Search in sources :

Example 1 with BadCredentialsException

use of org.craftercms.studio.api.v1.exception.security.BadCredentialsException in project studio by craftercms.

the class DbAuthenticationProvider method doAuthenticate.

@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationChain authenticationChain, String username, String password) throws AuthenticationSystemException, BadCredentialsException {
    Map<String, Object> params = new HashMap<String, Object>();
    params.put(USER_ID, -1);
    params.put(USERNAME, username);
    User user = null;
    UserDAO userDao = authenticationChain.getUserDao();
    try {
        user = userDao.getUserByIdOrUsername(params);
    } catch (Exception e) {
        logger.debug("Unknown database error", e);
        throw new AuthenticationSystemException("Unknown database error", e);
    }
    if (user != null && !user.isDeleted() && user.isEnabled() && CryptoUtils.matchPassword(user.getPassword(), password)) {
        String token = createToken(user, authenticationChain);
        storeAuthentication(new Authentication(username, token, AuthenticationType.DB));
        return true;
    } else {
        throw new BadCredentialsException();
    }
}
Also used : User(org.craftercms.studio.api.v2.dal.User) UserDAO(org.craftercms.studio.api.v2.dal.UserDAO) HashMap(java.util.HashMap) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException)

Example 2 with BadCredentialsException

use of org.craftercms.studio.api.v1.exception.security.BadCredentialsException in project studio by craftercms.

the class LdapAuthenticationProvider method doAuthenticate.

