Search in sources :

Example 1 with AccessTokenImpl

use of org.eclipse.kapua.service.authentication.AccessTokenImpl in project kapua by eclipse.

the class AuthenticationServiceShiroImpl method login.

@Override
public AccessToken login(AuthenticationCredentials authenticationToken) throws KapuaException {
    Subject currentUser = SecurityUtils.getSubject();
    if (currentUser.isAuthenticated()) {
        logger.info("Thread already authenticated for thread '{}' - '{}' - '{}'", new Object[] { Thread.currentThread().getId(), Thread.currentThread().getName(), currentUser.toString() });
        throw new KapuaAuthenticationException(KapuaAuthenticationErrorCodes.SUBJECT_ALREADY_LOGGED);
    }
    // AccessToken accessToken = null;
    if (authenticationToken instanceof UsernamePasswordTokenImpl) {
        UsernamePasswordTokenImpl usernamePasswordToken = (UsernamePasswordTokenImpl) authenticationToken;
        MDC.put(KapuaSecurityUtils.MDC_USERNAME, usernamePasswordToken.getUsername());
        UsernamePasswordToken shiroToken = new UsernamePasswordToken(usernamePasswordToken.getUsername(), usernamePasswordToken.getPassword());
        try {
            currentUser.login(shiroToken);
            Subject shiroSubject = SecurityUtils.getSubject();
            Session shiroSession = shiroSubject.getSession();
            KapuaEid scopeId = (KapuaEid) shiroSession.getAttribute("scopeId");
            KapuaEid userScopeId = (KapuaEid) shiroSession.getAttribute("userScopeId");
            KapuaEid userId = (KapuaEid) shiroSession.getAttribute("userId");
            // create the access token
            String generatedTokenKey = generateToken();
            AccessToken accessToken = new AccessTokenImpl(userId, scopeId, userScopeId, generatedTokenKey);
            KapuaSession kapuaSession = new KapuaSession(accessToken, scopeId, userScopeId, userId, usernamePasswordToken.getUsername());
            KapuaSecurityUtils.setSession(kapuaSession);
            shiroSubject.getSession().setAttribute(KapuaSession.KAPUA_SESSION_KEY, kapuaSession);
            logger.info("Login for thread '{}' - '{}' - '{}'", new Object[] { Thread.currentThread().getId(), Thread.currentThread().getName(), shiroSubject.toString() });
            return kapuaSession.getAccessToken();
        } catch (ShiroException se) {
            KapuaAuthenticationException kae = null;
            if (se instanceof UnknownAccountException) {
                kae = new KapuaAuthenticationException(KapuaAuthenticationErrorCodes.INVALID_USERNAME, se, usernamePasswordToken.getUsername());
            } else if (se instanceof DisabledAccountException) {
                kae = new KapuaAuthenticationException(KapuaAuthenticationErrorCodes.DISABLED_USERNAME, se, usernamePasswordToken.getUsername());
            } else if (se instanceof LockedAccountException) {
                kae = new KapuaAuthenticationException(KapuaAuthenticationErrorCodes.LOCKED_USERNAME, se, usernamePasswordToken.getUsername());
            } else if (se instanceof IncorrectCredentialsException) {
                kae = new KapuaAuthenticationException(KapuaAuthenticationErrorCodes.INVALID_CREDENTIALS, se, usernamePasswordToken.getUsername());
            } else if (se instanceof ExpiredCredentialsException) {
                kae = new KapuaAuthenticationException(KapuaAuthenticationErrorCodes.EXPIRED_CREDENTIALS, se, usernamePasswordToken.getUsername());
            } else {
                throw KapuaAuthenticationException.internalError(se);
            }
            currentUser.logout();
            throw kae;
        }
    } else {
        throw new KapuaAuthenticationException(KapuaAuthenticationErrorCodes.INVALID_CREDENTIALS_TOKEN_PROVIDED);
    }
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) KapuaSession(org.eclipse.kapua.commons.security.KapuaSession) AccessTokenImpl(org.eclipse.kapua.service.authentication.AccessTokenImpl) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) KapuaEid(org.eclipse.kapua.commons.model.id.KapuaEid) Subject(org.apache.shiro.subject.Subject) ExpiredCredentialsException(org.apache.shiro.authc.ExpiredCredentialsException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) ShiroException(org.apache.shiro.ShiroException) AccessToken(org.eclipse.kapua.service.authentication.AccessToken) LockedAccountException(org.apache.shiro.authc.LockedAccountException) Session(org.apache.shiro.session.Session) KapuaSession(org.eclipse.kapua.commons.security.KapuaSession)

Example 2 with AccessTokenImpl

use of org.eclipse.kapua.service.authentication.AccessTokenImpl in project kapua by eclipse.

the class KapuaSessionAuthFilter method executeChain.

protected void executeChain(ServletRequest request, ServletResponse response, FilterChain origChain) throws IOException, ServletException {
    // bind kapua session
    // TODO workaround to fix the null kapua session on webconsole requests.
    // to be removed and substitute with getToken or another solution?
    KapuaSession kapuaSession = null;
    Subject shiroSubject = SecurityUtils.getSubject();
    if (shiroSubject != null && shiroSubject.isAuthenticated()) {
        Session s = shiroSubject.getSession();
        KapuaEid scopeId = (KapuaEid) s.getAttribute("scopeId");
        KapuaEid userScopeId = (KapuaEid) s.getAttribute("userScopeId");
        KapuaEid userId = (KapuaEid) s.getAttribute("userId");
        // create the access token
        String generatedTokenKey = UUID.randomUUID().toString();
        AccessToken accessToken = new AccessTokenImpl(userId, scopeId, userScopeId, generatedTokenKey);
        kapuaSession = new KapuaSession(accessToken, scopeId, userScopeId, userId, "");
    }
    try {
        KapuaSecurityUtils.setSession(kapuaSession);
        super.executeChain(request, response, origChain);
    } finally {
        // unbind kapua session
        KapuaSecurityUtils.clearSession();
    }
}
Also used : KapuaSession(org.eclipse.kapua.commons.security.KapuaSession) AccessToken(org.eclipse.kapua.service.authentication.AccessToken) AccessTokenImpl(org.eclipse.kapua.service.authentication.AccessTokenImpl) KapuaEid(org.eclipse.kapua.commons.model.id.KapuaEid) Subject(org.apache.shiro.subject.Subject) Session(org.apache.shiro.session.Session) KapuaSession(org.eclipse.kapua.commons.security.KapuaSession)

Aggregations

Session (org.apache.shiro.session.Session)2 Subject (org.apache.shiro.subject.Subject)2 KapuaEid (org.eclipse.kapua.commons.model.id.KapuaEid)2 KapuaSession (org.eclipse.kapua.commons.security.KapuaSession)2 AccessToken (org.eclipse.kapua.service.authentication.AccessToken)2 AccessTokenImpl (org.eclipse.kapua.service.authentication.AccessTokenImpl)2 ShiroException (org.apache.shiro.ShiroException)1 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)1 ExpiredCredentialsException (org.apache.shiro.authc.ExpiredCredentialsException)1 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)1 LockedAccountException (org.apache.shiro.authc.LockedAccountException)1 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)1 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)1