Examples with AuthenticationFailedException org.apache.geode.security.AuthenticationFailedException used on opensource projects

Search in sources :

Example 16 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class UserPasswordAuthInit method getCredentials.

@Override
public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
    String userName = securityProperties.getProperty(USER_NAME);
    if (userName == null) {
        throw new AuthenticationFailedException("UserPasswordAuthInit: user name property [" + USER_NAME + "] not set.");
    }
    String password = securityProperties.getProperty(PASSWORD);
    if (password == null) {
        password = "";
    }
    Properties securityPropertiesCopy = new Properties();
    securityPropertiesCopy.setProperty(USER_NAME, userName);
    securityPropertiesCopy.setProperty(PASSWORD, password);
    return securityPropertiesCopy;
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) Properties(java.util.Properties)

Example 17 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class IntegratedSecurityService method login.

/**
   * @return null if security is not enabled, otherwise return a shiro subject
   */
public Subject login(Properties credentials) {
    if (!isIntegratedSecurity()) {
        return null;
    }
    if (credentials == null)
        return null;
    // this makes sure it starts with a clean user object
    ThreadContext.remove();
    Subject currentUser = SecurityUtils.getSubject();
    GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials);
    try {
        logger.debug("Logging in " + token.getPrincipal());
        currentUser.login(token);
    } catch (ShiroException e) {
        logger.info(e.getMessage(), e);
        throw new AuthenticationFailedException("Authentication error. Please check your credentials.", e);
    }
    return currentUser;
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) GeodeAuthenticationToken(org.apache.geode.internal.security.shiro.GeodeAuthenticationToken) Subject(org.apache.shiro.subject.Subject) ShiroException(org.apache.shiro.ShiroException)

Example 18 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class JMXShiroAuthenticator method authenticate.

@Override
public Subject authenticate(Object credentials) {
    String username = null;
    Properties credProps = new Properties();
    if (credentials instanceof Properties) {
        credProps = (Properties) credentials;
        username = credProps.getProperty(ResourceConstants.USER_NAME);
    } else if (credentials instanceof String[]) {
        final String[] aCredentials = (String[]) credentials;
        username = aCredentials[0];
        credProps.setProperty(ResourceConstants.USER_NAME, aCredentials[0]);
        credProps.setProperty(ResourceConstants.PASSWORD, aCredentials[1]);
    } else {
        throw new AuthenticationFailedException(MISSING_CREDENTIALS_MESSAGE);
    }
    org.apache.shiro.subject.Subject shiroSubject = this.securityService.login(credProps);
    Principal principal;
    if (shiroSubject == null) {
        principal = new JMXPrincipal(username);
    } else {
        principal = new ShiroPrincipal(shiroSubject);
    }
    return new Subject(true, Collections.singleton(principal), Collections.EMPTY_SET, Collections.EMPTY_SET);
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) JMXPrincipal(javax.management.remote.JMXPrincipal) Properties(java.util.Properties) Principal(java.security.Principal) JMXPrincipal(javax.management.remote.JMXPrincipal) Subject(javax.security.auth.Subject)

Example 19 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class ServerHandShakeProcessor method readGFEHandshake.

private static boolean readGFEHandshake(ServerConnection connection, Version clientVersion) {
    int handShakeTimeout = connection.getHandShakeTimeout();
    InternalLogWriter securityLogWriter = connection.getSecurityLogWriter();
    try {
        Socket socket = connection.getSocket();
        DistributedSystem system = connection.getDistributedSystem();
        // hitesh:it will set credentials and principals
        HandShake handshake = new HandShake(socket, handShakeTimeout, system, clientVersion, connection.getCommunicationMode());
        connection.setHandshake(handshake);
        ClientProxyMembershipID proxyId = handshake.getMembership();
        connection.setProxyId(proxyId);
        // Hitesh:for older version we should set this
        if (clientVersion.compareTo(Version.GFE_65) < 0 || connection.getCommunicationMode() == Acceptor.GATEWAY_TO_GATEWAY) {
            long uniqueId = setAuthAttributes(connection);
            // for older clients < 6.5
            connection.setUserAuthId(uniqueId);
        }
    } catch (SocketTimeoutException timeout) {
        logger.warn(LocalizedMessage.create(LocalizedStrings.ServerHandShakeProcessor_0_HANDSHAKE_REPLY_CODE_TIMEOUT_NOT_RECEIVED_WITH_IN_1_MS, new Object[] { connection.getName(), Integer.valueOf(handShakeTimeout) }));
        connection.stats.incFailedConnectionAttempts();
        connection.cleanup();
        return false;
    } catch (EOFException e) {
        // no need to warn client just gave up on this server before we could
        // handshake
        logger.info("{} {}", connection.getName(), e);
        connection.stats.incFailedConnectionAttempts();
        connection.cleanup();
        return false;
    } catch (SocketException e) {
        // no need to warn client just gave up on this
        // server before we could handshake
        logger.info("{} {}", connection.getName(), e);
        connection.stats.incFailedConnectionAttempts();
        connection.cleanup();
        return false;
    } catch (IOException e) {
        logger.warn(LocalizedMessage.create(LocalizedStrings.ServerHandShakeProcessor_0_RECEIVED_NO_HANDSHAKE_REPLY_CODE, connection.getName()), e);
        connection.stats.incFailedConnectionAttempts();
        connection.cleanup();
        return false;
    } catch (AuthenticationRequiredException noauth) {
        String exStr = noauth.getLocalizedMessage();
        if (noauth.getCause() != null) {
            exStr += " : " + noauth.getCause().getLocalizedMessage();
        }
        if (securityLogWriter.warningEnabled()) {
            securityLogWriter.warning(LocalizedStrings.ONE_ARG, connection.getName() + ": Security exception: " + exStr);
        }
        connection.stats.incFailedConnectionAttempts();
        connection.refuseHandshake(noauth.getMessage(), HandShake.REPLY_EXCEPTION_AUTHENTICATION_REQUIRED);
        connection.cleanup();
        return false;
    } catch (AuthenticationFailedException failed) {
        String exStr = failed.getLocalizedMessage();
        if (failed.getCause() != null) {
            exStr += " : " + failed.getCause().getLocalizedMessage();
        }
        if (securityLogWriter.warningEnabled()) {
            securityLogWriter.warning(LocalizedStrings.ONE_ARG, connection.getName() + ": Security exception: " + exStr);
        }
        connection.stats.incFailedConnectionAttempts();
        connection.refuseHandshake(failed.getMessage(), HandShake.REPLY_EXCEPTION_AUTHENTICATION_FAILED);
        connection.cleanup();
        return false;
    } catch (Exception ex) {
        logger.warn("{} {}", connection.getName(), ex.getLocalizedMessage());
        connection.stats.incFailedConnectionAttempts();
        connection.refuseHandshake(ex.getMessage(), REPLY_REFUSED);
        connection.cleanup();
        return false;
    }
    return true;
}
Also used : SocketException(java.net.SocketException) InternalLogWriter(org.apache.geode.internal.logging.InternalLogWriter) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) IOException(java.io.IOException) AuthenticationRequiredException(org.apache.geode.security.AuthenticationRequiredException) DistributedSystem(org.apache.geode.distributed.DistributedSystem) InternalDistributedSystem(org.apache.geode.distributed.internal.InternalDistributedSystem) VersionException(org.apache.geode.cache.VersionException) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) SocketException(java.net.SocketException) SocketTimeoutException(java.net.SocketTimeoutException) IOException(java.io.IOException) EOFException(java.io.EOFException) IncompatibleVersionException(org.apache.geode.cache.IncompatibleVersionException) AuthenticationRequiredException(org.apache.geode.security.AuthenticationRequiredException) UnsupportedVersionException(org.apache.geode.cache.UnsupportedVersionException) SocketTimeoutException(java.net.SocketTimeoutException) EOFException(java.io.EOFException) Socket(java.net.Socket)

Example 20 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class HandShake method writeCredential.

