Example 11 with AccountNotFoundException
use of javax.security.auth.login.AccountNotFoundException in project cas by apereo.
the class GoogleAuthenticatorAuthenticationHandler method doAuthentication.
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final GoogleAuthenticatorTokenCredential tokenCredential = (GoogleAuthenticatorTokenCredential) credential;
if (!NumberUtils.isCreatable(tokenCredential.getToken())) {
throw new PreventedException("Invalid non-numeric OTP format specified.", new IllegalArgumentException("Invalid token " + tokenCredential.getToken()));
}
final int otp = Integer.parseInt(tokenCredential.getToken());
LOGGER.debug("Received OTP [{}]", otp);
final RequestContext context = RequestContextHolder.getRequestContext();
if (context == null) {
new IllegalArgumentException("No request context could be found to locate an authentication event");
}
final Authentication authentication = WebUtils.getAuthentication(context);
if (authentication == null) {
new IllegalArgumentException("Request context has no reference to an authentication event to locate a principal");
}
final String uid = authentication.getPrincipal().getId();
LOGGER.debug("Received principal id [{}]", uid);
final String secKey = this.credentialRepository.getSecret(uid);
if (StringUtils.isBlank(secKey)) {
throw new AccountNotFoundException(uid + " cannot be found in the registry");
}
if (this.tokenRepository.exists(uid, otp)) {
throw new AccountExpiredException(uid + " cannot reuse OTP " + otp + " as it may be expired/invalid");
}
final boolean isCodeValid = this.googleAuthenticatorInstance.authorize(secKey, otp);
if (isCodeValid) {
this.tokenRepository.store(new GoogleAuthenticatorToken(otp, uid));
return createHandlerResult(tokenCredential, this.principalFactory.createPrincipal(uid), null);
}
throw new FailedLoginException("Failed to authenticate code " + otp);
}
Also used :
FailedLoginException(javax.security.auth.login.FailedLoginException)
Authentication(org.apereo.cas.authentication.Authentication)
AccountExpiredException(javax.security.auth.login.AccountExpiredException)
GoogleAuthenticatorToken(org.apereo.cas.adaptors.gauth.repository.token.GoogleAuthenticatorToken)
PreventedException(org.apereo.cas.authentication.PreventedException)
RequestContext(org.springframework.webflow.execution.RequestContext)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
Example 12 with AccountNotFoundException
use of javax.security.auth.login.AccountNotFoundException in project cas by apereo.
the class UsernamePasswordWrapperAuthenticationHandler method convertToPac4jCredentials.
@Override
protected UsernamePasswordCredentials convertToPac4jCredentials(final UsernamePasswordCredential casCredential) throws GeneralSecurityException, PreventedException {
LOGGER.debug("CAS credentials: [{}]", casCredential);
final String username = this.principalNameTransformer.transform(casCredential.getUsername());
if (username == null) {
throw new AccountNotFoundException("Username is null.");
}
final String password = this.passwordEncoder.encode(casCredential.getPassword());
final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(username, password, getClass().getSimpleName());
LOGGER.debug("pac4j credentials: [{}]", credentials);
return credentials;
}
Also used :
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials)
Example 13 with AccountNotFoundException
use of javax.security.auth.login.AccountNotFoundException in project jackrabbit-oak by apache.
the class UserAuthenticationTest method testAuthenticateResolvesToGroup.
@Test
public void testAuthenticateResolvesToGroup() throws Exception {
Group g = getUserManager(root).createGroup("g1");
SimpleCredentials sc = new SimpleCredentials(g.getID(), "pw".toCharArray());
Authentication a = new UserAuthentication(getUserConfiguration(), root, sc.getUserID());
try {
a.authenticate(sc);
fail("Authenticating Group should fail");
} catch (LoginException e) {
// success
assertTrue(e instanceof AccountNotFoundException);
} finally {
g.remove();
root.commit();
}
}
Also used :
Group(org.apache.jackrabbit.api.security.user.Group)
SimpleCredentials(javax.jcr.SimpleCredentials)
Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 14 with AccountNotFoundException
use of javax.security.auth.login.AccountNotFoundException in project sling by apache.
the class SlingAuthenticator method handleLoginFailure.
