Example 16 with PreventedException
use of org.apereo.cas.authentication.PreventedException in project cas by apereo.
the class GoogleAuthenticatorOneTimeTokenCredentialValidator method validate.
@Override
public GoogleAuthenticatorToken validate(final Authentication authentication, final GoogleAuthenticatorTokenCredential tokenCredential) throws GeneralSecurityException, PreventedException {
if (!StringUtils.isNumeric(tokenCredential.getToken())) {
throw new PreventedException("Invalid non-numeric OTP format specified.");
}
val uid = authentication.getPrincipal().getId();
val otp = Integer.parseInt(tokenCredential.getToken());
LOGGER.trace("Received OTP [{}] assigned to account [{}]", otp, tokenCredential.getAccountId());
LOGGER.trace("Received principal id [{}]. Attempting to locate account in credential repository...", uid);
val accounts = this.credentialRepository.get(uid);
if (accounts == null || accounts.isEmpty()) {
throw new AccountNotFoundException(uid + " cannot be found in the registry");
}
if (accounts.size() > 1 && tokenCredential.getAccountId() == null) {
throw new PreventedException("Account identifier must be specified if multiple accounts are registered for " + uid);
}
LOGGER.trace("Attempting to locate OTP token [{}] in token repository for [{}]...", otp, uid);
if (this.tokenRepository.exists(uid, otp)) {
throw new AccountExpiredException(uid + " cannot reuse OTP " + otp + " as it may be expired/invalid");
}
LOGGER.debug("Attempting to authorize OTP token [{}]...", otp);
val result = getAuthorizedAccountForToken(tokenCredential, accounts).or(() -> getAuthorizedScratchCodeForToken(tokenCredential, authentication, accounts));
return result.map(acct -> new GoogleAuthenticatorToken(otp, uid)).orElse(null);
}
Also used :
lombok.val(lombok.val)
OneTimeTokenCredentialRepository(org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository)
Getter(lombok.Getter)
Collection(java.util.Collection)
RequiredArgsConstructor(lombok.RequiredArgsConstructor)
lombok.val(lombok.val)
IGoogleAuthenticator(com.warrenstrange.googleauth.IGoogleAuthenticator)
OneTimeTokenRepository(org.apereo.cas.otp.repository.token.OneTimeTokenRepository)
OneTimeTokenCredentialValidator(org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialValidator)
StringUtils(org.apache.commons.lang3.StringUtils)
AccountExpiredException(javax.security.auth.login.AccountExpiredException)
Slf4j(lombok.extern.slf4j.Slf4j)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
GeneralSecurityException(java.security.GeneralSecurityException)
OneTimeTokenAccount(org.apereo.cas.authentication.OneTimeTokenAccount)
Authentication(org.apereo.cas.authentication.Authentication)
GoogleAuthenticatorToken(org.apereo.cas.gauth.token.GoogleAuthenticatorToken)
Optional(java.util.Optional)
PreventedException(org.apereo.cas.authentication.PreventedException)
AccountExpiredException(javax.security.auth.login.AccountExpiredException)
GoogleAuthenticatorToken(org.apereo.cas.gauth.token.GoogleAuthenticatorToken)
PreventedException(org.apereo.cas.authentication.PreventedException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
Example 17 with PreventedException
use of org.apereo.cas.authentication.PreventedException in project cas by apereo.
the class FortressAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential c, final String originalPassword) throws GeneralSecurityException, PreventedException {
val username = c.getUsername();
val password = c.getPassword();
try {
LOGGER.debug("Trying to delegate authentication for [{}] to fortress", username);
val user = new User(username, password);
val fortressSession = accessManager.createSession(user, false);
if (fortressSession != null && fortressSession.isAuthenticated()) {
val writer = new StringWriter();
marshaller.marshal(fortressSession, writer);
val fortressXmlSession = writer.toString();
LOGGER.debug("Fortress session result: [{}]", fortressXmlSession);
val attributes = new HashMap<String, List<Object>>();
attributes.put(FORTRESS_SESSION_KEY, CollectionUtils.wrapList(fortressXmlSession));
return createHandlerResult(c, principalFactory.createPrincipal(username, attributes));
}
LOGGER.warn("Could not establish a fortress session or session cannot authenticate");
} catch (final org.apache.directory.fortress.core.SecurityException e) {
val errorMessage = String.format("Fortress authentication failed for [%s]", username);
LoggingUtils.error(LOGGER, e);
throw new FailedLoginException(errorMessage);
} catch (final JAXBException e) {
LoggingUtils.warn(LOGGER, e);
throw new PreventedException(e);
}
throw new FailedLoginException(String.format("[%s] could not authenticate with fortress", username));
}
Also used :
lombok.val(lombok.val)
User(org.apache.directory.fortress.core.model.User)
FailedLoginException(javax.security.auth.login.FailedLoginException)
StringWriter(java.io.StringWriter)
HashMap(java.util.HashMap)
JAXBException(javax.xml.bind.JAXBException)
PreventedException(org.apereo.cas.authentication.PreventedException)
Example 18 with PreventedException
use of org.apereo.cas.authentication.PreventedException in project cas by apereo.
the class SimpleTestUsernamePasswordAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException, PreventedException {
val username = credential.getUsername();
val password = credential.getPassword();
val exception = this.usernameErrorMap.get(username);
if (exception instanceof GeneralSecurityException) {
throw (GeneralSecurityException) exception;
}
if (exception instanceof PreventedException) {
throw (PreventedException) exception;
}
if (exception instanceof RuntimeException) {
throw (RuntimeException) exception;
}
if (exception != null) {
LOGGER.debug("Cannot throw checked exception [{}] since it is not declared by method signature.", exception.getClass().getName(), exception);
}
if (StringUtils.isNotBlank(username) && StringUtils.isNotBlank(password) && (username.equals(password) || password.equals(StringUtils.reverse(username)))) {
LOGGER.debug("User [{}] was successfully authenticated.", username);
return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(credential), this.principalFactory.createPrincipal(username), this.warnings);
}
LOGGER.debug("User [{}] failed authentication", username);
throw new FailedLoginException();
}
Also used :
lombok.val(lombok.val)
FailedLoginException(javax.security.auth.login.FailedLoginException)
GeneralSecurityException(java.security.GeneralSecurityException)
PreventedException(org.apereo.cas.authentication.PreventedException)
DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)
BasicCredentialMetaData(org.apereo.cas.authentication.metadata.BasicCredentialMetaData)
Aggregations
PreventedException (org.apereo.cas.authentication.PreventedException)18
lombok.val (lombok.val)15
FailedLoginException (javax.security.auth.login.FailedLoginException)9
GeneralSecurityException (java.security.GeneralSecurityException)5
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)5
DefaultAuthenticationBuilder (org.apereo.cas.authentication.DefaultAuthenticationBuilder)4
Test (org.junit.jupiter.api.Test)4
ConfigurableApplicationContext (org.springframework.context.ConfigurableApplicationContext)4
StringUtils (org.apache.commons.lang3.StringUtils)3
Authentication (org.apereo.cas.authentication.Authentication)3
AccountDisabledException (org.apereo.cas.authentication.exceptions.AccountDisabledException)3
Objects (java.util.Objects)2
Optional (java.util.Optional)2
AccountExpiredException (javax.security.auth.login.AccountExpiredException)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Slf4j (lombok.extern.slf4j.Slf4j)2
WebContext (org.pac4j.core.context.WebContext)2
DataAccessException (org.springframework.dao.DataAccessException)2
IGoogleAuthenticator (com.warrenstrange.googleauth.IGoogleAuthenticator)1
