Example 6 with AccountNotFoundException
use of javax.security.auth.login.AccountNotFoundException in project jackrabbit-oak by apache.
the class UserAuthentication method authenticate.
//-----------------------------------------------------< Authentication >---
@Override
public boolean authenticate(@Nullable Credentials credentials) throws LoginException {
if (credentials == null || loginId == null) {
return false;
}
boolean success = false;
try {
UserManager userManager = config.getUserManager(root, NamePathMapper.DEFAULT);
Authorizable authorizable = userManager.getAuthorizable(loginId);
if (authorizable == null) {
return false;
}
if (authorizable.isGroup()) {
throw new AccountNotFoundException("Not a user " + loginId);
}
User user = (User) authorizable;
if (user.isDisabled()) {
throw new AccountLockedException("User with ID " + loginId + " has been disabled: " + user.getDisabledReason());
}
if (credentials instanceof SimpleCredentials) {
SimpleCredentials creds = (SimpleCredentials) credentials;
Credentials userCreds = user.getCredentials();
if (loginId.equals(creds.getUserID()) && userCreds instanceof CredentialsImpl) {
success = PasswordUtil.isSame(((CredentialsImpl) userCreds).getPasswordHash(), creds.getPassword());
}
checkSuccess(success, "UserId/Password mismatch.");
if (isPasswordExpired(user)) {
// UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD attribute set
if (!changePassword(user, creds)) {
throw new CredentialExpiredException("User password has expired");
}
}
} else if (credentials instanceof ImpersonationCredentials) {
ImpersonationCredentials ipCreds = (ImpersonationCredentials) credentials;
AuthInfo info = ipCreds.getImpersonatorInfo();
success = equalUserId(ipCreds, loginId) && impersonate(info, user);
checkSuccess(success, "Impersonation not allowed.");
} else {
// guest login is allowed if an anonymous user exists in the content (see get user above)
success = (credentials instanceof GuestCredentials) || credentials == PreAuthenticatedLogin.PRE_AUTHENTICATED;
}
userId = user.getID();
principal = user.getPrincipal();
} catch (RepositoryException e) {
throw new LoginException(e.getMessage());
}
return success;
}
Also used :
AccountLockedException(javax.security.auth.login.AccountLockedException)
AuthInfo(org.apache.jackrabbit.oak.api.AuthInfo)
User(org.apache.jackrabbit.api.security.user.User)
RepositoryException(javax.jcr.RepositoryException)
SimpleCredentials(javax.jcr.SimpleCredentials)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
GuestCredentials(javax.jcr.GuestCredentials)
ImpersonationCredentials(org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials)
SimpleCredentials(javax.jcr.SimpleCredentials)
Credentials(javax.jcr.Credentials)
GuestCredentials(javax.jcr.GuestCredentials)
Example 7 with AccountNotFoundException
use of javax.security.auth.login.AccountNotFoundException in project cas by apereo.
the class AbstractUsernamePasswordAuthenticationHandler method doAuthentication.
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final UsernamePasswordCredential originalUserPass = (UsernamePasswordCredential) credential;
final UsernamePasswordCredential userPass = new UsernamePasswordCredential(originalUserPass.getUsername(), originalUserPass.getPassword());
if (StringUtils.isBlank(userPass.getUsername())) {
throw new AccountNotFoundException("Username is null.");
}
LOGGER.debug("Transforming credential username via [{}]", this.principalNameTransformer.getClass().getName());
final String transformedUsername = this.principalNameTransformer.transform(userPass.getUsername());
if (StringUtils.isBlank(transformedUsername)) {
throw new AccountNotFoundException("Transformed username is null.");
}
if (StringUtils.isBlank(userPass.getPassword())) {
throw new FailedLoginException("Password is null.");
}
LOGGER.debug("Attempting to encode credential password via [{}] for [{}]", this.passwordEncoder.getClass().getName(), transformedUsername);
final String transformedPsw = this.passwordEncoder.encode(userPass.getPassword());
if (StringUtils.isBlank(transformedPsw)) {
throw new AccountNotFoundException("Encoded password is null.");
}
userPass.setUsername(transformedUsername);
userPass.setPassword(transformedPsw);
LOGGER.debug("Attempting authentication internally for transformed credential [{}]", userPass);
return authenticateUsernamePasswordInternal(userPass, originalUserPass.getPassword());
}
Also used :
FailedLoginException(javax.security.auth.login.FailedLoginException)
UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
Example 8 with AccountNotFoundException
use of javax.security.auth.login.AccountNotFoundException in project cas by apereo.
the class FileAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException, PreventedException {
try {
if (this.fileName == null) {
throw new FileNotFoundException("Filename does not exist");
}
final String username = transformedCredential.getUsername();
final String passwordOnRecord = getPasswordOnRecord(username);
if (StringUtils.isBlank(passwordOnRecord)) {
throw new AccountNotFoundException(username + " not found in backing file.");
}
if (matches(originalPassword, passwordOnRecord)) {
return createHandlerResult(transformedCredential, this.principalFactory.createPrincipal(username), null);
}
} catch (final IOException e) {
throw new PreventedException("IO error reading backing file", e);
}
throw new FailedLoginException();
}
Also used :
FailedLoginException(javax.security.auth.login.FailedLoginException)
FileNotFoundException(java.io.FileNotFoundException)
IOException(java.io.IOException)
PreventedException(org.apereo.cas.authentication.PreventedException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
Example 9 with AccountNotFoundException
use of javax.security.auth.login.AccountNotFoundException in project cas by apereo.
the class ShiroAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException, PreventedException {
try {
final UsernamePasswordToken token = new UsernamePasswordToken(transformedCredential.getUsername(), transformedCredential.getPassword());
if (transformedCredential instanceof RememberMeUsernamePasswordCredential) {
token.setRememberMe(RememberMeUsernamePasswordCredential.class.cast(transformedCredential).isRememberMe());
}
final Subject currentUser = getCurrentExecutingSubject();
currentUser.login(token);
checkSubjectRolesAndPermissions(currentUser);
return createAuthenticatedSubjectResult(transformedCredential, currentUser);
} catch (final UnknownAccountException uae) {
throw new AccountNotFoundException(uae.getMessage());
} catch (final IncorrectCredentialsException ice) {
throw new FailedLoginException(ice.getMessage());
} catch (final LockedAccountException | ExcessiveAttemptsException lae) {
throw new AccountLockedException(lae.getMessage());
} catch (final ExpiredCredentialsException eae) {
throw new CredentialExpiredException(eae.getMessage());
} catch (final DisabledAccountException eae) {
throw new AccountDisabledException(eae.getMessage());
} catch (final AuthenticationException e) {
throw new FailedLoginException(e.getMessage());
}
}
Also used :
DisabledAccountException(org.apache.shiro.authc.DisabledAccountException)
IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException)
AccountLockedException(javax.security.auth.login.AccountLockedException)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
UnknownAccountException(org.apache.shiro.authc.UnknownAccountException)
ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException)
Subject(org.apache.shiro.subject.Subject)
ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
RememberMeUsernamePasswordCredential(org.apereo.cas.authentication.RememberMeUsernamePasswordCredential)
LockedAccountException(org.apache.shiro.authc.LockedAccountException)
AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)
Example 10 with AccountNotFoundException
use of javax.security.auth.login.AccountNotFoundException in project cas by apereo.
the class QueryAndEncodeDatabaseAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential, final String originalPassword) throws GeneralSecurityException, PreventedException {
if (StringUtils.isBlank(this.sql) || StringUtils.isBlank(this.algorithmName) || getJdbcTemplate() == null) {
throw new GeneralSecurityException("Authentication handler is not configured correctly");
}
final String username = transformedCredential.getUsername();
try {
final Map<String, Object> values = getJdbcTemplate().queryForMap(this.sql, username);
final String digestedPassword = digestEncodedPassword(transformedCredential.getPassword(), values);
if (!values.get(this.passwordFieldName).equals(digestedPassword)) {
throw new FailedLoginException("Password does not match value on record.");
}
if (StringUtils.isNotBlank(this.expiredFieldName)) {
final Object dbExpired = values.get(this.expiredFieldName);
if (dbExpired != null && (Boolean.TRUE.equals(BooleanUtils.toBoolean(dbExpired.toString())) || dbExpired.equals(Integer.valueOf(1)))) {
throw new AccountPasswordMustChangeException("Password has expired");
}
}
if (StringUtils.isNotBlank(this.disabledFieldName)) {
final Object dbDisabled = values.get(this.disabledFieldName);
if (dbDisabled != null && (Boolean.TRUE.equals(BooleanUtils.toBoolean(dbDisabled.toString())) || dbDisabled.equals(Integer.valueOf(1)))) {
throw new AccountDisabledException("Account has been disabled");
}
}
return createHandlerResult(transformedCredential, this.principalFactory.createPrincipal(username), null);
} catch (final IncorrectResultSizeDataAccessException e) {
if (e.getActualSize() == 0) {
throw new AccountNotFoundException(username + " not found with SQL query");
}
throw new FailedLoginException("Multiple records found for " + username);
} catch (final DataAccessException e) {
throw new PreventedException("SQL exception while executing query for " + username, e);
}
}
Also used :
FailedLoginException(javax.security.auth.login.FailedLoginException)
IncorrectResultSizeDataAccessException(org.springframework.dao.IncorrectResultSizeDataAccessException)
GeneralSecurityException(java.security.GeneralSecurityException)
PreventedException(org.apereo.cas.authentication.PreventedException)
AccountPasswordMustChangeException(org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)
DataAccessException(org.springframework.dao.DataAccessException)
IncorrectResultSizeDataAccessException(org.springframework.dao.IncorrectResultSizeDataAccessException)
Aggregations
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)14
FailedLoginException (javax.security.auth.login.FailedLoginException)11
AccountLockedException (javax.security.auth.login.AccountLockedException)4
PreventedException (org.apereo.cas.authentication.PreventedException)4
AccountDisabledException (org.apereo.cas.authentication.exceptions.AccountDisabledException)4
SimpleCredentials (javax.jcr.SimpleCredentials)3
CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)3
IOException (java.io.IOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
AccountExpiredException (javax.security.auth.login.AccountExpiredException)2
LoginException (javax.security.auth.login.LoginException)2
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)2
AccountPasswordMustChangeException (org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException)2
DataAccessException (org.springframework.dao.DataAccessException)2
IncorrectResultSizeDataAccessException (org.springframework.dao.IncorrectResultSizeDataAccessException)2
RequestContext (org.springframework.webflow.execution.RequestContext)2
ResponseStatus (com.yubico.client.v2.ResponseStatus)1
VerificationResponse (com.yubico.client.v2.VerificationResponse)1
YubicoValidationFailure (com.yubico.client.v2.exceptions.YubicoValidationFailure)1
YubicoVerificationException (com.yubico.client.v2.exceptions.YubicoVerificationException)1
