Example 6 with BasicCredentialMetaData
use of org.apereo.cas.authentication.BasicCredentialMetaData in project cas by apereo.
the class OAuth20AccessTokenControllerTests method getAuthentication.
private static Authentication getAuthentication(final Principal principal) {
final CredentialMetaData metadata = new BasicCredentialMetaData(new BasicIdentifiableCredential(principal.getId()));
final HandlerResult handlerResult = new DefaultHandlerResult(principal.getClass().getCanonicalName(), metadata, principal, new ArrayList<>());
return DefaultAuthenticationBuilder.newInstance().setPrincipal(principal).setAuthenticationDate(ZonedDateTime.now()).addCredential(metadata).addSuccess(principal.getClass().getCanonicalName(), handlerResult).build();
}
Also used :
BasicIdentifiableCredential(org.apereo.cas.authentication.BasicIdentifiableCredential)
DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult)
HandlerResult(org.apereo.cas.authentication.HandlerResult)
BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)
CredentialMetaData(org.apereo.cas.authentication.CredentialMetaData)
DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult)
BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)
Example 7 with BasicCredentialMetaData
use of org.apereo.cas.authentication.BasicCredentialMetaData in project cas by apereo.
the class JcifsSpnegoAuthenticationHandler method doAuthentication.
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final SpnegoCredential spnegoCredential = (SpnegoCredential) credential;
final java.security.Principal principal;
final byte[] nextToken;
if (!this.isNTLMallowed && spnegoCredential.isNtlm()) {
throw new FailedLoginException("NTLM not allowed");
}
try {
// proceed authentication using jcifs
synchronized (this) {
this.authentication.reset();
LOGGER.debug("Processing SPNEGO authentication");
this.authentication.process(spnegoCredential.getInitToken());
principal = this.authentication.getPrincipal();
LOGGER.debug("Authenticated SPNEGO principal [{}]", principal.getName());
LOGGER.debug("Retrieving the next token for authentication");
nextToken = this.authentication.getNextToken();
}
} catch (final jcifs.spnego.AuthenticationException e) {
throw new FailedLoginException(e.getMessage());
}
// evaluate jcifs response
if (nextToken != null) {
LOGGER.debug("Setting nextToken in credential");
spnegoCredential.setNextToken(nextToken);
} else {
LOGGER.debug("nextToken is null");
}
boolean success = false;
if (principal != null) {
if (spnegoCredential.isNtlm()) {
LOGGER.debug("NTLM Credential is valid for user [{}]", principal.getName());
} else {
LOGGER.debug("Kerberos Credential is valid for user [{}]", principal.getName());
}
spnegoCredential.setPrincipal(getPrincipal(principal.getName(), spnegoCredential.isNtlm()));
success = true;
}
if (!success) {
throw new FailedLoginException("Principal is null, the processing of the SPNEGO Token failed");
}
return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential), spnegoCredential.getPrincipal());
}
Also used :
SpnegoCredential(org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential)
FailedLoginException(javax.security.auth.login.FailedLoginException)
DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult)
BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)
Example 8 with BasicCredentialMetaData
use of org.apereo.cas.authentication.BasicCredentialMetaData in project cas by apereo.
the class NtlmAuthenticationHandler method doAuthentication.
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final SpnegoCredential ntlmCredential = (SpnegoCredential) credential;
final byte[] src = ntlmCredential.getInitToken();
final UniAddress dc;
boolean success = false;
try {
if (this.loadBalance) {
// find the first dc that matches the includepattern
if (StringUtils.isNotBlank(this.includePattern)) {
final NbtAddress[] dcs = NbtAddress.getAllByName(this.domainController, NBT_ADDRESS_TYPE, null, null);
dc = Arrays.stream(dcs).filter(dc2 -> dc2.getHostAddress().matches(this.includePattern)).findFirst().map(UniAddress::new).orElse(null);
} else {
dc = new UniAddress(NbtAddress.getByName(this.domainController, NBT_ADDRESS_TYPE, null));
}
} else {
dc = UniAddress.getByName(this.domainController, true);
}
final byte[] challenge = SmbSession.getChallenge(dc);
switch(src[NTLM_TOKEN_TYPE_FIELD_INDEX]) {
case NTLM_TOKEN_TYPE_ONE:
LOGGER.debug("Type 1 received");
final Type1Message type1 = new Type1Message(src);
final Type2Message type2 = new Type2Message(type1, challenge, null);
LOGGER.debug("Type 2 returned. Setting next token.");
ntlmCredential.setNextToken(type2.toByteArray());
break;
case NTLM_TOKEN_TYPE_THREE:
LOGGER.debug("Type 3 received");
final Type3Message type3 = new Type3Message(src);
final byte[] lmResponse = type3.getLMResponse() == null ? new byte[0] : type3.getLMResponse();
final byte[] ntResponse = type3.getNTResponse() == null ? new byte[0] : type3.getNTResponse();
final NtlmPasswordAuthentication ntlm = new NtlmPasswordAuthentication(type3.getDomain(), type3.getUser(), challenge, lmResponse, ntResponse);
LOGGER.debug("Trying to authenticate [{}] with domain controller", type3.getUser());
try {
SmbSession.logon(dc, ntlm);
ntlmCredential.setPrincipal(this.principalFactory.createPrincipal(type3.getUser()));
success = true;
} catch (final SmbAuthException sae) {
throw new FailedLoginException(sae.getMessage());
}
break;
default:
LOGGER.debug("Unknown type: [{}]", src[NTLM_TOKEN_TYPE_FIELD_INDEX]);
}
} catch (final Exception e) {
throw new FailedLoginException(e.getMessage());
}
if (!success) {
throw new FailedLoginException();
}
return new DefaultHandlerResult(this, new BasicCredentialMetaData(ntlmCredential), ntlmCredential.getPrincipal());
}
Also used :
Type2Message(jcifs.ntlmssp.Type2Message)
Type3Message(jcifs.ntlmssp.Type3Message)
GeneralSecurityException(java.security.GeneralSecurityException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PreventedException(org.apereo.cas.authentication.PreventedException)
SmbAuthException(jcifs.smb.SmbAuthException)
UniAddress(jcifs.UniAddress)
Type1Message(jcifs.ntlmssp.Type1Message)
SpnegoCredential(org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential)
SmbAuthException(jcifs.smb.SmbAuthException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
NtlmPasswordAuthentication(jcifs.smb.NtlmPasswordAuthentication)
DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult)
BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)
NbtAddress(jcifs.netbios.NbtAddress)
Example 9 with BasicCredentialMetaData
use of org.apereo.cas.authentication.BasicCredentialMetaData in project cas by apereo.
