Examples with BasicSecurityAuthenticationException org.apache.druid.security.basic.BasicSecurityAuthenticationException used on opensource projects

Example 1 with BasicSecurityAuthenticationException

use of org.apache.druid.security.basic.BasicSecurityAuthenticationException in project druid by druid-io.

the class BasicHTTPAuthenticatorTest method testBadPasswordWithSkipOnFailureValidator.

@Test
public void testBadPasswordWithSkipOnFailureValidator() throws IOException, ServletException {
    CredentialsValidator validator = EasyMock.createMock(CredentialsValidator.class);
    BasicHTTPAuthenticator authenticatorWithValidator = new BasicHTTPAuthenticator(CACHE_MANAGER_PROVIDER, "basic", "basic", null, null, false, null, null, true, validator);
    String header = StringUtils.utf8Base64("userA:badpassword");
    header = StringUtils.format("Basic %s", header);
    EasyMock.expect(validator.validateCredentials(EasyMock.eq("basic"), EasyMock.eq("basic"), EasyMock.eq("userA"), EasyMock.aryEq("badpassword".toCharArray()))).andThrow(new BasicSecurityAuthenticationException("User authentication failed.")).times(1);
    EasyMock.replay(validator);
    HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
    EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
    EasyMock.replay(req);
    HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
    resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User authentication failed.");
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(resp);
    // Authentication filter should not move on to the next filter in the chain
    FilterChain filterChain = EasyMock.createMock(FilterChain.class);
    EasyMock.replay(filterChain);
    Filter authenticatorFilter = authenticatorWithValidator.getFilter();
    authenticatorFilter.doFilter(req, resp, filterChain);
    EasyMock.verify(req, resp, validator, filterChain);
}

Example 2 with BasicSecurityAuthenticationException

use of org.apache.druid.security.basic.BasicSecurityAuthenticationException in project druid by druid-io.

the class LDAPCredentialsValidator method validateCredentials.

@Override
public AuthenticationResult validateCredentials(String authenticatorName, String authorizerName, String username, char[] password) {
    SearchResult userResult;
    LdapName userDn;
    Map<String, Object> contextMap = new HashMap<>();
    LdapUserPrincipal principal = this.cache.getOrExpire(username);
    if (principal != null && principal.hasSameCredentials(password)) {
        contextMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, principal.getSearchResult());
        return new AuthenticationResult(username, authorizerName, authenticatorName, contextMap);
    } else {
        ClassLoader currentClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            // Set the context classloader same as the loader of this class so that BasicSecuritySSLSocketFactory
            // class can be found
            Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
            InitialDirContext dirContext = new InitialDirContext(bindProperties(this.ldapConfig));
            try {
                userResult = getLdapUserObject(this.ldapConfig, dirContext, username);
                if (userResult == null) {
                    LOG.debug("User not found: %s", username);
                    return null;
                }
                userDn = new LdapName(userResult.getNameInNamespace());
            } finally {
                try {
                    dirContext.close();
                } catch (Exception ignored) {
                // ignored
                }
            }
        } catch (NamingException e) {
            LOG.error(e, "Exception during user lookup");
            return null;
        } finally {
            Thread.currentThread().setContextClassLoader(currentClassLoader);
        }
        if (!validatePassword(this.ldapConfig, userDn, password)) {
            LOG.debug("Password incorrect for LDAP user %s", username);
            throw new BasicSecurityAuthenticationException("User LDAP authentication failed.");
        }
        byte[] salt = BasicAuthUtils.generateSalt();
        byte[] hash = BasicAuthUtils.hashPassword(password, salt, this.ldapConfig.getCredentialIterations());
        LdapUserPrincipal newPrincipal = new LdapUserPrincipal(username, new BasicAuthenticatorCredentials(salt, hash, this.ldapConfig.getCredentialIterations()), userResult);
        this.cache.put(username, newPrincipal);
        contextMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, userResult);
        return new AuthenticationResult(username, authorizerName, authenticatorName, contextMap);
    }
}

Example 3 with BasicSecurityAuthenticationException

use of org.apache.druid.security.basic.BasicSecurityAuthenticationException in project druid by druid-io.

the class MetadataStoreCredentialsValidator method validateCredentials.

@Override
@Nullable
public AuthenticationResult validateCredentials(String authenticatorName, String authorizerName, String username, char[] password) {
    Map<String, BasicAuthenticatorUser> userMap = cacheManager.get().getUserMap(authenticatorName);
    if (userMap == null) {
        throw new IAE("No userMap is available for authenticator with prefix: [%s]", authenticatorName);
    }
    BasicAuthenticatorUser user = userMap.get(username);
    if (user == null) {
        return null;
    }
    BasicAuthenticatorCredentials credentials = user.getCredentials();
    if (credentials == null) {
        return null;
    }
    byte[] recalculatedHash = BasicAuthUtils.hashPassword(password, credentials.getSalt(), credentials.getIterations());
    if (Arrays.equals(recalculatedHash, credentials.getHash())) {
        return new AuthenticationResult(username, authorizerName, authenticatorName, null);
    } else {
        LOG.debug("Password incorrect for metadata store user %s", username);
        throw new BasicSecurityAuthenticationException("User metadata store authentication failed.");
    }
}