Search in sources :

Example 11 with DefaultHandlerResult

use of org.apereo.cas.authentication.DefaultHandlerResult in project cas by apereo.

the class TestOneTimePasswordAuthenticationHandler method authenticate.

@Override
public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException, PreventedException {
    final OneTimePasswordCredential otp = (OneTimePasswordCredential) credential;
    final String valueOnRecord = credentialMap.get(otp.getId());
    if (otp.getPassword().equals(valueOnRecord)) {
        return new DefaultHandlerResult(this, new BasicCredentialMetaData(otp), new DefaultPrincipalFactory().createPrincipal(otp.getId()));
    }
    throw new FailedLoginException();
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) OneTimePasswordCredential(org.apereo.cas.authentication.OneTimePasswordCredential) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)

Example 12 with DefaultHandlerResult

use of org.apereo.cas.authentication.DefaultHandlerResult in project cas by apereo.

the class SimpleTestUsernamePasswordAuthenticationHandler method authenticate.

@Override
public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException, PreventedException {
    final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
    final String username = usernamePasswordCredential.getUsername();
    final String password = usernamePasswordCredential.getPassword();
    final Exception exception = this.usernameErrorMap.get(username);
    if (exception instanceof GeneralSecurityException) {
        throw (GeneralSecurityException) exception;
    } else if (exception instanceof PreventedException) {
        throw (PreventedException) exception;
    } else if (exception instanceof RuntimeException) {
        throw (RuntimeException) exception;
    } else if (exception != null) {
        LOGGER.debug("Cannot throw checked exception [{}] since it is not declared by method signature.", exception.getClass().getName(), exception);
    }
    if (StringUtils.hasText(username) && StringUtils.hasText(password) && username.equals(password)) {
        LOGGER.debug("User [{}] was successfully authenticated.", username);
        return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential), this.principalFactory.createPrincipal(username));
    }
    LOGGER.debug("User [{}] failed authentication", username);
    throw new FailedLoginException();
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) GeneralSecurityException(java.security.GeneralSecurityException) PreventedException(org.apereo.cas.authentication.PreventedException) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) AccountLockedException(javax.security.auth.login.AccountLockedException) AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) InvalidLoginTimeException(org.apereo.cas.authentication.exceptions.InvalidLoginTimeException) FailedLoginException(javax.security.auth.login.FailedLoginException) InvalidLoginLocationException(org.apereo.cas.authentication.exceptions.InvalidLoginLocationException) PreventedException(org.apereo.cas.authentication.PreventedException) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)

Example 13 with DefaultHandlerResult

use of org.apereo.cas.authentication.DefaultHandlerResult in project cas by apereo.

the class RememberMeAuthenticationMetaDataPopulatorTests method newBuilder.

private AuthenticationBuilder newBuilder(final Credential credential) {
    final CredentialMetaData meta = new BasicCredentialMetaData(new UsernamePasswordCredential());
    final AuthenticationHandler handler = new SimpleTestUsernamePasswordAuthenticationHandler();
    final AuthenticationBuilder builder = new DefaultAuthenticationBuilder(CoreAuthenticationTestUtils.getPrincipal()).addCredential(meta).addSuccess("test", new DefaultHandlerResult(handler, meta));
    if (this.p.supports(credential)) {
        this.p.populateAttributes(builder, credential);
    }
    return builder;
}
Also used : DefaultAuthenticationBuilder(org.apereo.cas.authentication.DefaultAuthenticationBuilder) DefaultAuthenticationBuilder(org.apereo.cas.authentication.DefaultAuthenticationBuilder) AuthenticationBuilder(org.apereo.cas.authentication.AuthenticationBuilder) SimpleTestUsernamePasswordAuthenticationHandler(org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler) SimpleTestUsernamePasswordAuthenticationHandler(org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler) AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData) CredentialMetaData(org.apereo.cas.authentication.CredentialMetaData) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) RememberMeUsernamePasswordCredential(org.apereo.cas.authentication.RememberMeUsernamePasswordCredential) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)

Example 14 with DefaultHandlerResult

use of org.apereo.cas.authentication.DefaultHandlerResult in project cas by apereo.

the class OpenIdCredentialsAuthenticationHandler method authenticate.