private boolean handleLoginFailure(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationInfo authInfo, final Exception reason) {
String user = authInfo.getUser();
boolean processRequest = false;
if (reason.getClass().getName().contains("TooManySessionsException")) {
// to many users, send a 503 Service Unavailable
log.info("handleLoginFailure: Too many sessions for {}: {}", user, reason.getMessage());
try {
response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "SlingAuthenticator: Too Many Users");
} catch (IOException ioe) {
log.error("handleLoginFailure: Cannot send status 503 to client", ioe);
}
} else if (reason instanceof LoginException) {
log.info("handleLoginFailure: Unable to authenticate {}: {}", user, reason.getMessage());
if (isAnonAllowed(request) && !expectAuthenticationHandler(request) && !AuthUtil.isValidateRequest(request)) {
log.debug("handleLoginFailure: LoginException on an anonymous resource, fallback to getAnonymousResolver");
processRequest = getAnonymousResolver(request, response, new AuthenticationInfo(null));
} else {
// request authentication information and send 403 (Forbidden)
// if no handler can request authentication information.
AuthenticationHandler.FAILURE_REASON_CODES code = AuthenticationHandler.FAILURE_REASON_CODES.INVALID_LOGIN;
String message = "User name and password do not match";
if (reason.getCause() instanceof CredentialExpiredException) {
// force failure attribute to be set so handlers can
// react to this special circumstance
Object creds = authInfo.get("user.jcr.credentials");
if (creds instanceof SimpleCredentials && ((SimpleCredentials) creds).getAttribute("PasswordHistoryException") != null) {
code = AuthenticationHandler.FAILURE_REASON_CODES.PASSWORD_EXPIRED_AND_NEW_PASSWORD_IN_HISTORY;
message = "Password expired and new password found in password history";
} else {
code = AuthenticationHandler.FAILURE_REASON_CODES.PASSWORD_EXPIRED;
message = "Password expired";
}
} else if (reason.getCause() instanceof AccountLockedException) {
code = AuthenticationHandler.FAILURE_REASON_CODES.ACCOUNT_LOCKED;
message = "Account is locked";
} else if (reason.getCause() instanceof AccountNotFoundException) {
code = AuthenticationHandler.FAILURE_REASON_CODES.ACCOUNT_NOT_FOUND;
message = "Account was not found";
}
// preset a reason for the login failure
request.setAttribute(AuthenticationHandler.FAILURE_REASON_CODE, code);
ensureAttribute(request, AuthenticationHandler.FAILURE_REASON, message);
doLogin(request, response);
}
} else {
// general problem, send a 500 Internal Server Error
log.error("handleLoginFailure: Unable to authenticate " + user, reason);
try {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "SlingAuthenticator: data access error, reason=" + reason.getClass().getSimpleName());
} catch (IOException ioe) {
log.error("handleLoginFailure: Cannot send status 500 to client", ioe);
}
}
return processRequest;
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
AccountLockedException(javax.security.auth.login.AccountLockedException)
LoginException(org.apache.sling.api.resource.LoginException)
IOException(java.io.IOException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
AuthenticationInfo(org.apache.sling.auth.core.spi.AuthenticationInfo)
Aggregations
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)14
FailedLoginException (javax.security.auth.login.FailedLoginException)11
AccountLockedException (javax.security.auth.login.AccountLockedException)4
PreventedException (org.apereo.cas.authentication.PreventedException)4
AccountDisabledException (org.apereo.cas.authentication.exceptions.AccountDisabledException)4
SimpleCredentials (javax.jcr.SimpleCredentials)3
CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)3
IOException (java.io.IOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
AccountExpiredException (javax.security.auth.login.AccountExpiredException)2
LoginException (javax.security.auth.login.LoginException)2
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)2
AccountPasswordMustChangeException (org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException)2
DataAccessException (org.springframework.dao.DataAccessException)2
IncorrectResultSizeDataAccessException (org.springframework.dao.IncorrectResultSizeDataAccessException)2
RequestContext (org.springframework.webflow.execution.RequestContext)2
ResponseStatus (com.yubico.client.v2.ResponseStatus)1
VerificationResponse (com.yubico.client.v2.VerificationResponse)1
YubicoValidationFailure (com.yubico.client.v2.exceptions.YubicoValidationFailure)1
YubicoVerificationException (com.yubico.client.v2.exceptions.YubicoVerificationException)1