the class TestOneTimePasswordAuthenticationHandler method authenticate.
@Override
public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException, PreventedException {
final OneTimePasswordCredential otp = (OneTimePasswordCredential) credential;
final String valueOnRecord = credentialMap.get(otp.getId());
if (otp.getPassword().equals(valueOnRecord)) {
return new DefaultHandlerResult(this, new BasicCredentialMetaData(otp), new DefaultPrincipalFactory().createPrincipal(otp.getId()));
}
throw new FailedLoginException();
}
Also used :
FailedLoginException(javax.security.auth.login.FailedLoginException)
DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory)
OneTimePasswordCredential(org.apereo.cas.authentication.OneTimePasswordCredential)
DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult)
BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)
Example 10 with BasicCredentialMetaData
use of org.apereo.cas.authentication.BasicCredentialMetaData in project cas by apereo.
the class SimpleTestUsernamePasswordAuthenticationHandler method authenticate.
@Override
public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException, PreventedException {
final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
final String username = usernamePasswordCredential.getUsername();
final String password = usernamePasswordCredential.getPassword();
final Exception exception = this.usernameErrorMap.get(username);
if (exception instanceof GeneralSecurityException) {
throw (GeneralSecurityException) exception;
} else if (exception instanceof PreventedException) {
throw (PreventedException) exception;
} else if (exception instanceof RuntimeException) {
throw (RuntimeException) exception;
} else if (exception != null) {
LOGGER.debug("Cannot throw checked exception [{}] since it is not declared by method signature.", exception.getClass().getName(), exception);
}
if (StringUtils.hasText(username) && StringUtils.hasText(password) && username.equals(password)) {
LOGGER.debug("User [{}] was successfully authenticated.", username);
return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential), this.principalFactory.createPrincipal(username));
}
LOGGER.debug("User [{}] failed authentication", username);
throw new FailedLoginException();
}
Also used :
FailedLoginException(javax.security.auth.login.FailedLoginException)
GeneralSecurityException(java.security.GeneralSecurityException)
PreventedException(org.apereo.cas.authentication.PreventedException)
DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult)
UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential)
AccountLockedException(javax.security.auth.login.AccountLockedException)
AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidLoginTimeException(org.apereo.cas.authentication.exceptions.InvalidLoginTimeException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
InvalidLoginLocationException(org.apereo.cas.authentication.exceptions.InvalidLoginLocationException)
PreventedException(org.apereo.cas.authentication.PreventedException)
BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)
Aggregations
BasicCredentialMetaData (org.apereo.cas.authentication.BasicCredentialMetaData)13
DefaultHandlerResult (org.apereo.cas.authentication.DefaultHandlerResult)13
FailedLoginException (javax.security.auth.login.FailedLoginException)6
CredentialMetaData (org.apereo.cas.authentication.CredentialMetaData)6
DefaultAuthenticationBuilder (org.apereo.cas.authentication.DefaultAuthenticationBuilder)4
HandlerResult (org.apereo.cas.authentication.HandlerResult)4
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)4
AuthenticationBuilder (org.apereo.cas.authentication.AuthenticationBuilder)3
BasicIdentifiableCredential (org.apereo.cas.authentication.BasicIdentifiableCredential)3
DefaultPrincipalFactory (org.apereo.cas.authentication.principal.DefaultPrincipalFactory)3
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)3
GeneralSecurityException (java.security.GeneralSecurityException)2
HashMap (java.util.HashMap)2
AuthenticationHandler (org.apereo.cas.authentication.AuthenticationHandler)2
PreventedException (org.apereo.cas.authentication.PreventedException)2
SimpleTestUsernamePasswordAuthenticationHandler (org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler)2
Principal (org.apereo.cas.authentication.principal.Principal)2
SpnegoCredential (org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential)2
ServiceTicket (org.apereo.cas.ticket.ServiceTicket)2
LinkedHashMap (java.util.LinkedHashMap)1
