use of org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin in project jackrabbit-oak by apache.
the class PreAuthLoginModule method login.
@Override
public boolean login() {
Credentials credentials = getCredentials();
if (credentials instanceof PreAuthCredentials) {
PreAuthCredentials pac = (PreAuthCredentials) credentials;
String userId = pac.getUserId();
if (userId == null) {
pac.setMessage(PreAuthCredentials.PRE_AUTH_FAIL);
} else {
sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(userId));
sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, new char[0]));
sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
pac.setMessage(PreAuthCredentials.PRE_AUTH_DONE);
}
}
return false;
}
use of org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin in project jackrabbit-oak by apache.
the class LoginModuleImpl method login.
//--------------------------------------------------------< LoginModule >---
@Override
public boolean login() throws LoginException {
credentials = getCredentials();
// check if we have a pre authenticated login from a previous login module
PreAuthenticatedLogin preAuthLogin = getSharedPreAuthLogin();
String loginName = getLoginId(preAuthLogin);
Authentication authentication = getUserAuthentication(loginName);
if (authentication != null) {
if (preAuthLogin != null) {
success = authentication.authenticate(PreAuthenticatedLogin.PRE_AUTHENTICATED);
} else {
success = authentication.authenticate(credentials);
}
if (success) {
log.debug("Adding Credentials to shared state.");
//noinspection unchecked
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
log.debug("Adding login name to shared state.");
//noinspection unchecked
sharedState.put(SHARED_KEY_LOGIN_NAME, loginName);
userId = authentication.getUserId();
if (userId == null) {
userId = loginName;
}
principal = authentication.getUserPrincipal();
}
} else {
// ensure that we don't commit (OAK-2998, OAK-3032)
credentials = null;
userId = null;
}
return success;
}
use of org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin in project jackrabbit-oak by apache.
the class ExternalLoginModule method login.
@Override
public boolean login() throws LoginException {
if (idp == null || syncHandler == null) {
return false;
}
credentials = getCredentials();
// check if we have a pre authenticated login from a previous login module
final PreAuthenticatedLogin preAuthLogin = getSharedPreAuthLogin();
final String userId = getUserId(preAuthLogin, credentials);
if (userId == null && credentials == null) {
log.debug("No credentials|userId found for external login module. ignoring.");
return false;
}
// remember identification for log-output
Object logId = (userId != null) ? userId : credentials;
try {
// check if there exists a user with the given ID that has been synchronized
// before into the repository.
SyncedIdentity sId = getSyncedIdentity(userId);
// - identity is valid but we have a preAuthLogin and the user doesn't need an updating sync (OAK-3508)
if (ignore(sId, preAuthLogin)) {
return false;
}
if (preAuthLogin != null) {
externalUser = idp.getUser(preAuthLogin.getUserId());
} else {
externalUser = idp.authenticate(credentials);
}
if (externalUser != null) {
log.debug("IDP {} returned valid user {}", idp.getName(), externalUser);
if (credentials != null) {
//noinspection unchecked
sharedState.put(SHARED_KEY_CREDENTIALS, credentials);
}
//noinspection unchecked
sharedState.put(SHARED_KEY_LOGIN_NAME, externalUser.getId());
syncUser(externalUser);
return true;
} else {
debug("IDP {} returned null for {}", idp.getName(), logId.toString());
if (sId != null) {
// invalidate the user if it exists as synced variant
log.debug("local user exists for '{}'. re-validating.", sId.getId());
validateUser(sId.getId());
}
return false;
}
} catch (ExternalIdentityException e) {
log.error("Error while authenticating '{}' with {}", logId, idp.getName(), e);
return false;
} catch (LoginException e) {
log.debug("IDP {} throws login exception for '{}': {}", idp.getName(), logId, e.getMessage());
throw e;
} catch (Exception e) {
log.debug("SyncHandler {} throws sync exception for '{}'", syncHandler.getName(), logId, e);
LoginException le = new LoginException("Error while syncing user.");
le.initCause(e);
throw le;
}
}
use of org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin in project sling by apache.
the class FormLoginModule method login.
@SuppressWarnings("unchecked")
public boolean login() throws LoginException {
Credentials credentials = getCredentials();
if (credentials instanceof FormCredentials) {
FormCredentials cred = (FormCredentials) credentials;
userId = cred.getUserId();
if (!authHandler.isValid(cred)) {
log.debug("Invalid credentials");
return false;
}
if (userId == null) {
log.debug("Could not extract userId/credentials");
} else {
// we just set the login name and rely on the following login modules to populate the subject
sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(userId));
sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, EMPTY_PWD));
sharedState.put(SHARED_KEY_LOGIN_NAME, userId);
log.debug("login succeeded with trusted user: {}", userId);
}
}
return false;
}
Aggregations