Example 6 with AuthenticationException
use of javax.naming.AuthenticationException in project tomee by apache.
the class InitContextFactory method getInitialContext.
@SuppressWarnings("unchecked")
@Override
public Context getInitialContext(final Hashtable env) throws javax.naming.NamingException {
if (!OpenEJB.isInitialized()) {
initializeOpenEJB(env);
}
final String user = (String) env.get(Context.SECURITY_PRINCIPAL);
final String pass = (String) env.get(Context.SECURITY_CREDENTIALS);
final String realmName = (String) env.get("openejb.authentication.realmName");
if (user != null && pass != null) {
try {
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
final Object identity;
if (realmName == null) {
identity = securityService.login(user, pass);
} else {
identity = securityService.login(realmName, user, pass);
}
securityService.associate(identity);
} catch (final LoginException e) {
throw (AuthenticationException) new AuthenticationException("User could not be authenticated: " + user).initCause(e);
}
}
final ContainerSystem containerSystem = SystemInstance.get().getComponent(ContainerSystem.class);
Context context = containerSystem.getJNDIContext();
context = (Context) context.lookup("openejb/local");
return context;
}
Also used :
ContainerSystem(org.apache.openejb.spi.ContainerSystem)
Context(javax.naming.Context)
AuthenticationException(javax.naming.AuthenticationException)
SecurityService(org.apache.openejb.spi.SecurityService)
LoginException(javax.security.auth.login.LoginException)
Example 7 with AuthenticationException
use of javax.naming.AuthenticationException in project tomee by apache.
the class LocalInitialContext method login.
private void login() throws AuthenticationException {
final String user = (String) properties.get(Context.SECURITY_PRINCIPAL);
final String pass = (String) properties.get(Context.SECURITY_CREDENTIALS);
final String realmName = (String) properties.get("openejb.authentication.realmName");
if (user != null && pass != null) {
try {
if (logger.isDebugEnabled()) {
logger.debug("Logging in: " + user);
}
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
if (realmName == null) {
clientIdentity = securityService.login(user, pass);
} else {
clientIdentity = securityService.login(realmName, user, pass);
}
ClientSecurity.setIdentity(clientIdentity);
} catch (final LoginException e) {
throw (AuthenticationException) new AuthenticationException("User could not be authenticated: " + user).initCause(e);
}
}
}
Also used :
AuthenticationException(javax.naming.AuthenticationException)
SecurityService(org.apache.openejb.spi.SecurityService)
LoginException(javax.security.auth.login.LoginException)
Example 8 with AuthenticationException
use of javax.naming.AuthenticationException in project tomee by apache.
the class JNDIContext method logout.
private void logout() throws AuthenticationException {
final LogoutRequest request = new LogoutRequest(client.getClientIdentity());
final LogoutResponse response;
try {
response = LogoutResponse.class.cast(Client.request(request, new LogoutResponse(), server));
} catch (final RemoteException e) {
throw new AuthenticationException(e.getLocalizedMessage());
}
switch(response.getResponseCode()) {
case ResponseCodes.AUTH_DENIED:
throw AuthenticationException.class.cast(new AuthenticationException("Can't logout").initCause(response.getDeniedCause()));
case ResponseCodes.LOGOUT_SUCCESS:
default:
}
}
Also used :
AuthenticationException(javax.naming.AuthenticationException)
RemoteException(java.rmi.RemoteException)
Example 9 with AuthenticationException
use of javax.naming.AuthenticationException in project tomee by apache.
the class JNDIContext method authenticate.
public void authenticate(final String userID, final String psswrd) throws AuthenticationException {
final AuthenticationRequest req = new AuthenticationRequest(String.class.cast(env.get("openejb.authentication.realmName")), userID, psswrd);
final AuthenticationResponse res;
try {
res = requestAuthorization(req);
} catch (RemoteException e) {
throw new AuthenticationException(e.getLocalizedMessage());
}
switch(res.getResponseCode()) {
case ResponseCodes.AUTH_GRANTED:
client = res.getIdentity();
break;
case ResponseCodes.AUTH_REDIRECT:
client = res.getIdentity();
server = res.getServer();
break;
case ResponseCodes.AUTH_DENIED:
throw (AuthenticationException) new AuthenticationException("This principle is not authorized.").initCause(res.getDeniedCause());
}
}
Also used :
AuthenticationException(javax.naming.AuthenticationException)
RemoteException(java.rmi.RemoteException)
Example 10 with AuthenticationException
use of javax.naming.AuthenticationException in project zeppelin by apache.
the class LdapRealm method getUserDn.
/**
* Returns the LDAP User Distinguished Name (DN) to use when acquiring an
* {@link javax.naming.ldap.LdapContext LdapContext} from the
* {@link LdapContextFactory}.
* <p/>
* If the the {@link #getUserDnTemplate() userDnTemplate} property has been
* set, this implementation will construct the User DN by substituting the
* specified {@code principal} into the configured template. If the
* {@link #getUserDnTemplate() userDnTemplate} has not been set, the method
* argument will be returned directly (indicating that the submitted
* authentication token principal <em>is</em> the User DN).
