use of org.apache.shiro.authc.pam.UnsupportedTokenException in project neo4j by neo4j.
the class MultiRealmAuthManager method login.
@Override
public EnterpriseSecurityContext login(Map<String, Object> authToken) throws InvalidAuthTokenException {
EnterpriseSecurityContext securityContext;
ShiroAuthToken token = new ShiroAuthToken(authToken);
assertValidScheme(token);
try {
securityContext = new StandardEnterpriseSecurityContext(this, (ShiroSubject) securityManager.login(null, token));
if (logSuccessfulLogin) {
securityLog.info(securityContext, "logged in");
}
} catch (UnsupportedTokenException e) {
securityLog.error("Unknown user failed to log in: %s", e.getMessage());
Throwable cause = e.getCause();
if (cause != null && cause instanceof InvalidAuthTokenException) {
throw new InvalidAuthTokenException(cause.getMessage() + ": " + token);
}
throw invalidToken(": " + token);
} catch (ExcessiveAttemptsException e) {
// NOTE: We only get this with single (internal) realm authentication
securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.TOO_MANY_ATTEMPTS));
securityLog.error("[%s]: failed to log in: too many failed attempts", escape(token.getPrincipal().toString()));
} catch (AuthenticationException e) {
if (e.getCause() != null && e.getCause() instanceof AuthProviderTimeoutException) {
securityLog.error("[%s]: failed to log in: auth server timeout", escape(token.getPrincipal().toString()));
throw new AuthProviderTimeoutException(e.getCause().getMessage(), e.getCause());
}
securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.FAILURE));
securityLog.error("[%s]: failed to log in: invalid principal or credentials", escape(token.getPrincipal().toString()));
}
return securityContext;
}
use of org.apache.shiro.authc.pam.UnsupportedTokenException in project neo4j by neo4j.
the class InternalFlatFileRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
if (!authenticationEnabled) {
return null;
}
ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
String username;
String password;
try {
username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
} catch (InvalidAuthTokenException e) {
throw new UnsupportedTokenException(e);
}
User user = userRepository.getUserByName(username);
if (user == null) {
throw new UnknownAccountException();
}
AuthenticationResult result = authenticationStrategy.authenticate(user, password);
switch(result) {
case FAILURE:
throw new IncorrectCredentialsException();
case TOO_MANY_ATTEMPTS:
throw new ExcessiveAttemptsException();
default:
break;
}
if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
}
if (user.passwordChangeRequired()) {
result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
}
// and we do not need to store hashed credentials in the AuthenticationInfo.
return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
Aggregations