@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationChain authenticationChain, String username, String password) throws AuthenticationSystemException, BadCredentialsException {
    LdapContextSource lcs = new LdapContextSource();
    lcs.setUrl(ldapUrl);
    lcs.setUserDn(ldapUsername);
    lcs.setPassword(ldapPassword);
    lcs.setBase(ldapBaseContext);
    lcs.setDirObjectFactory(DefaultDirObjectFactory.class);
    lcs.afterPropertiesSet();
    LdapTemplate ldapTemplate = new LdapTemplate(lcs);
    // Mapper for user data if user is successfully authenticated
    AuthenticatedLdapEntryContextMapper<User> mapper = (dirContext, ldapEntryIdentification) -> {
        try {
            // User entry - extract attributes
            DirContextOperations dirContextOperations = (DirContextOperations) dirContext.lookup(ldapEntryIdentification.getRelativeName());
            Attributes attributes = dirContextOperations.getAttributes();
            Attribute emailAttrib = attributes.get(emailLdapAttribute);
            Attribute firstNameAttrib = attributes.get(firstNameLdapAttribute);
            Attribute lastNameAttrib = attributes.get(lastNameLdapAttribute);
            Attribute groupNameAttrib = attributes.get(groupNameLdapAttribute);
            User user = new User();
            user.setEnabled(true);
            user.setExternallyManaged(true);
            user.setUsername(username);
            user.setPassword(UUID.randomUUID().toString());
            if (emailAttrib != null && emailAttrib.get() != null) {
                user.setEmail(emailAttrib.get().toString());
            } else {
                logger.warn("No LDAP attribute " + emailLdapAttribute + " found for username " + username + ". User will not be imported into DB.");
                return null;
            }
            if (firstNameAttrib != null && firstNameAttrib.get() != null) {
                user.setFirstName(firstNameAttrib.get().toString());
            } else {
                logger.warn("No LDAP attribute " + firstNameLdapAttribute + " found for username " + username);
            }
            if (lastNameAttrib != null && lastNameAttrib.get() != null) {
                user.setLastName(lastNameAttrib.get().toString());
            } else {
                logger.warn("No LDAP attribute " + lastNameLdapAttribute + " found for username " + username);
            }
            extractGroupsFromAttribute(user, groupNameLdapAttribute, groupNameAttrib);
            return user;
        } catch (NamingException e) {
            logger.debug("Error getting details from LDAP for username " + username, e);
            return null;
        }
    };
    // Create ldap query to authenticate user
    LdapQuery ldapQuery = query().where(usernameLdapAttribute).is(username);
    User user;
    try {
        user = ldapTemplate.authenticate(ldapQuery, password, mapper);
    } catch (EmptyResultDataAccessException e) {
        logger.debug("User " + username + " not found with external security provider.");
        return false;
    } catch (CommunicationException e) {
        logger.debug("Failed to connect with external security provider", e);
        return false;
    } catch (AuthenticationException e) {
        logger.debug("Authentication failed with the LDAP system (bad credentials)", e);
        throw new BadCredentialsException();
    } catch (Exception e) {
        logger.debug("Unexpected exception when authenticating with the LDAP system", e);
        return false;
    }
    if (user != null) {
        // When user authenticated against LDAP, upsert user data into studio database
        UserServiceInternal userServiceInternal = authenticationChain.getUserServiceInternal();
        AuditServiceInternal auditServiceInternal = authenticationChain.getAuditServiceInternal();
        StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
        SiteService siteService = authenticationChain.getSiteService();
        try {
            SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
            if (userServiceInternal.userExists(-1, username)) {
                try {
                    userServiceInternal.updateUser(user);
                } catch (UserNotFoundException e) {
                    // Shouldn't happen
                    throw new IllegalStateException(e);
                }
                AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
                auditLog.setOperation(OPERATION_UPDATE);
                auditLog.setSiteId(siteFeed.getId());
                auditLog.setActorId(user.getUsername());
                auditLog.setPrimaryTargetId(user.getUsername());
                auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
                auditLog.setPrimaryTargetValue(user.getUsername());
                auditServiceInternal.insertAuditLog(auditLog);
            } else {
                try {
                    userServiceInternal.createUser(user);
                    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
                    auditLog.setOperation(OPERATION_CREATE);
                    auditLog.setSiteId(siteFeed.getId());
                    auditLog.setActorId(user.getUsername());
                    auditLog.setPrimaryTargetId(user.getUsername());
                    auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
                    auditLog.setPrimaryTargetValue(user.getUsername());
                    auditServiceInternal.insertAuditLog(auditLog);
                } catch (UserAlreadyExistsException e) {
                    logger.debug("Error adding user " + username + " from external authentication provider", e);
                    throw new AuthenticationSystemException("Error adding user " + username + " from external authentication provider", e);
                }
            }
        } catch (ServiceLayerException e) {
            logger.debug("Unknown service error", e);
            throw new AuthenticationSystemException("Unknown service error", e);
        }
        for (UserGroup userGroup : user.getGroups()) {
            upsertUserGroup(userGroup.getGroup().getGroupName(), user.getUsername(), authenticationChain);
        }
        String token = createToken(user, authenticationChain);
        storeAuthentication(new Authentication(username, token, AuthenticationType.LDAP));
