Examples with IdmAuthenticationException eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException used on opensource projects

Example 6 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class DefaultLoginService method loginAuthenticatedUser.

@Override
public LoginDto loginAuthenticatedUser() {
    if (!securityService.isAuthenticated()) {
        throw new IdmAuthenticationException("Not authenticated!");
    }
    String username = securityService.getAuthentication().getCurrentUsername();
    LOG.info("Identity with username [{}] authenticating", username);
    IdmIdentityDto identity = identityService.getByUsername(username);
    // identity exists
    if (identity == null) {
        throw new IdmAuthenticationException(MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username));
    }
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(username);
    loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, // TODO: why is new dto created - previously dto could be used
    new IdmIdentityDto(identity, identity.getUsername()), EntityUtils.getModule(this.getClass()));
    LOG.info("Identity with username [{}] is authenticated", username);
    return loginDto;
}

Example 7 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class DefaultLoginService method login.

@Override
public LoginDto login(LoginDto loginDto) {
    String username = loginDto.getUsername();
    LOG.info("Identity with username [{}] authenticating", username);
    IdmIdentityDto identity = identityService.getByUsername(username);
    // identity exists
    if (identity == null) {
        throw new IdmAuthenticationException(MessageFormat.format("Check identity can login: The identity " + "[{0}] either doesn't exist or is deleted.", username));
    }
    // validate identity
    if (!validate(identity, loginDto)) {
        LOG.debug("Username or password for identity [{}] is not correct!", username);
        throw new IdmAuthenticationException(MessageFormat.format("Check identity password: Failed for identity " + "{0} because the password digests differ.", username));
    }
    loginDto = jwtAuthenticationService.createJwtAuthenticationAndAuthenticate(loginDto, new IdmIdentityDto(identity, identity.getUsername()), loginDto.getAuthenticationModule());
    LOG.info("Identity with username [{}] is authenticated", username);
    return loginDto;
}

Example 8 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class OAuthAuthenticationManager method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (!(authentication instanceof IdmJwtAuthentication)) {
        throw new IdmAuthenticationException("Unsupported granted authority " + authentication.getClass().getName());
    }
    IdmJwtAuthentication idmJwtAuthentication = (IdmJwtAuthentication) authentication;
    IdmIdentityDto identity = getIdentityForToken(idmJwtAuthentication);
    IdmAuthorityChange authChange = getIdentityAuthorityChange(identity);
    checkIssuedTime(idmJwtAuthentication.getIssuedAt(), authChange);
    checkExpirationTime(idmJwtAuthentication);
    checkDisabled(identity);
    // Set logged user to workflow engine
    workflowIdentityService.setAuthenticatedUserId(identity.getUsername());
    // set authentication
    securityService.setAuthentication(idmJwtAuthentication);
    // 
    return idmJwtAuthentication;
}

Example 9 with IdmAuthenticationException

use of eu.bcvsolutions.idm.core.security.exception.IdmAuthenticationException in project CzechIdMng by bcvsolutions.

the class PasswordChangeController method passwordChange.

/**
 * Changes identity password. Could be public, because previous password is required.
 *
 * @param identityId
 * @param passwordChangeDto
 * @return
 */
@ResponseBody
@ResponseStatus(code = HttpStatus.OK)
@RequestMapping(value = BaseController.BASE_PATH + "/public/identities/{backendId}/password-change", method = RequestMethod.PUT)
@ApiOperation(value = "Change identity's password", nickname = "passwordChange", response = PasswordChangeDto.class, tags = { PasswordChangeController.TAG })
public List<OperationResult> passwordChange(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable String backendId, @RequestBody @Valid PasswordChangeDto passwordChangeDto) {
    IdmIdentityDto identity = (IdmIdentityDto) entityLookupService.lookupDto(IdmIdentityDto.class, backendId);
    if (identity == null) {
        // we don't result not found by security reasons, it public endpoint
        throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_CURRENT_FAILED_IDM);
    }
    // we need to login as identity, if no one is logged in
    try {
        if (!securityService.isAuthenticated()) {
            LoginDto loginDto = new LoginDto();
            loginDto.setSkipMustChange(true);
            loginDto.setUsername(identity.getUsername());
            loginDto.setPassword(passwordChangeDto.getOldPassword());
            loginDto = authenticationManager.authenticate(loginDto);
            // 
            // public password change password for all system including idm
            passwordChangeDto.setAll(true);
            // check if is allowed change password trough IdM, otherwise leave value as it is
            passwordChangeDto.setIdm(identityConfiguration.isAllowedPublicChangePasswordForIdm());
        }
    } catch (IdmAuthenticationException ex) {
        throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_CURRENT_FAILED_IDM, ex);
    }
    // 
    // check permission for password change
    identityService.checkAccess(identity, IdentityBasePermission.PASSWORDCHANGE);
    // 
    return identityService.passwordChange(identity, passwordChangeDto);
}