Examples with AuthenticationChallengeException org.codice.ddf.platform.filter.AuthenticationChallengeException used on opensource projects

Example 1 with AuthenticationChallengeException

use of org.codice.ddf.platform.filter.AuthenticationChallengeException in project ddf by codice.

the class WebSSOFilter method handleResultStatus.

private void handleResultStatus(HttpServletRequest httpRequest, HttpServletResponse httpResponse, HandlerResult result, String path, String ipAddress) throws AuthenticationChallengeException, AuthenticationFailureException {
    if (result != null) {
        switch(result.getStatus()) {
            case REDIRECTED:
                // handler handled the response - it is redirecting or whatever
                // necessary to get their tokens
                LOGGER.debug("Stopping filter chain - handled by plugins");
                throw new AuthenticationChallengeException("Stopping filter chain - handled by plugins");
            case NO_ACTION:
                if (!contextPolicyManager.getGuestAccess()) {
                    LOGGER.warn("No handlers were able to determine required credentials, returning bad request to {}. Check policy configuration for path: {}", ipAddress, path);
                    returnSimpleResponse(HttpServletResponse.SC_BAD_REQUEST, httpResponse);
                    throw new AuthenticationFailureException("No handlers were able to determine required credentials");
                }
                result = new HandlerResultImpl(Status.COMPLETED, new GuestAuthenticationToken(ipAddress, securityLogger));
                result.setSource("default");
            // fall through
            case COMPLETED:
                if (result.getToken() == null) {
                    LOGGER.warn("Completed without credentials for {} - check context policy configuration for path: {}", ipAddress, path);
                    returnSimpleResponse(HttpServletResponse.SC_BAD_REQUEST, httpResponse);
                    throw new AuthenticationFailureException("Completed without credentials");
                }
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Attaching result handler to the http request - token is instance of {} from classloader {}", result.getToken().getClass().getName(), result.getToken().getClass().getClassLoader());
                }
                if (result.getToken() instanceof BaseAuthenticationToken) {
                    ((BaseAuthenticationToken) result.getToken()).setAllowGuest(contextPolicyManager.getGuestAccess());
                }
                httpRequest.setAttribute(AUTHENTICATION_TOKEN_KEY, result);
                break;
            default:
                LOGGER.warn("Unexpected response from handler - ignoring. Remote IP: {}, Path: {}", ipAddress, path);
                throw new AuthenticationFailureException("Unexpected response from handler");
        }
    } else {
        LOGGER.warn("Expected login credentials from {} - didn't find any. Returning a bad request for path: {}", ipAddress, path);
        returnSimpleResponse(HttpServletResponse.SC_BAD_REQUEST, httpResponse);
        throw new AuthenticationFailureException("Didn't find any login credentials");
    }
}

Example 2 with AuthenticationChallengeException

use of org.codice.ddf.platform.filter.AuthenticationChallengeException in project ddf by codice.

the class JettyAuthenticator method validateRequest.

@Override
public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean mandatory) throws ServerAuthException {
    TreeSet<ServiceReference<SecurityFilter>> sortedSecurityFilterServiceReferences = null;
    final BundleContext bundleContext = getContext();
    if (bundleContext == null) {
        throw new ServerAuthException("Unable to get BundleContext. No servlet SecurityFilters can be applied. Blocking the request processing.");
    }
    try {
        sortedSecurityFilterServiceReferences = new TreeSet<>(bundleContext.getServiceReferences(SecurityFilter.class, null));
    } catch (InvalidSyntaxException ise) {
        LOGGER.debug("Should never get this exception as there is no filter being passed.");
    }
    if (!CollectionUtils.isEmpty(sortedSecurityFilterServiceReferences)) {
        LOGGER.debug("Found {} filter(s), now filtering...", sortedSecurityFilterServiceReferences.size());
        final SecurityFilterChain chain = new SecurityFilterChain();
        // run in order of highest to lowest service ranking.
        for (ServiceReference<SecurityFilter> securityFilterServiceReference : sortedSecurityFilterServiceReferences) {
            final SecurityFilter securityFilter = bundleContext.getService(securityFilterServiceReference);
            if (!hasBeenInitialized(securityFilterServiceReference, bundleContext)) {
                initializeSecurityFilter(bundleContext, securityFilterServiceReference, securityFilter);
            }
            chain.addSecurityFilter(securityFilter);
        }
        try {
            chain.doFilter(servletRequest, servletResponse);
        } catch (IOException e) {
            throw new ServerAuthException("Unable to process security filter. Blocking the request processing.");
        } catch (AuthenticationChallengeException e) {
            return new Authentication.Challenge() {
            };
        } catch (AuthenticationException e) {
            return new Authentication.Failure() {
            };
        }
    } else {
        LOGGER.debug("Did not find any SecurityFilters. Send auth failure...");
        return new Authentication.Failure() {
        };
    }
    Subject subject = (Subject) servletRequest.getAttribute(SecurityConstants.SECURITY_SUBJECT);
    UserIdentity userIdentity = new JettyUserIdentity(getSecuritySubject(subject));
    return new JettyAuthenticatedUser(userIdentity);
}