM_FAILED, ImmutableMap.of("name", system.getName(), "username", loginDto.getUsername()));
}
//
if (authFailedException != null) {
throw authFailedException;
}
String module = this.getModule();
loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, identity, module);
LOG.info("Identity with username [{}] is authenticated by system [{}]", loginDto.getUsername(), system.getName());
return loginDto;
}
Also used :
IcObjectClassImpl(eu.bcvsolutions.idm.ic.impl.IcObjectClassImpl)
SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)
SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass)
IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute)
IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject)
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)
IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute)
SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)
Example 5 with IdmAuthenticationException
use of eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.
the class DefaultJwtAuthenticationService method createJwtAuthenticationAndAuthenticate.
@Override
public LoginDto createJwtAuthenticationAndAuthenticate(LoginDto loginDto, IdmIdentityDto identity, String module) {
IdmJwtAuthentication authentication = new IdmJwtAuthentication(identity, getAuthExpiration(), grantedAuthoritiesFactory.getGrantedAuthorities(loginDto.getUsername()), module);
oauthAuthenticationManager.authenticate(authentication);
IdmJwtAuthenticationDto authenticationDto = jwtTokenMapper.toDto(authentication);
try {
loginDto.setAuthenticationModule(module);
loginDto.setAuthentication(authenticationDto);
loginDto.setToken(jwtTokenMapper.writeToken(authenticationDto));
return loginDto;
} catch (IOException ex) {
throw new IdmAuthenticationException(ex.getMessage(), ex);
}
}
Also used :
IdmAuthenticationException(eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)
IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)
IdmJwtAuthenticationDto(eu.bcvsolutions.idm.core.security.api.dto.IdmJwtAuthenticationDto)
IOException(java.io.IOException)
Aggregations
IdmAuthenticationException (eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException)9
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)6
LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)4
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)2
IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)2
Test (org.junit.Test)2
AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)1
SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)1
SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)1
SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)1
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)1
SysSystemEntityDto (eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto)1
IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)1
PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)1
IdmAuthorityChange (eu.bcvsolutions.idm.core.model.entity.IdmAuthorityChange)1
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)1
IdmJwtAuthenticationDto (eu.bcvsolutions.idm.core.security.api.dto.IdmJwtAuthenticationDto)1
IcAttribute (eu.bcvsolutions.idm.ic.api.IcAttribute)1
IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)1
IcObjectClass (eu.bcvsolutions.idm.ic.api.IcObjectClass)1