        return true;
    } else {
        logger.debug("Failed to retrieve LDAP user details");
        throw new AuthenticationSystemException("Failed to retrieve LDAP user details");
    }
}
Also used : DEFAULT_ORGANIZATION_ID(org.craftercms.studio.api.v1.constant.StudioConstants.DEFAULT_ORGANIZATION_ID) UserServiceInternal(org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal) GROUP_NAME(org.craftercms.studio.api.v2.dal.QueryParameterNames.GROUP_NAME) LdapTemplate(org.springframework.ldap.core.LdapTemplate) NamingException(javax.naming.NamingException) StringUtils(org.apache.commons.lang3.StringUtils) UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) User(org.craftercms.studio.api.v2.dal.User) Attribute(javax.naming.directory.Attribute) Matcher(java.util.regex.Matcher) GROUP_DESCRIPTION(org.craftercms.studio.api.v2.dal.QueryParameterNames.GROUP_DESCRIPTION) AuditServiceInternal(org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal) Map(java.util.Map) BaseAuthenticationProvider(org.craftercms.studio.api.v2.service.security.BaseAuthenticationProvider) UserGroup(org.craftercms.studio.api.v2.dal.UserGroup) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) USERNAME(org.craftercms.studio.api.v2.dal.QueryParameterNames.USERNAME) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) SiteService(org.craftercms.studio.api.v1.service.site.SiteService) CONFIGURATION_GLOBAL_SYSTEM_SITE(org.craftercms.studio.api.v2.utils.StudioConfiguration.CONFIGURATION_GLOBAL_SYSTEM_SITE) UUID(java.util.UUID) List(java.util.List) StudioConfiguration(org.craftercms.studio.api.v2.utils.StudioConfiguration) GROUP_ID(org.craftercms.studio.api.v2.dal.QueryParameterNames.GROUP_ID) LdapQueryBuilder.query(org.springframework.ldap.query.LdapQueryBuilder.query) Attributes(javax.naming.directory.Attributes) NamingEnumeration(javax.naming.NamingEnumeration) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) OPERATION_CREATE(org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_CREATE) Pattern(java.util.regex.Pattern) DirContextOperations(org.springframework.ldap.core.DirContextOperations) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) TARGET_TYPE_USER(org.craftercms.studio.api.v2.dal.AuditLogConstants.TARGET_TYPE_USER) USER_ID(org.craftercms.studio.api.v2.dal.QueryParameterNames.USER_ID) AuthenticationException(org.springframework.ldap.AuthenticationException) USER_IDS(org.craftercms.studio.api.v2.dal.QueryParameterNames.USER_IDS) Logger(org.craftercms.studio.api.v1.log.Logger) GroupDAO(org.craftercms.studio.api.v2.dal.GroupDAO) AuthenticationType(org.craftercms.studio.model.AuthenticationType) HashMap(java.util.HashMap) AuthenticationChain(org.craftercms.studio.api.v2.service.security.AuthenticationChain) ArrayList(java.util.ArrayList) HttpServletRequest(javax.servlet.http.HttpServletRequest) LoggerFactory(org.craftercms.studio.api.v1.log.LoggerFactory) CommunicationException(org.springframework.ldap.CommunicationException) OPERATION_ADD_MEMBERS(org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_ADD_MEMBERS) OPERATION_UPDATE(org.craftercms.studio.api.v2.dal.AuditLogConstants.OPERATION_UPDATE) LdapQuery(org.springframework.ldap.query.LdapQuery) DefaultDirObjectFactory(org.springframework.ldap.core.support.DefaultDirObjectFactory) UserDAO(org.craftercms.studio.api.v2.dal.UserDAO) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) HttpServletResponse(javax.servlet.http.HttpServletResponse) ORG_ID(org.craftercms.studio.api.v2.dal.QueryParameterNames.ORG_ID) Group(org.craftercms.studio.api.v2.dal.Group) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException) AuthenticatedLdapEntryContextMapper(org.springframework.ldap.core.AuthenticatedLdapEntryContextMapper) UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) User(org.craftercms.studio.api.v2.dal.User) Attribute(javax.naming.directory.Attribute) AuthenticationException(org.springframework.ldap.AuthenticationException) Attributes(javax.naming.directory.Attributes) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) LdapQuery(org.springframework.ldap.query.LdapQuery) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException) LdapTemplate(org.springframework.ldap.core.LdapTemplate) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) UserGroup(org.craftercms.studio.api.v2.dal.UserGroup) StudioConfiguration(org.craftercms.studio.api.v2.utils.StudioConfiguration) SiteService(org.craftercms.studio.api.v1.service.site.SiteService) NamingException(javax.naming.NamingException) CommunicationException(org.springframework.ldap.CommunicationException) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) UserServiceInternal(org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) NamingException(javax.naming.NamingException) UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) AuthenticationException(org.springframework.ldap.AuthenticationException) CommunicationException(org.springframework.ldap.CommunicationException) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) BadCredentialsException(org.craftercms.studio.api.v1.exception.security.BadCredentialsException) AuditServiceInternal(org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal) DirContextOperations(org.springframework.ldap.core.DirContextOperations) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException)

Aggregations

HashMap (java.util.HashMap)2 AuthenticationSystemException (org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException)2 BadCredentialsException (org.craftercms.studio.api.v1.exception.security.BadCredentialsException)2 User (org.craftercms.studio.api.v2.dal.User)2 UserDAO (org.craftercms.studio.api.v2.dal.UserDAO)2 ArrayList (java.util.ArrayList)1 List (java.util.List)1 Map (java.util.Map)1 UUID (java.util.UUID)1 Matcher (java.util.regex.Matcher)1 Pattern (java.util.regex.Pattern)1 NamingEnumeration (javax.naming.NamingEnumeration)1 NamingException (javax.naming.NamingException)1 Attribute (javax.naming.directory.Attribute)1 Attributes (javax.naming.directory.Attributes)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 StringUtils (org.apache.commons.lang3.StringUtils)1 DEFAULT_ORGANIZATION_ID (org.craftercms.studio.api.v1.constant.StudioConstants.DEFAULT_ORGANIZATION_ID)1 SiteFeed (org.craftercms.studio.api.v1.dal.SiteFeed)1