Example 11 with AuthenticationResult
use of org.apache.archiva.redback.authentication.AuthenticationResult in project archiva by apache.
the class SecuritySystemStub method authenticate.
@Override
public SecuritySession authenticate(AuthenticationDataSource source) throws AuthenticationException, UserNotFoundException, AccountLockedException {
AuthenticationResult result = null;
SecuritySession session = null;
if (users.get(source.getUsername()) != null) {
result = new AuthenticationResult(true, source.getUsername(), null);
User user = new JpaUser();
user.setUsername(source.getUsername());
user.setPassword(users.get(source.getUsername()));
session = new DefaultSecuritySession(result, user);
} else {
result = new AuthenticationResult(false, source.getUsername(), null);
session = new DefaultSecuritySession(result);
}
return session;
}
Also used :
User(org.apache.archiva.redback.users.User)
JpaUser(org.apache.archiva.redback.users.jpa.model.JpaUser)
SecuritySession(org.apache.archiva.redback.system.SecuritySession)
DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession)
JpaUser(org.apache.archiva.redback.users.jpa.model.JpaUser)
DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession)
AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)
Example 12 with AuthenticationResult
use of org.apache.archiva.redback.authentication.AuthenticationResult in project archiva by apache.
the class ArchivaDavResourceFactory method isAuthorized.
protected boolean isAuthorized(DavServletRequest request, String repositoryId) throws DavException {
try {
AuthenticationResult result = httpAuth.getAuthenticationResult(request, null);
SecuritySession securitySession = httpAuth.getSecuritySession(request.getSession(true));
return //
servletAuth.isAuthenticated(request, result) && //
servletAuth.isAuthorized(//
request, //
securitySession, //
repositoryId, WebdavMethodUtil.getMethodPermission(request.getMethod()));
} catch (AuthenticationException e) {
// safety check for MRM-911
String guest = UserManager.GUEST_USERNAME;
try {
if (servletAuth.isAuthorized(guest, ((ArchivaDavResourceLocator) request.getRequestLocator()).getRepositoryId(), WebdavMethodUtil.getMethodPermission(request.getMethod()))) {
return true;
}
} catch (UnauthorizedException ae) {
throw new UnauthorizedDavException(repositoryId, "You are not authenticated and authorized to access any repository.");
}
throw new UnauthorizedDavException(repositoryId, "You are not authenticated");
} catch (MustChangePasswordException e) {
throw new UnauthorizedDavException(repositoryId, "You must change your password.");
} catch (AccountLockedException e) {
throw new UnauthorizedDavException(repositoryId, "User account is locked.");
} catch (AuthorizationException e) {
throw new DavException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Fatal Authorization Subsystem Error.");
} catch (UnauthorizedException e) {
throw new UnauthorizedDavException(repositoryId, e.getMessage());
}
}
Also used :
MustChangePasswordException(org.apache.archiva.redback.policy.MustChangePasswordException)
AccountLockedException(org.apache.archiva.redback.policy.AccountLockedException)
AuthenticationException(org.apache.archiva.redback.authentication.AuthenticationException)
AuthorizationException(org.apache.archiva.redback.authorization.AuthorizationException)
DavException(org.apache.jackrabbit.webdav.DavException)
SecuritySession(org.apache.archiva.redback.system.SecuritySession)
UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException)
AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)
Example 13 with AuthenticationResult
use of org.apache.archiva.redback.authentication.AuthenticationResult in project archiva by apache.
the class ArchivaDavSessionProvider method attachSession.
@Override
public boolean attachSession(WebdavRequest request) throws DavException {
final String repositoryId = RepositoryPathUtil.getRepositoryName(removeContextPath(request));
try {
AuthenticationResult result = httpAuth.getAuthenticationResult(request, null);
// Create a dav session
request.setDavSession(new ArchivaDavSession());
return servletAuth.isAuthenticated(request, result);
} catch (AuthenticationException e) {
// safety check for MRM-911
String guest = UserManager.GUEST_USERNAME;
try {
if (servletAuth.isAuthorized(guest, ((ArchivaDavResourceLocator) request.getRequestLocator()).getRepositoryId(), WebdavMethodUtil.getMethodPermission(request.getMethod()))) {
request.setDavSession(new ArchivaDavSession());
return true;
}
} catch (UnauthorizedException ae) {
throw new UnauthorizedDavException(repositoryId, "You are not authenticated and authorized to access any repository.");
}
throw new UnauthorizedDavException(repositoryId, "You are not authenticated.");
} catch (MustChangePasswordException e) {
throw new UnauthorizedDavException(repositoryId, "You must change your password.");
} catch (AccountLockedException e) {
throw new UnauthorizedDavException(repositoryId, "User account is locked.");
}
}
Also used :
MustChangePasswordException(org.apache.archiva.redback.policy.MustChangePasswordException)
AccountLockedException(org.apache.archiva.redback.policy.AccountLockedException)
AuthenticationException(org.apache.archiva.redback.authentication.AuthenticationException)
UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException)
AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)
Example 14 with AuthenticationResult
use of org.apache.archiva.redback.authentication.AuthenticationResult in project archiva by apache.
the class ArchivaUserManagerAuthenticator method authenticate.
