Examples with PreventedException org.apereo.cas.authentication.PreventedException used on opensource projects

Search in sources :

Example 11 with PreventedException

use of org.apereo.cas.authentication.PreventedException in project cas by apereo.

the class GoogleAuthenticatorAuthenticationHandler method doAuthentication.

@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    final GoogleAuthenticatorTokenCredential tokenCredential = (GoogleAuthenticatorTokenCredential) credential;
    if (!NumberUtils.isCreatable(tokenCredential.getToken())) {
        throw new PreventedException("Invalid non-numeric OTP format specified.", new IllegalArgumentException("Invalid token " + tokenCredential.getToken()));
    }
    final int otp = Integer.parseInt(tokenCredential.getToken());
    LOGGER.debug("Received OTP [{}]", otp);
    final RequestContext context = RequestContextHolder.getRequestContext();
    if (context == null) {
        new IllegalArgumentException("No request context could be found to locate an authentication event");
    }
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        new IllegalArgumentException("Request context has no reference to an authentication event to locate a principal");
    }
    final String uid = authentication.getPrincipal().getId();
    LOGGER.debug("Received principal id [{}]", uid);
    final String secKey = this.credentialRepository.getSecret(uid);
    if (StringUtils.isBlank(secKey)) {
        throw new AccountNotFoundException(uid + " cannot be found in the registry");
    }
    if (this.tokenRepository.exists(uid, otp)) {
        throw new AccountExpiredException(uid + " cannot reuse OTP " + otp + " as it may be expired/invalid");
    }
    final boolean isCodeValid = this.googleAuthenticatorInstance.authorize(secKey, otp);
    if (isCodeValid) {
        this.tokenRepository.store(new GoogleAuthenticatorToken(otp, uid));
        return createHandlerResult(tokenCredential, this.principalFactory.createPrincipal(uid), null);
    }
    throw new FailedLoginException("Failed to authenticate code " + otp);
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) Authentication(org.apereo.cas.authentication.Authentication) AccountExpiredException(javax.security.auth.login.AccountExpiredException) GoogleAuthenticatorToken(org.apereo.cas.adaptors.gauth.repository.token.GoogleAuthenticatorToken) PreventedException(org.apereo.cas.authentication.PreventedException) RequestContext(org.springframework.webflow.execution.RequestContext) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)

Example 12 with PreventedException

use of org.apereo.cas.authentication.PreventedException in project cas by apereo.

the class SimpleTestUsernamePasswordAuthenticationHandler method authenticate.

@Override
public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException, PreventedException {
    final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
    final String username = usernamePasswordCredential.getUsername();
    final String password = usernamePasswordCredential.getPassword();
    final Exception exception = this.usernameErrorMap.get(username);
    if (exception instanceof GeneralSecurityException) {
        throw (GeneralSecurityException) exception;
    } else if (exception instanceof PreventedException) {
        throw (PreventedException) exception;
    } else if (exception instanceof RuntimeException) {
        throw (RuntimeException) exception;
    } else if (exception != null) {
        LOGGER.debug("Cannot throw checked exception [{}] since it is not declared by method signature.", exception.getClass().getName(), exception);
    }
    if (StringUtils.hasText(username) && StringUtils.hasText(password) && username.equals(password)) {
        LOGGER.debug("User [{}] was successfully authenticated.", username);
        return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential), this.principalFactory.createPrincipal(username));
    }
    LOGGER.debug("User [{}] failed authentication", username);
    throw new FailedLoginException();
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) GeneralSecurityException(java.security.GeneralSecurityException) PreventedException(org.apereo.cas.authentication.PreventedException) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) AccountLockedException(javax.security.auth.login.AccountLockedException) AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException) CredentialExpiredException(javax.security.auth.login.CredentialExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) InvalidLoginTimeException(org.apereo.cas.authentication.exceptions.InvalidLoginTimeException) FailedLoginException(javax.security.auth.login.FailedLoginException) InvalidLoginLocationException(org.apereo.cas.authentication.exceptions.InvalidLoginLocationException) PreventedException(org.apereo.cas.authentication.PreventedException) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)

Example 13 with PreventedException

use of org.apereo.cas.authentication.PreventedException in project cas by apereo.

the class AzureAuthenticatorAuthenticationHandler method doAuthentication.

