Examples with AuthenticationException org.exist.security.AuthenticationException used on opensource projects

Example 16 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class SetCurrentUser method eval.

@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
    // get the username and password parameters
    final String userName = args[0].getStringValue();
    final String passwd = args[1].getStringValue();
    // try and validate the user and password
    final SecurityManager security = context.getBroker().getBrokerPool().getSecurityManager();
    final Subject user;
    try {
        user = security.authenticate(userName, passwd);
    } catch (final AuthenticationException e) {
        logger.warn("Could not validate user {} [{}]", userName, e.getMessage());
        return BooleanValue.FALSE;
    }
    // switch the user of the current broker
    switchUser(user);
    // validated user, store in session
    final SessionWrapper session = SessionFunction.getValidOrCreateSession(this, context, Optional.ofNullable(context.getHttpContext()).map(XQueryContext.HttpContext::getSession));
    session.setAttribute("user", userName);
    session.setAttribute("password", new StringValue(passwd));
    return BooleanValue.TRUE;
}

Example 17 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class EXistDBLoginModule method login.

/**
 * Authenticate the user by prompting for a user name and password.
 *
 * @return true in all cases since this <code>LoginModule</code> should not
 *         be ignored.
 *
 * @throws FailedLoginException
 *                if the authentication fails.
 *
 * @throws LoginException
 *                if this <code>LoginModule</code> is unable to perform the
 *                authentication.
 */
public boolean login() throws LoginException {
    // prompt for a user name and password
    if (callbackHandler == null) {
        throw new LoginException("Error: no CallbackHandler available " + "to garner authentication information from the user");
    }
    final Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback("user name: ");
    callbacks[1] = new PasswordCallback("password: ", false);
    // username and password
    String username;
    char[] password;
    try {
        callbackHandler.handle(callbacks);
        username = ((NameCallback) callbacks[0]).getName();
        char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
        if (tmpPassword == null) {
            // treat a NULL password as an empty password
            tmpPassword = new char[0];
        }
        password = new char[tmpPassword.length];
        System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
        ((PasswordCallback) callbacks[1]).clearPassword();
    } catch (final java.io.IOException ioe) {
        throw new LoginException(ioe.toString());
    } catch (final UnsupportedCallbackException uce) {
        throw new LoginException("Error: " + uce.getCallback().toString() + " not available to garner authentication information" + " from the user");
    }
    // print debugging information
    if (debug) {
        System.out.println("\t\t[eXistLoginModule] user entered user name: " + username);
    }
    try {
        userPrincipal = BrokerPool.getInstance().getSecurityManager().authenticate(username, password);
    } catch (final AuthenticationException e) {
        if (debug) {
            System.out.println("\t\t[eXistLoginModule] authentication failed");
        }
        throw new FailedLoginException(e.getMessage());
    } catch (final EXistException e) {
        throw new FailedLoginException(e.getMessage());
    }
    succeeded = userPrincipal.isAuthenticated();
    return true;
}

Example 18 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class RealmImpl method authenticate.

@Override
public Subject authenticate(final String accountName, Object credentials) throws AuthenticationException {
    final Account account = getAccount(accountName);
    if (account == null) {
        throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, "Account '" + accountName + "' not found.");
    }
    if ("SYSTEM".equals(accountName) || (!allowGuestAuthentication && "guest".equals(accountName))) {
        throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, "Account '" + accountName + "' can not be used.");
    }
    if (!account.isEnabled()) {
        throw new AuthenticationException(AuthenticationException.ACCOUNT_LOCKED, "Account '" + accountName + "' is disabled.");
    }
    final Subject subject = new SubjectImpl((AccountImpl) account, credentials);
    if (!subject.isAuthenticated()) {
        throw new AuthenticationException(AuthenticationException.WRONG_PASSWORD, "Wrong password for user [" + accountName + "] ");
    }
    return subject;
}

Example 19 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class XmldbRequestProcessorFactory method authenticate.

protected Subject authenticate(String username, String password) throws XmlRpcException {
    // set a password for admin to permit this
    if (username == null) {
        username = SecurityManager.GUEST_USER;
        password = username;
    }
    if (!useDefaultUser && username.equalsIgnoreCase(SecurityManager.GUEST_USER)) {
        final String message = "The user " + SecurityManager.GUEST_USER + " is prohibited from logging in through XML-RPC.";
        LOG.debug(message);
        throw new XmlRpcException(0, message);
    }
    // check user
    try {
        return brokerPool.getSecurityManager().authenticate(username, password);
    } catch (final AuthenticationException e) {
        LOG.debug(e.getMessage());
        throw new XmlRpcException(0, e.getMessage());
    }
}

Example 20 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class XQueryURLRewrite method configure.

private void configure() throws ServletException {
    if (pool != null) {
        return;
    }
    try {
        final Class<?> driver = Class.forName(DRIVER);
        final Database database = (Database) driver.newInstance();
        database.setProperty("create-database", "true");
        DatabaseManager.registerDatabase(database);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Initialized database");
        }
    } catch (final Exception e) {
        final String errorMessage = "Failed to initialize database driver";
        LOG.error(errorMessage, e);
        throw new ServletException(errorMessage + ": " + e.getMessage(), e);
    }
    try {
        pool = BrokerPool.getInstance();
    } catch (final EXistException e) {
        throw new ServletException("Could not initialize db: " + e.getMessage(), e);
    }
    defaultUser = pool.getSecurityManager().getGuestSubject();
    final String username = config.getInitParameter("user");
    if (username != null) {
        final String password = config.getInitParameter("password");
        try {
            final Subject user = pool.getSecurityManager().authenticate(username, password);
            if (user != null && user.isAuthenticated()) {
                defaultUser = user;
            }
        } catch (final AuthenticationException e) {
            LOG.error("User can not be authenticated ({}), using default user.", username);
        }
    }
    authenticator = new BasicAuthenticator(pool);
}