Example 1 with PreAuthenticatedLogin
use of org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin in project jackrabbit-oak by apache.
the class PreAuthLoginModule method login.
@Override
public boolean login() {
Credentials credentials = getCredentials();
if (credentials instanceof PreAuthCredentials) {
PreAuthCredentials pac = (PreAuthCredentials) credentials;
String userId = pac.getUserId();
if (userId == null) {
pac.setMessage(PreAuthCredentials.PRE_AUTH_FAIL);
} else {
sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(userId));
sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, new char[0]));
sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
pac.setMessage(PreAuthCredentials.PRE_AUTH_DONE);
}
}
return false;
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
SimpleCredentials(javax.jcr.SimpleCredentials)
Credentials(javax.jcr.Credentials)
PreAuthenticatedLogin(org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin)
Example 2 with PreAuthenticatedLogin
use of org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin in project jackrabbit-oak by apache.
the class LoginModuleImpl method login.
//--------------------------------------------------------< LoginModule >---
@Override
public boolean login() throws LoginException {
credentials = getCredentials();
// check if we have a pre authenticated login from a previous login module
PreAuthenticatedLogin preAuthLogin = getSharedPreAuthLogin();
String loginName = getLoginId(preAuthLogin);
Authentication authentication = getUserAuthentication(loginName);
if (authentication != null) {
if (preAuthLogin != null) {
success = authentication.authenticate(PreAuthenticatedLogin.PRE_AUTHENTICATED);
} else {
success = authentication.authenticate(credentials);
}
if (success) {
log.debug("Adding Credentials to shared state.");
//noinspection unchecked
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
log.debug("Adding login name to shared state.");
//noinspection unchecked
sharedState.put(SHARED_KEY_LOGIN_NAME, loginName);
userId = authentication.getUserId();
if (userId == null) {
userId = loginName;
}
principal = authentication.getUserPrincipal();
}
} else {
// ensure that we don't commit (OAK-2998, OAK-3032)
credentials = null;
userId = null;
}
return success;
}
Also used :
Authentication(org.apache.jackrabbit.oak.spi.security.authentication.Authentication)
PreAuthenticatedLogin(org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin)
Example 3 with PreAuthenticatedLogin
use of org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin in project jackrabbit-oak by apache.
the class ExternalLoginModule method login.
@Override
public boolean login() throws LoginException {
if (idp == null || syncHandler == null) {
return false;
}
credentials = getCredentials();
// check if we have a pre authenticated login from a previous login module
final PreAuthenticatedLogin preAuthLogin = getSharedPreAuthLogin();
final String userId = getUserId(preAuthLogin, credentials);
if (userId == null && credentials == null) {
log.debug("No credentials|userId found for external login module. ignoring.");
return false;
}
// remember identification for log-output
Object logId = (userId != null) ? userId : credentials;
try {
// check if there exists a user with the given ID that has been synchronized
// before into the repository.
SyncedIdentity sId = getSyncedIdentity(userId);
// - identity is valid but we have a preAuthLogin and the user doesn't need an updating sync (OAK-3508)
if (ignore(sId, preAuthLogin)) {
return false;
}
if (preAuthLogin != null) {
externalUser = idp.getUser(preAuthLogin.getUserId());
} else {
externalUser = idp.authenticate(credentials);
}
if (externalUser != null) {
log.debug("IDP {} returned valid user {}", idp.getName(), externalUser);
if (credentials != null) {
//noinspection unchecked
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
}
//noinspection unchecked
sharedState.put(SHARED_KEY_LOGIN_NAME, externalUser.getId());
syncUser(externalUser);
return true;
} else {
debug("IDP {} returned null for {}", idp.getName(), logId.toString());
if (sId != null) {
// invalidate the user if it exists as synced variant
log.debug("local user exists for '{}'. re-validating.", sId.getId());
validateUser(sId.getId());
}
return false;
}
} catch (ExternalIdentityException e) {
log.error("Error while authenticating '{}' with {}", logId, idp.getName(), e);
return false;
} catch (LoginException e) {
log.debug("IDP {} throws login exception for '{}': {}", idp.getName(), logId, e.getMessage());
throw e;
} catch (Exception e) {
log.debug("SyncHandler {} throws sync exception for '{}'", syncHandler.getName(), logId, e);
LoginException le = new LoginException("Error while syncing user.");
le.initCause(e);
throw le;
}
}
Also used :
LoginException(javax.security.auth.login.LoginException)
SyncedIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
PreAuthenticatedLogin(org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin)
LoginException(javax.security.auth.login.LoginException)
CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)
RepositoryException(javax.jcr.RepositoryException)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
SyncException(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException)
Example 4 with PreAuthenticatedLogin
use of org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin in project sling by apache.
the class FormLoginModule method login.
@SuppressWarnings("unchecked")
public boolean login() throws LoginException {
Credentials credentials = getCredentials();
if (credentials instanceof FormCredentials) {
FormCredentials cred = (FormCredentials) credentials;
userId = cred.getUserId();
if (!authHandler.isValid(cred)) {
log.debug("Invalid credentials");
return false;
}
if (userId == null) {
log.debug("Could not extract userId/credentials");
} else {
// we just set the login name and rely on the following login modules to populate the subject
sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(userId));
sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, EMPTY_PWD));
sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
log.debug("login succeeded with trusted user: {}", userId);
}
}
return false;
}
Also used :
SimpleCredentials(javax.jcr.SimpleCredentials)
SimpleCredentials(javax.jcr.SimpleCredentials)
Credentials(javax.jcr.Credentials)
PreAuthenticatedLogin(org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin)
Aggregations
PreAuthenticatedLogin (org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin)4
Credentials (javax.jcr.Credentials)2
SimpleCredentials (javax.jcr.SimpleCredentials)2
RepositoryException (javax.jcr.RepositoryException)1
LoginException (javax.security.auth.login.LoginException)1
CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)1
Authentication (org.apache.jackrabbit.oak.spi.security.authentication.Authentication)1
ExternalIdentityException (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)1
SyncException (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException)1
SyncedIdentity (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity)1
