Search in sources :

Example 1 with Pbkdf2PasswordEncoderCust

use of org.apache.ranger.util.Pbkdf2PasswordEncoderCust in project ranger by apache.

the class UserMgr method isPasswordValid.

public boolean isPasswordValid(String loginId, String encodedPassword, String password) {
    boolean isPasswordValid = false;
    try {
        Pbkdf2PasswordEncoderCust pbkdf2Encoder = new Pbkdf2PasswordEncoderCust(loginId);
        pbkdf2Encoder.setEncodeHashAsBase64(true);
        if (pbkdf2Encoder.matches(password, encodedPassword)) {
            isPasswordValid = true;
        }
    } catch (Throwable t) {
        logger.error("Unable to validate old password ", t);
    }
    return isPasswordValid;
}
Also used : Pbkdf2PasswordEncoderCust(org.apache.ranger.util.Pbkdf2PasswordEncoderCust)

Example 2 with Pbkdf2PasswordEncoderCust

use of org.apache.ranger.util.Pbkdf2PasswordEncoderCust in project ranger by apache.

the class RangerAuthenticationProvider method getJDBCAuthentication.

private Authentication getJDBCAuthentication(Authentication authentication, String encoder) throws AuthenticationException {
    try {
        DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider();
        authenticator.setUserDetailsService(userDetailsService);
        if (this.isFipsEnabled) {
            if (authentication != null && authentication.getCredentials() != null && !authentication.isAuthenticated()) {
                Pbkdf2PasswordEncoderCust passwordEncoder = new Pbkdf2PasswordEncoderCust(authentication.getName());
                passwordEncoder.setEncodeHashAsBase64(true);
                authenticator.setPasswordEncoder(passwordEncoder);
            }
        } else {
            if (encoder != null && "SHA256".equalsIgnoreCase(encoder) && authentication != null) {
                authenticator.setPasswordEncoder(new RangerCustomPasswordEncoder(authentication.getName(), "SHA-256"));
            } else if (encoder != null && "MD5".equalsIgnoreCase(encoder) && authentication != null) {
                authenticator.setPasswordEncoder(new RangerCustomPasswordEncoder(authentication.getName(), "MD5"));
            }
        }
        String userName = "";
        String userPassword = "";
        if (authentication != null) {
            userName = authentication.getName();
            if (authentication.getCredentials() != null) {
                userPassword = authentication.getCredentials().toString();
            }
        }
        String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = authenticator.authenticate(finalAuthentication);
            return authentication;
        } else {
            if (authentication != null && !authentication.isAuthenticated()) {
                throw new BadCredentialsException("Bad credentials");
            }
        }
    } catch (BadCredentialsException e) {
        throw e;
    } catch (AuthenticationServiceException e) {
        throw e;
    } catch (AuthenticationException e) {
        throw e;
    } catch (Exception e) {
        throw e;
    } catch (Throwable t) {
        throw new BadCredentialsException("Bad credentials", t);
    }
    return authentication;
}
Also used : User(org.springframework.security.core.userdetails.User) AuthenticationException(org.springframework.security.core.AuthenticationException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.security.core.AuthenticationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) Pbkdf2PasswordEncoderCust(org.apache.ranger.util.Pbkdf2PasswordEncoderCust) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) UserDetails(org.springframework.security.core.userdetails.UserDetails) DaoAuthenticationProvider(org.springframework.security.authentication.dao.DaoAuthenticationProvider) Authentication(org.springframework.security.core.Authentication)

Example 3 with Pbkdf2PasswordEncoderCust

use of org.apache.ranger.util.Pbkdf2PasswordEncoderCust in project ranger by apache.

the class UserMgr method encrypt.

public String encrypt(String loginId, String password) {
    String saltEncodedpasswd = "";
    if (this.isFipsEnabled) {
        try {
            Pbkdf2PasswordEncoderCust pbkdf2Encoder = new Pbkdf2PasswordEncoderCust(loginId);
            pbkdf2Encoder.setEncodeHashAsBase64(true);
            if (password != null) {
                saltEncodedpasswd = pbkdf2Encoder.encode(password);
            }
        } catch (Throwable t) {
            logger.error("Password doesn't meet requirements");
            throw restErrorUtil.createRESTException("Invalid password", MessageEnums.INVALID_PASSWORD, null, null, "" + loginId);
        }
    } else {
        String sha256PasswordUpdateDisable = PropertiesUtil.getProperty("ranger.sha256Password.update.disable", "false");
        if ("false".equalsIgnoreCase(sha256PasswordUpdateDisable)) {
            saltEncodedpasswd = encodeString(password, loginId, "MD5");
        } else {
            saltEncodedpasswd = encodeString(password, loginId, "SHA-256");
        }
    }
    return saltEncodedpasswd;
}
Also used : VXString(org.apache.ranger.view.VXString) Pbkdf2PasswordEncoderCust(org.apache.ranger.util.Pbkdf2PasswordEncoderCust)

Example 4 with Pbkdf2PasswordEncoderCust

use of org.apache.ranger.util.Pbkdf2PasswordEncoderCust in project ranger by apache.

the class UserMgr method isNewPasswordDifferent.

public boolean isNewPasswordDifferent(String loginId, String currentPassword, String newPassword) {
    boolean isNewPasswordDifferent = true;
    String saltEncodedpasswd = "";
    try {
        Pbkdf2PasswordEncoderCust pbkdf2Encoder = new Pbkdf2PasswordEncoderCust(loginId);
        pbkdf2Encoder.setEncodeHashAsBase64(true);
        if (currentPassword != null) {
            saltEncodedpasswd = pbkdf2Encoder.encode(currentPassword);
        }
        if (pbkdf2Encoder.matches(newPassword, saltEncodedpasswd)) {
            isNewPasswordDifferent = false;
        }
    } catch (Throwable t) {
        logger.error("Unable to validate old and new passwords ", t);
    }
    return isNewPasswordDifferent;
}
Also used : VXString(org.apache.ranger.view.VXString) Pbkdf2PasswordEncoderCust(org.apache.ranger.util.Pbkdf2PasswordEncoderCust)

Aggregations

Pbkdf2PasswordEncoderCust (org.apache.ranger.util.Pbkdf2PasswordEncoderCust)4 VXString (org.apache.ranger.view.VXString)2 ArrayList (java.util.ArrayList)1 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 DaoAuthenticationProvider (org.springframework.security.authentication.dao.DaoAuthenticationProvider)1 Authentication (org.springframework.security.core.Authentication)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1 User (org.springframework.security.core.userdetails.User)1 UserDetails (org.springframework.security.core.userdetails.UserDetails)1