Examples with AuthenticationDiagnostic org.alfresco.repo.security.authentication.AuthenticationDiagnostic used on opensource projects

Example 1 with AuthenticationDiagnostic

use of org.alfresco.repo.security.authentication.AuthenticationDiagnostic in project alfresco-repository by Alfresco.

the class LDAPAuthenticationComponentImpl method authenticateImpl.

/**
 * Implement the authentication method
 */
protected void authenticateImpl(String userName, char[] password) throws AuthenticationException {
    if (logger.isTraceEnabled()) {
        logger.trace("Authentication for user: " + AuthenticationUtil.maskUsername(userName));
    }
    // Distinguished name of user.
    String userDN;
    AuthenticationDiagnostic diagnostic = new AuthenticationDiagnostic();
    if (userNameFormat == null) {
        // If we aren't using a fixed name format, do a search to resolve the user DN
        userDN = ldapNameResolver.resolveDistinguishedName(userName, diagnostic);
        Object[] params = { userName, userDN };
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_LDAP_LOOKEDUP_USER, true, params);
    } else // Otherwise, use the format, but disallow leading or trailing whitespace in the user ID as this can result in
    // ghost users (MNT-2597)
    {
        if (!userName.equals(userName.trim())) {
            throw new AuthenticationException("Invalid user ID with leading or trailing whitespace");
        }
        // we are using a fixed name format,
        userDN = String.format(userNameFormat, new Object[] { escapeUserName(userName, escapeCommasInBind) });
        Object[] params = { userName, userDN, userNameFormat };
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_LDAP_FORMAT_USER, true, params);
    }
    InitialDirContext ctx = null;
    try {
        ctx = ldapInitialContextFactory.getInitialDirContext(userDN, new String(password), diagnostic);
        // Authentication has been successful.
        // Set the current user, they are now authenticated.
        setCurrentUser(escapeUserName(userName, escapeCommasInUid));
    } finally {
        if (ctx != null) {
            try {
                ctx.close();
            } catch (NamingException e) {
                clearCurrentSecurityContext();
                throw new AuthenticationException("Failed to close connection", e);
            }
        }
    }
}

Example 2 with AuthenticationDiagnostic

use of org.alfresco.repo.security.authentication.AuthenticationDiagnostic in project alfresco-repository by Alfresco.

the class LDAPInitialDirContextFactoryImpl method buildInitialDirContext.

private InitialDirContext buildInitialDirContext(Hashtable<String, String> env, int pageSize, AuthenticationDiagnostic diagnostic) throws AuthenticationException {
    String securityPrincipal = env.get(Context.SECURITY_PRINCIPAL);
    String providerURL = env.get(Context.PROVIDER_URL);
    if (isSSLSocketFactoryRequired()) {
        KeyStore trustStore = initTrustStore();
        AlfrescoSSLSocketFactory.initTrustedSSLSocketFactory(trustStore);
        env.put("java.naming.ldap.factory.socket", AlfrescoSSLSocketFactory.class.getName());
    }
    if (diagnostic == null) {
        diagnostic = new AuthenticationDiagnostic();
    }
    try {
        // If a page size has been requested, use LDAP v3 paging
        if (pageSize > 0) {
            InitialLdapContext ctx = new InitialLdapContext(env, null);
            ctx.setRequestControls(new Control[] { new PagedResultsControl(pageSize, Control.CRITICAL) });
            return ctx;
        } else {
            InitialDirContext ret = new InitialDirContext(env);
            Object[] args = { providerURL, securityPrincipal };
            diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_LDAP_CONNECTED, true, args);
            return ret;
        }
    } catch (javax.naming.AuthenticationException ax) {
        Object[] args1 = { securityPrincipal };
        Object[] args = { providerURL, securityPrincipal };
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_LDAP_CONNECTED, true, args);
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_LDAP_AUTHENTICATION, false, args1);
        // wrong user/password - if we get this far the connection is O.K
        Object[] args2 = { securityPrincipal, ax.getLocalizedMessage() };
        throw new AuthenticationException("authentication.err.authentication", diagnostic, args2, ax);
    } catch (CommunicationException ce) {
        Object[] args1 = { providerURL };
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_LDAP_CONNECTING, false, args1);
        StringBuffer message = new StringBuffer();
        message.append(ce.getClass().getName() + ", " + ce.getMessage());
        Throwable cause = ce.getCause();
        while (cause != null) {
            message.append(", ");
            message.append(cause.getClass().getName() + ", " + cause.getMessage());
            cause = cause.getCause();
        }
        // failed to connect
        Object[] args = { providerURL, message.toString() };
        throw new AuthenticationException("authentication.err.communication", diagnostic, args, cause);
    } catch (NamingException nx) {
        Object[] args = { providerURL };
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_LDAP_CONNECTING, false, args);
        StringBuffer message = new StringBuffer();
        message.append(nx.getClass().getName() + ", " + nx.getMessage());
        Throwable cause = nx.getCause();
        while (cause != null) {
            message.append(", ");
            message.append(cause.getClass().getName() + ", " + cause.getMessage());
            cause = cause.getCause();
        }
        // failed to connect
        Object[] args1 = { providerURL, message.toString() };
        throw new AuthenticationException("authentication.err.connection", diagnostic, args1, nx);
    } catch (IOException e) {
        Object[] args = { providerURL, securityPrincipal };
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_LDAP_CONNECTED, true, args);
        throw new AuthenticationException("Unable to encode LDAP v3 request controls", e);
    }
}

Example 3 with AuthenticationDiagnostic

use of org.alfresco.repo.security.authentication.AuthenticationDiagnostic in project alfresco-repository by Alfresco.

the class LDAPInitialDirContextFactoryImpl method getInitialDirContext.

public InitialDirContext getInitialDirContext(String principal, String credentials, AuthenticationDiagnostic diagnostic) throws AuthenticationException {
    if (diagnostic == null) {
        diagnostic = new AuthenticationDiagnostic();
    }
    if (principal == null) {
        // failed before we tried to do anything
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_VALIDATION, false, null);
        throw new AuthenticationException("Null user name provided.", diagnostic);
    }
    if (principal.length() == 0) {
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_VALIDATION, false, null);
        throw new AuthenticationException("Empty user name provided.", diagnostic);
    }
    if (credentials == null) {
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_VALIDATION, false, null);
        throw new AuthenticationException("No credentials provided.", diagnostic);
    }
    if (credentials.length() == 0) {
        diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_VALIDATION, false, null);
        throw new AuthenticationException("Empty credentials provided.", diagnostic);
    }
    diagnostic.addStep(AuthenticationDiagnostic.STEP_KEY_VALIDATION, true, null);
    Hashtable<String, String> env = new Hashtable<String, String>(authenticatedEnvironment.size());
    env.putAll(authenticatedEnvironment);
    env.put(Context.SECURITY_PRINCIPAL, principal);
    env.put(Context.SECURITY_CREDENTIALS, credentials);
    return buildInitialDirContext(env, 0, diagnostic);
}