@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    try {
        final AzureAuthenticatorTokenCredential c = (AzureAuthenticatorTokenCredential) credential;
        final RequestContext context = RequestContextHolder.getRequestContext();
        final Principal principal = WebUtils.getAuthentication(context).getPrincipal();
        LOGGER.debug("Received principal id [{}]", principal.getId());
        final PFAuthParams params = authenticationRequestBuilder.build(principal, c);
        final PFAuthResult r = azureAuthenticatorInstance.authenticate(params);
        if (r.getAuthenticated()) {
            return createHandlerResult(c, principalFactory.createPrincipal(principal.getId()), null);
        }
        LOGGER.error("Authentication failed. Call status: [{}]-[{}]. Error: [{}]", r.getCallStatus(), r.getCallStatusString(), r.getMessageError());
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    throw new FailedLoginException("Failed to authenticate user");
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) PFAuthResult(net.phonefactor.pfsdk.PFAuthResult) RequestContext(org.springframework.webflow.execution.RequestContext) PFAuthParams(net.phonefactor.pfsdk.PFAuthParams) Principal(org.apereo.cas.authentication.principal.Principal) GeneralSecurityException(java.security.GeneralSecurityException) FailedLoginException(javax.security.auth.login.FailedLoginException) PreventedException(org.apereo.cas.authentication.PreventedException)

Example 14 with PreventedException

use of org.apereo.cas.authentication.PreventedException in project cas by apereo.

the class U2FAuthenticationHandler method doAuthentication.

@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    final U2FTokenCredential tokenCredential = (U2FTokenCredential) credential;
    final RequestContext context = RequestContextHolder.getRequestContext();
    if (context == null) {
        new IllegalArgumentException("No request context could be found to locate an authentication event");
    }
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        new IllegalArgumentException("Request context has no reference to an authentication event to locate a principal");
    }
    final Principal p = authentication.getPrincipal();
    final AuthenticateResponse authenticateResponse = AuthenticateResponse.fromJson(tokenCredential.getToken());
    final String authJson = u2FDeviceRepository.getDeviceAuthenticationRequest(authenticateResponse.getRequestId(), p.getId());
    final AuthenticateRequestData authenticateRequest = AuthenticateRequestData.fromJson(authJson);
    DeviceRegistration registration = null;
    try {
        registration = u2f.finishAuthentication(authenticateRequest, authenticateResponse, u2FDeviceRepository.getRegisteredDevices(p.getId()));
        return createHandlerResult(tokenCredential, p, null);
    } catch (final DeviceCompromisedException e) {
        registration = e.getDeviceRegistration();
        throw new PreventedException("Device possibly compromised and therefore blocked: " + e.getMessage(), e);
    } finally {
        u2FDeviceRepository.authenticateDevice(p.getId(), registration);
    }
}
Also used : AuthenticateResponse(com.yubico.u2f.data.messages.AuthenticateResponse) AuthenticateRequestData(com.yubico.u2f.data.messages.AuthenticateRequestData) Authentication(org.apereo.cas.authentication.Authentication) DeviceRegistration(com.yubico.u2f.data.DeviceRegistration) RequestContext(org.springframework.webflow.execution.RequestContext) DeviceCompromisedException(com.yubico.u2f.exceptions.DeviceCompromisedException) PreventedException(org.apereo.cas.authentication.PreventedException) Principal(org.apereo.cas.authentication.principal.Principal)

Aggregations

PreventedException (org.apereo.cas.authentication.PreventedException)14 FailedLoginException (javax.security.auth.login.FailedLoginException)12 GeneralSecurityException (java.security.GeneralSecurityException)10 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)4 RequestContext (org.springframework.webflow.execution.RequestContext)4 AccountDisabledException (org.apereo.cas.authentication.exceptions.AccountDisabledException)3 DataAccessException (org.springframework.dao.DataAccessException)3 Optional (java.util.Optional)2 Authentication (org.apereo.cas.authentication.Authentication)2 BasicCredentialMetaData (org.apereo.cas.authentication.BasicCredentialMetaData)2 DefaultHandlerResult (org.apereo.cas.authentication.DefaultHandlerResult)2 AccountPasswordMustChangeException (org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException)2 ClientCredential (org.apereo.cas.authentication.principal.ClientCredential)2 Principal (org.apereo.cas.authentication.principal.Principal)2 UserProfile (org.pac4j.core.profile.UserProfile)2 IncorrectResultSizeDataAccessException (org.springframework.dao.IncorrectResultSizeDataAccessException)2 DeviceRegistration (com.yubico.u2f.data.DeviceRegistration)1 AuthenticateRequestData (com.yubico.u2f.data.messages.AuthenticateRequestData)1 AuthenticateResponse (com.yubico.u2f.data.messages.AuthenticateResponse)1 DeviceCompromisedException (com.yubico.u2f.exceptions.DeviceCompromisedException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial