Search in sources :

Example 21 with AuthenticationException

use of org.alfresco.repo.security.authentication.AuthenticationException in project alfresco-remote-api by Alfresco.

the class ChangePasswordPost method executeImpl.

/* (non-Javadoc)
     * @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.Status)
     */
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status) {
    // Extract user name from the URL - cannot be null or webscript desc would not match
    String userName = req.getExtensionPath();
    // Extract old and new password details from JSON POST
    Content c = req.getContent();
    if (c == null) {
        throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, "Missing POST body.");
    }
    JSONObject json;
    try {
        json = new JSONObject(c.getContent());
        String oldPassword = null;
        String newPassword;
        // admin users can change/set a password without knowing the old one
        boolean isAdmin = authorityService.hasAdminAuthority();
        if (!isAdmin || (userName.equalsIgnoreCase(authenticationService.getCurrentUserName()))) {
            if (!json.has(PARAM_OLDPW) || json.getString(PARAM_OLDPW).length() == 0) {
                throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Old password 'oldpw' is a required POST parameter.");
            }
            oldPassword = json.getString(PARAM_OLDPW);
        }
        if (!json.has(PARAM_NEWPW) || json.getString(PARAM_NEWPW).length() == 0) {
            throw new WebScriptException(Status.STATUS_BAD_REQUEST, "New password 'newpw' is a required POST parameter.");
        }
        newPassword = json.getString(PARAM_NEWPW);
        // an Admin user can update without knowing the original pass - but must know their own!
        if (!isAdmin || (userName.equalsIgnoreCase(authenticationService.getCurrentUserName()))) {
            authenticationService.updateAuthentication(userName, oldPassword.toCharArray(), newPassword.toCharArray());
        } else {
            authenticationService.setAuthentication(userName, newPassword.toCharArray());
        }
    } catch (AuthenticationException err) {
        throw new WebScriptException(Status.STATUS_UNAUTHORIZED, "Do not have appropriate auth or wrong auth details provided.");
    } catch (JSONException jErr) {
        throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, "Unable to parse JSON POST body: " + jErr.getMessage());
    } catch (IOException ioErr) {
        throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, "Unable to retrieve POST body: " + ioErr.getMessage());
    }
    Map<String, Object> model = new HashMap<String, Object>(1, 1.0f);
    model.put("success", Boolean.TRUE);
    return model;
}
Also used : WebScriptException(org.springframework.extensions.webscripts.WebScriptException) JSONObject(org.json.JSONObject) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) HashMap(java.util.HashMap) Content(org.springframework.extensions.surf.util.Content) JSONException(org.json.JSONException) JSONObject(org.json.JSONObject) IOException(java.io.IOException)

Example 22 with AuthenticationException

use of org.alfresco.repo.security.authentication.AuthenticationException in project alfresco-remote-api by Alfresco.

the class BaseAuthenticationFilter method handleLoginForm.

/**
 * Handles the login form directly, allowing management of the session user.
 *
 * @param req
 *            the request
 * @param res
 *            the response
 * @throws IOException
 *             Signals that an I/O exception has occurred.
 * @throws ServletException
 *             on error
 */
protected boolean handleLoginForm(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
    if (getLogger().isDebugEnabled())
        getLogger().debug("Handling the login form.");
    // Invalidate current session
    HttpSession session = req.getSession(false);
    if (session != null) {
        session.invalidate();
    }
    StringBuilder out = new StringBuilder(1024);
    Reader in = req.getReader();
    char[] buff = new char[1024];
    int charsRead;
    while ((charsRead = in.read(buff)) != -1) {
        out.append(buff, 0, charsRead);
    }
    in.close();
    try {
        JSONObject json = new JSONObject(out.toString());
        String username = json.getString("username");
        String password = json.getString("password");
        if (username == null || username.length() == 0) {
            if (getLogger().isDebugEnabled())
                getLogger().debug("Username not specified in the login form.");
            res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Username not specified");
            return false;
        }
        if (password == null) {
            if (getLogger().isDebugEnabled())
                getLogger().debug("Password not specified in the login form.");
            res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Password not specified");
            return false;
        }
        authenticationService.authenticate(username, password.toCharArray());
        session = req.getSession();
        createUserEnvironment(session, username, authenticationService.getCurrentTicket(), false);
        res.setStatus(HttpServletResponse.SC_NO_CONTENT);
        return true;
    } catch (AuthenticationException e) {
        if (getLogger().isDebugEnabled())
            getLogger().debug("Login failed", e);
        res.sendError(HttpServletResponse.SC_FORBIDDEN, "Login failed");
    } catch (JSONException jErr) {
        if (getLogger().isDebugEnabled())
            getLogger().debug("Unable to parse JSON POST body", jErr);
        res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Unable to parse JSON POST body: " + jErr.getMessage());
    }
    return false;
}
Also used : JSONObject(org.json.JSONObject) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) HttpSession(javax.servlet.http.HttpSession) Reader(java.io.Reader) JSONException(org.json.JSONException)