@Override
public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException {
    final OpenIdCredential c = (OpenIdCredential) credential;
    final TicketGrantingTicket t = this.ticketRegistry.getTicket(c.getTicketGrantingTicketId(), TicketGrantingTicket.class);
    if (t == null || t.isExpired()) {
        throw new FailedLoginException("TGT is null or expired.");
    }
    final Principal principal = t.getAuthentication().getPrincipal();
    if (!principal.getId().equals(c.getUsername())) {
        throw new FailedLoginException("Principal ID mismatch");
    }
    return new DefaultHandlerResult(this, new BasicCredentialMetaData(c), principal);
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) Principal(org.apereo.cas.authentication.principal.Principal) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData) OpenIdCredential(org.apereo.cas.support.openid.authentication.principal.OpenIdCredential)

Example 15 with DefaultHandlerResult

use of org.apereo.cas.authentication.DefaultHandlerResult in project cas by apereo.

the class X509CredentialsAuthenticationHandler method doAuthentication.

@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
    final X509Certificate[] certificates = x509Credential.getCertificates();
    X509Certificate clientCert = null;
    boolean hasTrustedIssuer = false;
    for (int i = certificates.length - 1; i >= 0; i--) {
        final X509Certificate certificate = certificates[i];
        LOGGER.debug("Evaluating [{}]", CertUtils.toString(certificate));
        validate(certificate);
        if (!hasTrustedIssuer) {
            hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
        }
        // getBasicConstraints returns pathLenConstraints which is generally
        // >=0 when this is a CA cert and -1 when it's not
        final int pathLength = certificate.getBasicConstraints();
        if (pathLength < 0) {
            LOGGER.debug("Found valid client certificate");
            clientCert = certificate;
        } else {
            LOGGER.debug("Found valid CA certificate");
        }
    }
    if (hasTrustedIssuer && clientCert != null) {
        x509Credential.setCertificate(clientCert);
        return new DefaultHandlerResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId()));
    }
    LOGGER.warn("Either client certificate could not be determined, or a trusted issuer could not be located");
    throw new FailedLoginException();
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) X509CertificateCredential(org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) X509Certificate(java.security.cert.X509Certificate)

Aggregations

DefaultHandlerResult (org.apereo.cas.authentication.DefaultHandlerResult)16 BasicCredentialMetaData (org.apereo.cas.authentication.BasicCredentialMetaData)13 FailedLoginException (javax.security.auth.login.FailedLoginException)9 CredentialMetaData (org.apereo.cas.authentication.CredentialMetaData)6 UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)5 DefaultAuthenticationBuilder (org.apereo.cas.authentication.DefaultAuthenticationBuilder)4 HandlerResult (org.apereo.cas.authentication.HandlerResult)4 DefaultPrincipalFactory (org.apereo.cas.authentication.principal.DefaultPrincipalFactory)4 AuthenticationBuilder (org.apereo.cas.authentication.AuthenticationBuilder)3 BasicIdentifiableCredential (org.apereo.cas.authentication.BasicIdentifiableCredential)3 GeneralSecurityException (java.security.GeneralSecurityException)2 HashMap (java.util.HashMap)2 X509CertificateCredential (org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential)2 AuthenticationHandler (org.apereo.cas.authentication.AuthenticationHandler)2 HttpBasedServiceCredential (org.apereo.cas.authentication.HttpBasedServiceCredential)2 PreventedException (org.apereo.cas.authentication.PreventedException)2 SimpleTestUsernamePasswordAuthenticationHandler (org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler)2 Principal (org.apereo.cas.authentication.principal.Principal)2 SpnegoCredential (org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential)2 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)2