use of io.micronaut.security.authentication.AuthenticationResponse in project micronaut-security by micronaut-projects.
the class LdapAuthenticationProvider method authenticate.
@Override
public Publisher<AuthenticationResponse> authenticate(HttpRequest<?> httpRequest, AuthenticationRequest<?, ?> authenticationRequest) {
Flux<AuthenticationResponse> reactiveSequence = Flux.create(emitter -> {
String username = authenticationRequest.getIdentity().toString();
String password = authenticationRequest.getSecret().toString();
if (LOG.isDebugEnabled()) {
LOG.debug("Starting authentication with configuration [{}]", configuration.getName());
LOG.debug("Attempting to initialize manager context");
}
DirContext managerContext;
try {
managerContext = contextBuilder.build(configuration.getManagerSettings());
debug(LOG, "Manager context initialized successfully");
} catch (NamingException e) {
debug(LOG, "Failed to create manager context. Returning unknown authentication failure. Encountered {}", e.getMessage());
emitter.error(AuthenticationResponse.exception(AuthenticationFailureReason.UNKNOWN));
return;
}
debug(LOG, "Attempting to authenticate with user [{}]", username);
try {
Optional<LdapSearchResult> optionalResult = ldapSearchService.searchFirst(managerContext, configuration.getSearch().getSettings(new Object[] { username }));
if (optionalResult.isPresent()) {
LdapSearchResult result = optionalResult.get();
debug(LOG, "User found in context [{}]. Attempting to bind.", result.getDn());
DirContext userContext = null;
try {
String dn = result.getDn();
userContext = contextBuilder.build(configuration.getSettings(result.getDn(), password));
if (result.getAttributes() == null) {
result.setAttributes(userContext.getAttributes(dn));
}
} finally {
contextBuilder.close(userContext);
}
debug(LOG, "Successfully bound user [{}]. Attempting to retrieving groups.", result.getDn());
Set<String> groups = Collections.emptySet();
LdapConfiguration.GroupConfiguration groupSettings = configuration.getGroups();
if (groupSettings.isEnabled()) {
groups = ldapGroupProcessor.process(groupSettings.getAttribute(), result, () -> {
Object[] params = new Object[] { groupSettings.getFilterAttribute().map(attr -> result.getAttributes().getValue(attr)).orElse(result.getDn()) };
return ldapSearchService.search(managerContext, groupSettings.getSearchSettings(params));
});
debug(LOG, "Group search returned [{}] for user [{}]", groups, username);
} else {
debug(LOG, "Group search is disabled for configuration [{}]", configuration.getName());
}
if (LOG.isTraceEnabled()) {
LOG.trace("Attempting to map [{}] with groups [{}] to an authentication response.", username, groups);
}
AuthenticationResponse response = contextAuthenticationMapper.map(result.getAttributes(), username, groups);
if (response.isAuthenticated()) {
emitter.next(response);
emitter.complete();
} else {
emitter.error(new AuthenticationException(response));
}
debug(LOG, "Response successfully created for [{}]. Response is authenticated: [{}]", username, response.isAuthenticated());
} else {
debug(LOG, "User not found [{}]", username);
emitter.error(AuthenticationResponse.exception(AuthenticationFailureReason.USER_NOT_FOUND));
}
} catch (NamingException e) {
debug(LOG, "Failed to authenticate with user [{}]. {}", username, e);
if (e instanceof javax.naming.AuthenticationException) {
emitter.error(AuthenticationResponse.exception(AuthenticationFailureReason.CREDENTIALS_DO_NOT_MATCH));
} else {
emitter.error(e);
}
} finally {
contextBuilder.close(managerContext);
}
}, FluxSink.OverflowStrategy.ERROR);
reactiveSequence = reactiveSequence.subscribeOn(scheduler);
return reactiveSequence;
}
use of io.micronaut.security.authentication.AuthenticationResponse in project micronaut-graphql by micronaut-projects.
the class LoginDataFetcher method get.
@Override
public LoginPayload get(DataFetchingEnvironment environment) throws Exception {
GraphQLContext graphQLContext = environment.getContext();
if (LOGIN_RATE_LIMIT_REMAINING <= 0) {
addRateLimitHeaders(graphQLContext);
resetRateLimit();
return LoginPayload.ofError("Rate Limit Exceeded");
}
HttpRequest httpRequest = graphQLContext.get("httpRequest");
MutableHttpResponse<String> httpResponse = graphQLContext.get("httpResponse");
String username = environment.getArgument("username");
String password = environment.getArgument("password");
UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(username, password);
LOGIN_RATE_LIMIT_REMAINING--;
Flux<AuthenticationResponse> authenticationResponseFlowable = Flux.from(authenticator.authenticate(httpRequest, usernamePasswordCredentials));
return authenticationResponseFlowable.map(authenticationResponse -> {
addRateLimitHeaders(graphQLContext);
if (authenticationResponse.isAuthenticated()) {
eventPublisher.publishEvent(new LoginSuccessfulEvent(authenticationResponse));
Optional<Cookie> jwtCookie = accessTokenCookie(Authentication.build(username), httpRequest);
jwtCookie.ifPresent(httpResponse::cookie);
User user = userRepository.findByUsername(username).orElse(null);
return LoginPayload.ofUser(user);
} else {
eventPublisher.publishEvent(new LoginFailedEvent(authenticationResponse));
return LoginPayload.ofError(authenticationResponse.getMessage().orElse(null));
}
}).blockFirst();
}
use of io.micronaut.security.authentication.AuthenticationResponse in project micronaut-security by micronaut-projects.
the class DefaultOauthAuthorizationResponseHandler method handle.
@Override
public Publisher<AuthenticationResponse> handle(AuthorizationResponse authorizationResponse, OauthClientConfiguration clientConfiguration, OauthAuthenticationMapper authenticationMapper, SecureEndpoint tokenEndpoint) {
State state;
if (stateValidator != null) {
if (LOG.isTraceEnabled()) {
LOG.trace("Validating state found in the authorization response from provider [{}]", clientConfiguration.getName());
}
state = authorizationResponse.getState();
try {
stateValidator.validate(authorizationResponse.getCallbackRequest(), state);
} catch (InvalidStateException e) {
return Flux.just(new AuthenticationFailed("State validation failed: " + e.getMessage()));
}
} else {
state = null;
if (LOG.isTraceEnabled()) {
LOG.trace("Skipping state validation, no state validator found");
}
}
OauthCodeTokenRequestContext context = new OauthCodeTokenRequestContext(authorizationResponse, tokenEndpoint, clientConfiguration);
return Flux.from(tokenEndpointClient.sendRequest(context)).switchMap(response -> {
if (LOG.isTraceEnabled()) {
LOG.trace("Token endpoint returned a success response. Creating a user details");
}
return Flux.from(authenticationMapper.createAuthenticationResponse(response, state)).map(AuthenticationResponse.class::cast);
});
}
Aggregations