Example 23 with AuthenticationException

use of org.alfresco.repo.security.authentication.AuthenticationException in project alfresco-remote-api by Alfresco.

the class BaseKerberosAuthenticationFilter method doKerberosLogon.

/**
 * Perform a Kerberos login and return an SPNEGO response
 *
 * @param negToken NegTokenInit
 * @param req HttpServletRequest
 * @param resp HttpServletResponse
 * @param httpSess HttpSession
 * @return NegTokenTarg
 */
private final NegTokenTarg doKerberosLogon(NegTokenInit negToken, HttpServletRequest req, HttpServletResponse resp, HttpSession httpSess) {
    // Authenticate the user
    KerberosDetails krbDetails = null;
    String userName = null;
    NegTokenTarg negTokenTarg = null;
    try {
        // Run the session setup as a privileged action
        SessionSetupPrivilegedAction sessSetupAction = new SessionSetupPrivilegedAction(m_accountName, negToken.getMechtoken());
        Object result = Subject.doAs(m_loginContext.getSubject(), sessSetupAction);
        if (result != null) {
            // Access the Kerberos response
            krbDetails = (KerberosDetails) result;
            userName = m_stripKerberosUsernameSuffix ? krbDetails.getUserName() : krbDetails.getSourceName();
            // Create the NegTokenTarg response blob
            negTokenTarg = new NegTokenTarg(SPNEGO.AcceptCompleted, OID.KERBEROS5, krbDetails.getResponseToken());
            if (negTokenTarg != null) {
                // Create and store the user authentication context
                SessionUser user = createUserEnvironment(httpSess, userName);
                if (getLogger().isDebugEnabled())
                    getLogger().debug("User " + user.getUserName() + " logged on via Kerberos");
            }
        } else {
            if (getLogger().isDebugEnabled())
                getLogger().debug("No SPNEGO response, Kerberos logon failed");
        }
    } catch (AuthenticationException ex) {
        // Pass on validation failures
        if (getLogger().isDebugEnabled())
            getLogger().debug("Failed to validate user " + userName, ex);
        throw ex;
    } catch (Exception ex) {
        if (getLogger().isDebugEnabled())
            getLogger().debug("Kerberos logon error", ex);
    }
    return negTokenTarg;
}
Also used : KerberosDetails(org.alfresco.jlan.server.auth.kerberos.KerberosDetails) SessionUser(org.alfresco.repo.SessionUser) NegTokenTarg(org.alfresco.jlan.server.auth.spnego.NegTokenTarg) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) SessionSetupPrivilegedAction(org.alfresco.jlan.server.auth.kerberos.SessionSetupPrivilegedAction) LoginException(javax.security.auth.login.LoginException) ServletException(javax.servlet.ServletException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException)

Example 24 with AuthenticationException

use of org.alfresco.repo.security.authentication.AuthenticationException in project alfresco-remote-api by Alfresco.

the class BaseSSOAuthenticationFilter method checkForTicketParameter.