/**
   * This method writes what readCredential() method expects to read. (Note the use of singular
   * credential). It is similar to writeCredentials(), except that it doesn't write
   * credential-properties.
   */
public byte writeCredential(DataOutputStream dos, DataInputStream dis, String authInit, boolean isNotification, DistributedMember member, HeapDataOutputStream heapdos) throws IOException, GemFireSecurityException {
    if (!this.multiuserSecureMode && (authInit == null || authInit.length() == 0)) {
        // No credentials indicator
        heapdos.writeByte(CREDENTIALS_NONE);
        heapdos.flush();
        dos.write(heapdos.toByteArray());
        dos.flush();
        return -1;
    }
    if (dhSKAlgo == null || dhSKAlgo.length() == 0) {
        // Normal credentials without encryption indicator
        heapdos.writeByte(CREDENTIALS_NORMAL);
        this.appSecureMode = CREDENTIALS_NORMAL;
        // DataSerializer.writeProperties(p_credentials, heapdos);
        heapdos.flush();
        dos.write(heapdos.toByteArray());
        dos.flush();
        return -1;
    }
    byte acceptanceCode = -1;
    try {
        InternalLogWriter securityLogWriter = (InternalLogWriter) this.system.getSecurityLogWriter();
        securityLogWriter.fine("HandShake: using Diffie-Hellman key exchange with algo " + dhSKAlgo);
        boolean requireAuthentication = (certificateFilePath != null && certificateFilePath.length() > 0);
        if (requireAuthentication) {
            securityLogWriter.fine("HandShake: server authentication using digital " + "signature required");
        }
        // Credentials with encryption indicator
        heapdos.writeByte(CREDENTIALS_DHENCRYPT);
        this.appSecureMode = CREDENTIALS_DHENCRYPT;
        heapdos.writeBoolean(requireAuthentication);
        // Send the symmetric encryption algorithm name
        DataSerializer.writeString(dhSKAlgo, heapdos);
        // Send the DH public key
        byte[] keyBytes = dhPublicKey.getEncoded();
        DataSerializer.writeByteArray(keyBytes, heapdos);
        byte[] clientChallenge = null;
        if (requireAuthentication) {
            // Authentication of server should be with the client supplied
            // challenge
            clientChallenge = new byte[64];
            random.nextBytes(clientChallenge);
            DataSerializer.writeByteArray(clientChallenge, heapdos);
        }
        heapdos.flush();
        dos.write(heapdos.toByteArray());
        dos.flush();
        // Expect the alias and signature in the reply
        acceptanceCode = dis.readByte();
        if (acceptanceCode != REPLY_OK && acceptanceCode != REPLY_AUTH_NOT_REQUIRED) {
            // Ignore the useless data
            dis.readByte();
            dis.readInt();
            if (!isNotification) {
                DataSerializer.readByteArray(dis);
            }
            readMessage(dis, dos, acceptanceCode, member);
        } else if (acceptanceCode == REPLY_OK) {
            // Get the public key of the other side
            keyBytes = DataSerializer.readByteArray(dis);
            if (requireAuthentication) {
                String subject = DataSerializer.readString(dis);
                byte[] signatureBytes = DataSerializer.readByteArray(dis);
                if (!certificateMap.containsKey(subject)) {
                    throw new AuthenticationFailedException(LocalizedStrings.HandShake_HANDSHAKE_FAILED_TO_FIND_PUBLIC_KEY_FOR_SERVER_WITH_SUBJECT_0.toLocalizedString(subject));
                }
                // Check the signature with the public key
                X509Certificate cert = (X509Certificate) certificateMap.get(subject);
                Signature sig = Signature.getInstance(cert.getSigAlgName());
                sig.initVerify(cert);
                sig.update(clientChallenge);
                // Check the challenge string
                if (!sig.verify(signatureBytes)) {
                    throw new AuthenticationFailedException("Mismatch in client " + "challenge bytes. Malicious server?");
                }
                securityLogWriter.fine("HandShake: Successfully verified the " + "digital signature from server");
            }
            // Read server challenge bytes
            byte[] serverChallenge = DataSerializer.readByteArray(dis);
            X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
            KeyFactory keyFact = KeyFactory.getInstance("DH");
            // PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
            this.clientPublicKey = keyFact.generatePublic(x509KeySpec);
            HeapDataOutputStream hdos = new HeapDataOutputStream(Version.CURRENT);
            try {
                // Add the challenge string
                DataSerializer.writeByteArray(serverChallenge, hdos);
                // byte[] encBytes = encrypt.doFinal(hdos.toByteArray());
                byte[] encBytes = encryptBytes(hdos.toByteArray(), getEncryptCipher(dhSKAlgo, this.clientPublicKey));
                DataSerializer.writeByteArray(encBytes, dos);
            } finally {
                hdos.close();
            }
        }
    } catch (IOException ex) {
        throw ex;
    } catch (GemFireSecurityException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new AuthenticationFailedException("HandShake failed in Diffie-Hellman key exchange", ex);
    }
    dos.flush();
    return acceptanceCode;
}
Also used : InternalLogWriter(org.apache.geode.internal.logging.InternalLogWriter) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) ServerRefusedConnectionException(org.apache.geode.cache.client.ServerRefusedConnectionException) GemFireSecurityException(org.apache.geode.security.GemFireSecurityException) InternalGemFireException(org.apache.geode.InternalGemFireException) GatewayConfigurationException(org.apache.geode.cache.GatewayConfigurationException) EOFException(java.io.EOFException) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) GemFireConfigException(org.apache.geode.GemFireConfigException) IOException(java.io.IOException) AuthenticationRequiredException(org.apache.geode.security.AuthenticationRequiredException) GemFireSecurityException(org.apache.geode.security.GemFireSecurityException) HeapDataOutputStream(org.apache.geode.internal.HeapDataOutputStream) Signature(java.security.Signature) KeyFactory(java.security.KeyFactory)

Aggregations

AuthenticationFailedException (org.apache.geode.security.AuthenticationFailedException)29 IOException (java.io.IOException)14 Properties (java.util.Properties)12 AuthenticationRequiredException (org.apache.geode.security.AuthenticationRequiredException)9 GemFireSecurityException (org.apache.geode.security.GemFireSecurityException)9 InternalLogWriter (org.apache.geode.internal.logging.InternalLogWriter)7 EOFException (java.io.EOFException)6 Signature (java.security.Signature)6 ConfigurationProperties (org.apache.geode.distributed.ConfigurationProperties)6 X509Certificate (java.security.cert.X509Certificate)5 GemFireConfigException (org.apache.geode.GemFireConfigException)5 InternalGemFireException (org.apache.geode.InternalGemFireException)5 GatewayConfigurationException (org.apache.geode.cache.GatewayConfigurationException)5 ServerRefusedConnectionException (org.apache.geode.cache.client.ServerRefusedConnectionException)5 KeyFactory (java.security.KeyFactory)4 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)4 Test (org.junit.Test)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 DataInputStream (java.io.DataInputStream)3 MalformedURLException (java.net.MalformedURLException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial