use of org.apache.ranger.util.Pbkdf2PasswordEncoderCust in project ranger by apache.
the class UserMgr method isPasswordValid.
public boolean isPasswordValid(String loginId, String encodedPassword, String password) {
boolean isPasswordValid = false;
try {
Pbkdf2PasswordEncoderCust pbkdf2Encoder = new Pbkdf2PasswordEncoderCust(loginId);
pbkdf2Encoder.setEncodeHashAsBase64(true);
if (pbkdf2Encoder.matches(password, encodedPassword)) {
isPasswordValid = true;
}
} catch (Throwable t) {
logger.error("Unable to validate old password ", t);
}
return isPasswordValid;
}
use of org.apache.ranger.util.Pbkdf2PasswordEncoderCust in project ranger by apache.
the class RangerAuthenticationProvider method getJDBCAuthentication.
private Authentication getJDBCAuthentication(Authentication authentication, String encoder) throws AuthenticationException {
try {
DaoAuthenticationProvider authenticator = new DaoAuthenticationProvider();
authenticator.setUserDetailsService(userDetailsService);
if (this.isFipsEnabled) {
if (authentication != null && authentication.getCredentials() != null && !authentication.isAuthenticated()) {
Pbkdf2PasswordEncoderCust passwordEncoder = new Pbkdf2PasswordEncoderCust(authentication.getName());
passwordEncoder.setEncodeHashAsBase64(true);
authenticator.setPasswordEncoder(passwordEncoder);
}
} else {
if (encoder != null && "SHA256".equalsIgnoreCase(encoder) && authentication != null) {
authenticator.setPasswordEncoder(new RangerCustomPasswordEncoder(authentication.getName(), "SHA-256"));
} else if (encoder != null && "MD5".equalsIgnoreCase(encoder) && authentication != null) {
authenticator.setPasswordEncoder(new RangerCustomPasswordEncoder(authentication.getName(), "MD5"));
}
}
String userName = "";
String userPassword = "";
if (authentication != null) {
userName = authentication.getName();
if (authentication.getCredentials() != null) {
userPassword = authentication.getCredentials().toString();
}
}
String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
final UserDetails principal = new User(userName, userPassword, grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication = authenticator.authenticate(finalAuthentication);
return authentication;
} else {
if (authentication != null && !authentication.isAuthenticated()) {
throw new BadCredentialsException("Bad credentials");
}
}
} catch (BadCredentialsException e) {
throw e;
} catch (AuthenticationServiceException e) {
throw e;
} catch (AuthenticationException e) {
throw e;
} catch (Exception e) {
throw e;
} catch (Throwable t) {
throw new BadCredentialsException("Bad credentials", t);
}
return authentication;
}
use of org.apache.ranger.util.Pbkdf2PasswordEncoderCust in project ranger by apache.
the class UserMgr method encrypt.
public String encrypt(String loginId, String password) {
String saltEncodedpasswd = "";
if (this.isFipsEnabled) {
try {
Pbkdf2PasswordEncoderCust pbkdf2Encoder = new Pbkdf2PasswordEncoderCust(loginId);
pbkdf2Encoder.setEncodeHashAsBase64(true);
if (password != null) {
saltEncodedpasswd = pbkdf2Encoder.encode(password);
}
} catch (Throwable t) {
logger.error("Password doesn't meet requirements");
throw restErrorUtil.createRESTException("Invalid password", MessageEnums.INVALID_PASSWORD, null, null, "" + loginId);
}
} else {
String sha256PasswordUpdateDisable = PropertiesUtil.getProperty("ranger.sha256Password.update.disable", "false");
if ("false".equalsIgnoreCase(sha256PasswordUpdateDisable)) {
saltEncodedpasswd = encodeString(password, loginId, "MD5");
} else {
saltEncodedpasswd = encodeString(password, loginId, "SHA-256");
}
}
return saltEncodedpasswd;
}
use of org.apache.ranger.util.Pbkdf2PasswordEncoderCust in project ranger by apache.
the class UserMgr method isNewPasswordDifferent.
public boolean isNewPasswordDifferent(String loginId, String currentPassword, String newPassword) {
boolean isNewPasswordDifferent = true;
String saltEncodedpasswd = "";
try {
Pbkdf2PasswordEncoderCust pbkdf2Encoder = new Pbkdf2PasswordEncoderCust(loginId);
pbkdf2Encoder.setEncodeHashAsBase64(true);
if (currentPassword != null) {
saltEncodedpasswd = pbkdf2Encoder.encode(currentPassword);
}
if (pbkdf2Encoder.matches(newPassword, saltEncodedpasswd)) {
isNewPasswordDifferent = false;
}
} catch (Throwable t) {
logger.error("Unable to validate old and new passwords ", t);
}
return isNewPasswordDifferent;
}
Aggregations