/**
 * Check if the request has specified a ticket parameter to bypass the standard authentication.
 *
 * @param servletContext
 *            the servlet context
 * @param req
 *            the request
 * @param resp
 *            the response
 * @return boolean
 */
protected boolean checkForTicketParameter(ServletContext servletContext, HttpServletRequest req, HttpServletResponse resp) {
    // Check if the request includes an authentication ticket
    boolean ticketValid = false;
    String ticket = req.getParameter(ARG_TICKET);
    if (ticket != null && ticket.length() != 0) {
        if (getLogger().isDebugEnabled())
            getLogger().debug("Logon via ticket from " + req.getRemoteHost() + " (" + req.getRemoteAddr() + ":" + req.getRemotePort() + ")" + " ticket=" + ticket);
        UserTransaction tx = null;
        try {
            // Get a cached user with a valid ticket
            SessionUser user = getSessionUser(servletContext, req, resp, true);
            // If this isn't the same ticket, invalidate the session
            if (user != null && !ticket.equals(user.getTicket())) {
                if (getLogger().isDebugEnabled())
                    getLogger().debug("The ticket doesn't match, invalidate the session.");
                invalidateSession(req);
                user = null;
            }
            // If we don't yet have a valid cached user, validate the ticket and create one
            if (user == null) {
                if (getLogger().isDebugEnabled())
                    getLogger().debug("There is no valid cached user, validate the ticket and create one.");
                authenticationService.validate(ticket);
                user = createUserEnvironment(req.getSession(), authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(), true);
            }
            // Indicate the ticket parameter was specified, and valid
            ticketValid = true;
        } catch (AuthenticationException authErr) {
            if (getLogger().isDebugEnabled())
                getLogger().debug("Failed to authenticate user ticket: " + authErr.getMessage(), authErr);
        } catch (Throwable e) {
            if (getLogger().isDebugEnabled())
                getLogger().debug("Error during ticket validation and user creation: " + e.getMessage(), e);
        } finally {
            try {
                if (tx != null) {
                    tx.rollback();
                }
            } catch (Exception tex) {
            }
        }
    }
    return ticketValid;
}
Also used : UserTransaction(javax.transaction.UserTransaction) SessionUser(org.alfresco.repo.SessionUser) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) ServletException(javax.servlet.ServletException) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) IOException(java.io.IOException) AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException) UnknownHostException(java.net.UnknownHostException)

Example 25 with AuthenticationException

use of org.alfresco.repo.security.authentication.AuthenticationException in project alfresco-remote-api by Alfresco.

the class AuthenticationsImpl method createTicket.

@Override
public LoginTicketResponse createTicket(LoginTicket loginRequest, Parameters parameters) {
    validateLoginRequest(loginRequest);
    try {
        // get ticket
        authenticationService.authenticate(loginRequest.getUserId(), loginRequest.getPassword().toCharArray());
        LoginTicketResponse response = new LoginTicketResponse();
        response.setUserId(loginRequest.getUserId());
        response.setId(authenticationService.getCurrentTicket());
        return response;
    } catch (AuthenticationException e) {
        throw new PermissionDeniedException("Login failed");
    } finally {
        AuthenticationUtil.clearCurrentSecurityContext();
    }
}
Also used : LoginTicketResponse(org.alfresco.rest.api.model.LoginTicketResponse) AuthenticationException(org.alfresco.repo.security.authentication.AuthenticationException) PermissionDeniedException(org.alfresco.rest.framework.core.exceptions.PermissionDeniedException)

Aggregations

AuthenticationException (org.alfresco.repo.security.authentication.AuthenticationException)29 SessionUser (org.alfresco.repo.SessionUser)15 HttpSession (javax.servlet.http.HttpSession)9 IOException (java.io.IOException)8 User (org.alfresco.web.bean.repository.User)8 HashMap (java.util.HashMap)5 AuthenticationService (org.alfresco.service.cmr.security.AuthenticationService)5 WebApplicationContext (org.springframework.web.context.WebApplicationContext)5 AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)4 NodeRef (org.alfresco.service.cmr.repository.NodeRef)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 RetryingTransactionHelper (org.alfresco.repo.transaction.RetryingTransactionHelper)3 TicketCredentials (org.alfresco.repo.web.auth.TicketCredentials)3 Serializable (java.io.Serializable)2 UnknownHostException (java.net.UnknownHostException)2 Matcher (java.util.regex.Matcher)2 FacesContext (javax.faces.context.FacesContext)2 PortletException (javax.portlet.PortletException)2 PortletSession (javax.portlet.PortletSession)2