*
* @param principal
* the principal to substitute into the configured
* {@link #getUserDnTemplate() userDnTemplate}.
* @return the constructed User DN to use at runtime when acquiring an
* {@link javax.naming.ldap.LdapContext}.
* @throws IllegalArgumentException
* if the method argument is null or empty
* @throws IllegalStateException
* if the {@link #getUserDnTemplate userDnTemplate} has not been
* set.
* @see LdapContextFactory#getLdapContext(Object, Object)
*/
@Override
protected String getUserDn(final String principal) throws IllegalArgumentException, IllegalStateException {
String userDn;
Matcher matchedPrincipal = matchPrincipal(principal);
String userSearchBase = getUserSearchBase();
String userSearchAttributeName = getUserSearchAttributeName();
// If not searching use the userDnTemplate and return.
if ((userSearchBase == null || userSearchBase.isEmpty()) || (userSearchAttributeName == null && userSearchFilter == null && !"object".equalsIgnoreCase(userSearchScope))) {
userDn = expandTemplate(userDnTemplate, matchedPrincipal);
if (log.isDebugEnabled()) {
log.debug("LDAP UserDN and Principal: " + userDn + "," + principal);
}
return userDn;
}
// Create the searchBase and searchFilter from config.
String searchBase = expandTemplate(getUserSearchBase(), matchedPrincipal);
String searchFilter = null;
if (userSearchFilter == null) {
if (userSearchAttributeName == null) {
searchFilter = String.format("(objectclass=%1$s)", getUserObjectClass());
} else {
searchFilter = String.format("(&(objectclass=%1$s)(%2$s=%3$s))", getUserObjectClass(), userSearchAttributeName, expandTemplate(getUserSearchAttributeTemplate(), matchedPrincipal));
}
} else {
searchFilter = expandTemplate(userSearchFilter, matchedPrincipal);
}
SearchControls searchControls = getUserSearchControls();
// Search for userDn and return.
LdapContext systemLdapCtx = null;
NamingEnumeration<SearchResult> searchResultEnum = null;
try {
systemLdapCtx = getContextFactory().getSystemLdapContext();
if (log.isDebugEnabled()) {
log.debug("SearchBase,SearchFilter,UserSearchScope: " + searchBase + "," + searchFilter + "," + userSearchScope);
}
searchResultEnum = systemLdapCtx.search(searchBase, searchFilter, searchControls);
// SearchResults contains all the entries in search scope
if (searchResultEnum.hasMore()) {
SearchResult searchResult = searchResultEnum.next();
userDn = searchResult.getNameInNamespace();
if (log.isDebugEnabled()) {
log.debug("UserDN Returned,Principal: " + userDn + "," + principal);
}
return userDn;
} else {
throw new IllegalArgumentException("Illegal principal name: " + principal);
}
} catch (AuthenticationException ne) {
ne.printStackTrace();
throw new IllegalArgumentException("Illegal principal name: " + principal);
} catch (NamingException ne) {
throw new IllegalArgumentException("Hit NamingException: " + ne.getMessage());
} finally {
try {
if (searchResultEnum != null) {
searchResultEnum.close();
}
} catch (NamingException ne) {
// Ignore exception on close.
} finally {
LdapUtils.closeContext(systemLdapCtx);
}
}
}
Also used :
Matcher(java.util.regex.Matcher)
HashedCredentialsMatcher(org.apache.shiro.authc.credential.HashedCredentialsMatcher)
AuthenticationException(javax.naming.AuthenticationException)
SearchControls(javax.naming.directory.SearchControls)
SearchResult(javax.naming.directory.SearchResult)
NamingException(javax.naming.NamingException)
LdapContext(javax.naming.ldap.LdapContext)
Aggregations
AuthenticationException (javax.naming.AuthenticationException)15
NamingException (javax.naming.NamingException)5
AuthenticationDataCommand (com.yahoo.pulsar.broker.authentication.AuthenticationDataCommand)3
Hashtable (java.util.Hashtable)3
ChannelHandler (io.netty.channel.ChannelHandler)2
SslHandler (io.netty.handler.ssl.SslHandler)2
RemoteException (java.rmi.RemoteException)2
Attributes (javax.naming.directory.Attributes)2
DirContext (javax.naming.directory.DirContext)2
SearchControls (javax.naming.directory.SearchControls)2
SearchResult (javax.naming.directory.SearchResult)2
LdapContext (javax.naming.ldap.LdapContext)2
SSLSession (javax.net.ssl.SSLSession)2
LoginException (javax.security.auth.login.LoginException)2
SecurityService (org.apache.openejb.spi.SecurityService)2
LdapResult (com.sun.jndi.ldap.LdapResult)1
RoleToken (com.yahoo.athenz.auth.token.RoleToken)1
AuthenticationService (com.yahoo.pulsar.broker.authentication.AuthenticationService)1
CommandError (com.yahoo.pulsar.common.api.proto.PulsarApi.CommandError)1
ByteBuf (io.netty.buffer.ByteBuf)1
