use of net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken in project alfresco-repository by Alfresco.
the class AuthenticationComponentImpl method authenticateImpl.
/**
* Authenticate
*/
@Override
protected void authenticateImpl(final String userNameIn, final char[] password) throws AuthenticationException {
if (logger.isTraceEnabled()) {
logger.trace("Authentication for user: " + AuthenticationUtil.maskUsername(userNameIn));
}
try {
Pair<String, String> userTenant = AuthenticationUtil.getUserTenant(userNameIn);
final String userName = userTenant.getFirst();
final String tenantDomain = userTenant.getSecond();
String normalized = getTransactionService().getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<String>() {
public String execute() throws Throwable {
return TenantUtil.runAsSystemTenant(new TenantRunAsWork<String>() {
public String doWork() throws Exception {
String normalized = getPersonService().getUserIdentifier(userName);
String finalUserName = normalized == null ? userName : normalized;
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(finalUserName, new String(password));
authenticationManager.authenticate(authentication);
// check whether the user's password requires re-hashing
UserDetails userDetails = authenticationDao.loadUserByUsername(finalUserName);
if (userDetails instanceof RepositoryAuthenticatedUser) {
List<String> hashIndicator = ((RepositoryAuthenticatedUser) userDetails).getHashIndicator();
if (hashIndicator != null && !hashIndicator.isEmpty()) {
// current encoding is not the preferred encoding then re-generate
if (hashIndicator.size() > 1 || !passwordEncoder.lastEncodingIsPreferred(hashIndicator)) {
// add transaction listener to re-hash the users password
HashPasswordTransactionListener txListener = new HashPasswordTransactionListener(userName, password);
txListener.setTransactionService(getTransactionService());
txListener.setAuthenticationDao(authenticationDao);
AlfrescoTransactionSupport.bindListener(txListener);
if (logger.isDebugEnabled()) {
logger.debug("New hashed password for user '" + AuthenticationUtil.maskUsername(userName) + "' has been requested");
}
}
}
}
return normalized;
}
}, tenantDomain);
}
}, true);
if (normalized == null) {
setCurrentUser(userName, UserNameValidationMode.CHECK_AND_FIX);
} else {
setCurrentUser(normalized, UserNameValidationMode.NONE);
}
TenantContextHolder.setTenantDomain(tenantDomain);
} catch (TenantDisabledException tde) {
throw new AuthenticationException(tde.getMessage(), tde);
} catch (net.sf.acegisecurity.AuthenticationException ae) {
// This is a bit gross, I admit, but when LDAP is
// configured ae, above, is non-serializable and breaks
// remote authentication.
StringWriter sw = new StringWriter();
PrintWriter out = new PrintWriter(sw);
out.println(ae.toString());
ae.printStackTrace(out);
out.close();
throw new AuthenticationException(sw.toString());
}
}
use of net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken in project alfresco-repository by Alfresco.
the class AuthenticationTest method testTicket.
public void testTicket() {
dao.createUser("Andy", "ticket".toCharArray());
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Andy", "ticket");
token.setAuthenticated(false);
Authentication result = authenticationManager.authenticate(token);
result.setAuthenticated(true);
String ticket = ticketComponent.getNewTicket(getUserName(result));
String user = ticketComponent.validateTicket(ticket);
assertEquals(ticketComponent.getCurrentTicket("Andy", true), ticket);
user = null;
try {
user = ticketComponent.validateTicket("INVALID");
assertNotNull(null);
} catch (AuthenticationException e) {
assertNull(user);
}
ticketComponent.invalidateTicketById(ticket);
try {
user = ticketComponent.validateTicket(ticket);
assertEquals(ticketComponent.getCurrentTicket("Andy", true), ticket);
assertNotNull(null);
} catch (AuthenticationException e) {
}
dao.deleteUser("Andy");
// assertNull(dao.getUserOrNull("Andy"));
}
use of net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken in project alfresco-repository by Alfresco.
the class AuthenticationTest method testAuthenticationFailure.
public void testAuthenticationFailure() {
dao.createUser("Andy", "squash".toCharArray());
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Andy", "turnip");
token.setAuthenticated(false);
try {
Authentication result = authenticationManager.authenticate(token);
assertNotNull(result);
assertNotNull(null);
} catch (BadCredentialsException e) {
// Expected
}
dao.deleteUser("Andy");
// assertNull(dao.getUserOrNull("Andy"));
}
use of net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken in project alfresco-repository by Alfresco.
the class AuthenticationTest method testAuthentication.
public void testAuthentication() {
dao.createUser("GUEST", DONT_CARE_PASSWORD);
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("GUEST", new String(DONT_CARE_PASSWORD));
token.setAuthenticated(false);
Authentication result = authenticationManager.authenticate(token);
assertNotNull(result);
dao.createUser("Andy", "squash".toCharArray());
token = new UsernamePasswordAuthenticationToken("Andy", "squash");
token.setAuthenticated(false);
result = authenticationManager.authenticate(token);
assertNotNull(result);
dao.setEnabled("Andy", false);
try {
result = authenticationManager.authenticate(token);
assertNotNull(result);
assertNotNull(null);
} catch (DisabledException e) {
// Expected
}
dao.setEnabled("Andy", true);
result = authenticationManager.authenticate(token);
assertNotNull(result);
dao.setLocked("Andy", true);
try {
result = authenticationManager.authenticate(token);
assertNotNull(result);
assertNotNull(null);
} catch (LockedException e) {
// Expected
}
dao.setLocked("Andy", false);
result = authenticationManager.authenticate(token);
assertNotNull(result);
dao.setAccountExpires("Andy", true);
dao.setCredentialsExpire("Andy", true);
result = authenticationManager.authenticate(token);
assertNotNull(result);
dao.setAccountExpiryDate("Andy", null);
dao.setCredentialsExpiryDate("Andy", null);
result = authenticationManager.authenticate(token);
assertNotNull(result);
dao.setAccountExpiryDate("Andy", new Date(new Date().getTime() + 10000));
dao.setCredentialsExpiryDate("Andy", new Date(new Date().getTime() + 10000));
result = authenticationManager.authenticate(token);
assertNotNull(result);
dao.setAccountExpiryDate("Andy", new Date(new Date().getTime() - 10000));
try {
result = authenticationManager.authenticate(token);
assertNotNull(result);
assertNotNull(null);
} catch (AccountExpiredException e) {
// Expected
}
dao.setAccountExpiryDate("Andy", new Date(new Date().getTime() + 10000));
result = authenticationManager.authenticate(token);
assertNotNull(result);
dao.setCredentialsExpiryDate("Andy", new Date(new Date().getTime() - 10000));
try {
result = authenticationManager.authenticate(token);
assertNotNull(result);
assertNotNull(null);
} catch (CredentialsExpiredException e) {
// Expected
}
dao.setCredentialsExpiryDate("Andy", new Date(new Date().getTime() + 10000));
result = authenticationManager.authenticate(token);
assertNotNull(result);
dao.deleteUser("Andy");
// assertNull(dao.getUserOrNull("Andy"));
}
use of net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken in project alfresco-repository by Alfresco.
the class AuthenticationTest method testTicketRepeat.
public void testTicketRepeat() {
InMemoryTicketComponentImpl tc = new InMemoryTicketComponentImpl();
tc.setOneOff(false);
tc.setTicketsExpire(false);
tc.setValidDuration("P0D");
tc.setTicketsCache(ticketsCache);
tc.setUsernameToTicketIdCache(usernameToTicketIdCache);
dao.createUser("Andy", "ticket".toCharArray());
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Andy", "ticket");
token.setAuthenticated(false);
Authentication result = authenticationManager.authenticate(token);
result.setAuthenticated(true);
String ticket = tc.getNewTicket(getUserName(result));
tc.validateTicket(ticket);
assertEquals(ticketComponent.getCurrentTicket("Andy", true), ticket);
tc.validateTicket(ticket);
assertEquals(ticketComponent.getCurrentTicket("Andy", true), ticket);
dao.deleteUser("Andy");
// assertNull(dao.getUserOrNull("Andy"));
}
Aggregations