@Override
public AuthenticationResult authenticate(AuthenticationDataSource ds) throws AuthenticationException, AccountLockedException, MustChangePasswordException {
boolean authenticationSuccess = false;
String username = null;
Exception resultException = null;
PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
List<AuthenticationFailureCause> authnResultErrors = new ArrayList<>();
for (UserManager userManager : userManagers) {
try {
log.debug("Authenticate: {} with userManager: {}", source, userManager.getId());
User user = userManager.findUser(source.getUsername());
username = user.getUsername();
if (user.isLocked()) {
// throw new AccountLockedException( "Account " + source.getUsername() + " is locked.", user );
AccountLockedException e = new AccountLockedException("Account " + source.getUsername() + " is locked.", user);
log.warn("{}", e.getMessage());
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_LOCKED_USER_EXCEPTION, e.getMessage()));
}
if (user.isPasswordChangeRequired() && source.isEnforcePasswordChange()) {
// throw new MustChangePasswordException( "Password expired.", user );
MustChangePasswordException e = new MustChangePasswordException("Password expired.", user);
log.warn("{}", e.getMessage());
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION, e.getMessage()));
}
PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
log.debug("PasswordEncoder: {}", encoder.getClass().getName());
boolean isPasswordValid = encoder.isPasswordValid(user.getEncodedPassword(), source.getPassword());
if (isPasswordValid) {
log.debug("User {} provided a valid password", source.getUsername());
try {
securityPolicy.extensionPasswordExpiration(user);
authenticationSuccess = true;
// REDBACK-151 do not make unnessesary updates to the user object
if (user.getCountFailedLoginAttempts() > 0) {
user.setCountFailedLoginAttempts(0);
if (!userManager.isReadOnly()) {
userManager.updateUser(user);
}
}
return new AuthenticationResult(true, source.getUsername(), null);
} catch (MustChangePasswordException e) {
user.setPasswordChangeRequired(true);
// throw e;
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION, e.getMessage()).user(user));
}
} else {
log.warn("Password is Invalid for user {} and userManager '{}'.", source.getUsername(), userManager.getId());
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_NO_SUCH_USER, "Password is Invalid for user " + source.getUsername() + ".").user(user));
try {
securityPolicy.extensionExcessiveLoginAttempts(user);
} finally {
if (!userManager.isReadOnly()) {
userManager.updateUser(user);
}
}
// return new AuthenticationResult( false, source.getUsername(), null, authnResultExceptionsMap );
}
} catch (UserNotFoundException e) {
log.warn("Login for user {} and userManager {} failed. user not found.", source.getUsername(), userManager.getId());
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_NO_SUCH_USER, "Login for user " + source.getUsername() + " failed. user not found."));
} catch (Exception e) {
log.warn("Login for user {} and userManager {} failed, message: {}", source.getUsername(), userManager.getId(), e.getMessage());
e.printStackTrace();
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION, "Login for user " + source.getUsername() + " failed, message: " + e.getMessage()));
}
}
return new AuthenticationResult(authenticationSuccess, username, resultException, authnResultErrors);
}
Also used :
UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException)
AccountLockedException(org.apache.archiva.redback.policy.AccountLockedException)
User(org.apache.archiva.redback.users.User)
PasswordEncoder(org.apache.archiva.redback.policy.PasswordEncoder)
ArrayList(java.util.ArrayList)
RepositoryAdminException(org.apache.archiva.admin.model.RepositoryAdminException)
AuthenticationException(org.apache.archiva.redback.authentication.AuthenticationException)
UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException)
AccountLockedException(org.apache.archiva.redback.policy.AccountLockedException)
MustChangePasswordException(org.apache.archiva.redback.policy.MustChangePasswordException)
AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)
MustChangePasswordException(org.apache.archiva.redback.policy.MustChangePasswordException)
AuthenticationFailureCause(org.apache.archiva.redback.authentication.AuthenticationFailureCause)
UserManager(org.apache.archiva.redback.users.UserManager)
PasswordBasedAuthenticationDataSource(org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource)
Example 15 with AuthenticationResult
use of org.apache.archiva.redback.authentication.AuthenticationResult in project archiva by apache.
the class ArchivaServletAuthenticatorTest method testIsAuthenticatedUserExists.
@Test
public void testIsAuthenticatedUserExists() throws Exception {
AuthenticationResult result = new AuthenticationResult(true, "user", null);
boolean isAuthenticated = servletAuth.isAuthenticated(request, result);
assertTrue(isAuthenticated);
}
Also used :
AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)
Test(org.junit.Test)
Aggregations
AuthenticationResult (org.apache.archiva.redback.authentication.AuthenticationResult)22
SecuritySession (org.apache.archiva.redback.system.SecuritySession)15
DefaultSecuritySession (org.apache.archiva.redback.system.DefaultSecuritySession)14
Test (org.junit.Test)14
User (org.apache.archiva.redback.users.User)10
UnauthorizedException (org.apache.archiva.redback.authorization.UnauthorizedException)9
HttpServletRequest (javax.servlet.http.HttpServletRequest)8
HttpServletResponse (javax.servlet.http.HttpServletResponse)8
AuthenticationException (org.apache.archiva.redback.authentication.AuthenticationException)8
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)8
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)8
Path (java.nio.file.Path)5
UserManager (org.apache.archiva.redback.users.UserManager)5
InputStream (java.io.InputStream)4
HttpSession (javax.servlet.http.HttpSession)4
AuthorizationException (org.apache.archiva.redback.authorization.AuthorizationException)4
UserNotFoundException (org.apache.archiva.redback.users.UserNotFoundException)4
SimpleUser (org.apache.archiva.redback.users.memory.SimpleUser)4
AccountLockedException (org.apache.archiva.redback.policy.AccountLockedException)3
MustChangePasswordException (org.apache.archiva.redback.policy.MustChangePasswordException)3
