Search in sources :

Example 1 with UnsupportedTokenException

use of org.apache.shiro.authc.pam.UnsupportedTokenException in project neo4j by neo4j.

the class MultiRealmAuthManager method login.

@Override
public EnterpriseSecurityContext login(Map<String, Object> authToken) throws InvalidAuthTokenException {
    EnterpriseSecurityContext securityContext;
    ShiroAuthToken token = new ShiroAuthToken(authToken);
    assertValidScheme(token);
    try {
        securityContext = new StandardEnterpriseSecurityContext(this, (ShiroSubject) securityManager.login(null, token));
        if (logSuccessfulLogin) {
            securityLog.info(securityContext, "logged in");
        }
    } catch (UnsupportedTokenException e) {
        securityLog.error("Unknown user failed to log in: %s", e.getMessage());
        Throwable cause = e.getCause();
        if (cause != null && cause instanceof InvalidAuthTokenException) {
            throw new InvalidAuthTokenException(cause.getMessage() + ": " + token);
        }
        throw invalidToken(": " + token);
    } catch (ExcessiveAttemptsException e) {
        // NOTE: We only get this with single (internal) realm authentication
        securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.TOO_MANY_ATTEMPTS));
        securityLog.error("[%s]: failed to log in: too many failed attempts", escape(token.getPrincipal().toString()));
    } catch (AuthenticationException e) {
        if (e.getCause() != null && e.getCause() instanceof AuthProviderTimeoutException) {
            securityLog.error("[%s]: failed to log in: auth server timeout", escape(token.getPrincipal().toString()));
            throw new AuthProviderTimeoutException(e.getCause().getMessage(), e.getCause());
        }
        securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.FAILURE));
        securityLog.error("[%s]: failed to log in: invalid principal or credentials", escape(token.getPrincipal().toString()));
    }
    return securityContext;
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) AuthenticationException(org.apache.shiro.authc.AuthenticationException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) AuthProviderTimeoutException(org.neo4j.graphdb.security.AuthProviderTimeoutException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)

Example 2 with UnsupportedTokenException

use of org.apache.shiro.authc.pam.UnsupportedTokenException in project neo4j by neo4j.

the class InternalFlatFileRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!authenticationEnabled) {
        return null;
    }
    ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
    String username;
    String password;
    try {
        username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
        password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
    } catch (InvalidAuthTokenException e) {
        throw new UnsupportedTokenException(e);
    }
    User user = userRepository.getUserByName(username);
    if (user == null) {
        throw new UnknownAccountException();
    }
    AuthenticationResult result = authenticationStrategy.authenticate(user, password);
    switch(result) {
        case FAILURE:
            throw new IncorrectCredentialsException();
        case TOO_MANY_ATTEMPTS:
            throw new ExcessiveAttemptsException();
        default:
            break;
    }
    if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
        throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
    }
    if (user.passwordChangeRequired()) {
        result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
    }
    // and we do not need to store hashed credentials in the AuthenticationInfo.
    return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) User(org.neo4j.kernel.impl.security.User) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException) AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult)

Aggregations

ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)2 UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)2 InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)2 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)1 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)1 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)1 AuthProviderTimeoutException (org.neo4j.graphdb.security.AuthProviderTimeoutException)1 AuthenticationResult (org.neo4j.kernel.api.security.AuthenticationResult)1 EnterpriseSecurityContext (org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)1 User (org.neo4j.kernel.impl.security.User)1