Examples with AuthenticationException org.exist.security.AuthenticationException used on opensource projects

Example 26 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class LDAPRealm method getGroup.

private synchronized Group getGroup(final LdapContext ctx, final DBBroker broker, final String name) {
    if (name == null) {
        return null;
    }
    final String gName = ensureCase(name);
    final Group grp = getGroup(gName);
    if (grp != null) {
        return grp;
    } else {
        // if the group is not cached, we should try and find it in LDAP and cache it if it exists
        try {
            // do the lookup
            final SearchResult ldapGroup = findGroupByGroupName(ctx, removeDomainPostfix(gName));
            if (ldapGroup == null) {
                return null;
            } else {
                // found a group from ldap so cache them and return
                try {
                    return createGroupInDatabase(broker, gName);
                // registerGroup(grp); //TODO do we need to do this?
                } catch (final AuthenticationException ae) {
                    LOG.error(ae.getMessage(), ae);
                    return null;
                }
            }
        } catch (final NamingException ne) {
            LOG.error(new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage()));
            return null;
        }
    }
}

Example 27 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class LDAPRealm method findAllGroupNames.

@Override
public List<String> findAllGroupNames() {
    final List<String> groupnames = new ArrayList<>();
    LdapContext ctx = null;
    try {
        ctx = getContext(getSecurityManager().getCurrentSubject());
        final LDAPSearchContext search = ensureContextFactory().getSearch();
        final SearchAttribute sa = new SearchAttribute(null, null);
        final String searchFilter = buildSearchFilter(search.getSearchGroup().getSearchFilterPrefix(), sa);
        final SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
        searchControls.setReturningAttributes(new String[] { search.getSearchGroup().getSearchAttribute(LDAPSearchAttributeKey.NAME) });
        final NamingEnumeration<SearchResult> results = ctx.search(search.getBase(), searchFilter, searchControls);
        while (results.hasMoreElements()) {
            final SearchResult searchResult = results.nextElement();
            final String groupname = ensureCase(addDomainPostfix((String) searchResult.getAttributes().get(search.getSearchGroup().getSearchAttribute(LDAPSearchAttributeKey.NAME)).get()));
            if (checkGroupRestrictionList(groupname)) {
                groupnames.add(groupname);
            }
        }
    } catch (final NamingException ne) {
        LOG.error(new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage()));
    } finally {
        if (ctx != null) {
            LdapUtils.closeContext(ctx);
        }
    }
    return groupnames;
}

Example 28 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class LDAPRealm method authenticate.

@Override
public Subject authenticate(final String username, final Object credentials) throws AuthenticationException {
    final String name = ensureCase(username);
    // Binds using the username and password provided by the user.
    LdapContext ctx = null;
    try {
        ctx = getContextWithCredentials(Optional.of(Tuple(name, String.valueOf(credentials))));
        final AbstractAccount account = (AbstractAccount) getAccount(ctx, name);
        if (account == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Account '{}' can not be found.", name);
            }
            throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, "Account '" + name + "' can not be found.");
        }
        return new AuthenticatedLdapSubjectAccreditedImpl(account, ctx, String.valueOf(credentials));
    } catch (final NamingException e) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(e.getMessage(), e);
        }
        if (e instanceof javax.naming.AuthenticationException) {
            throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, e.getMessage());
        } else {
            throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
        }
    } finally {
        LdapUtils.closeContext(ctx);
    }
}

Example 29 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class AsUser method eval.

@Override
public Sequence eval(final Sequence contextSequence, final Item contextItem) throws XPathException {
    logger.debug("Entering the " + SystemModule.PREFIX + ":as-user XQuery function");
    final DBBroker broker = context.getBroker();
    final Sequence usernameResult = getArgument(0).eval(contextSequence, contextItem);
    if (usernameResult.isEmpty()) {
        final XPathException exception = new XPathException(this, "No user specified");
        logger.error("No user specified, throwing an exception!", exception);
        throw exception;
    }
    final Sequence password = getArgument(1).eval(contextSequence, contextItem);
    final String username = usernameResult.getStringValue();
    final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
    Subject user;
    try {
        user = sm.authenticate(username, password.getStringValue());
    } catch (final AuthenticationException e) {
        final XPathException exception = new XPathException(this, "Authentication failed", e);
        logger.error("Authentication failed for [{}] because of [{}].", username, e.getMessage(), exception);
        throw exception;
    }
    logger.info("Setting the effective user to: [{}]", username);
    try {
        broker.pushSubject(user);
        return getArgument(2).eval(contextSequence, contextItem);
    } finally {
        broker.popSubject();
        logger.info("Returned the effective user to: [{}]", broker.getCurrentSubject());
    }
}

Example 30 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class DatabaseImpl method getUser.

/**
 * @param user
 * @param pool
 * @return the User object corresponding to the username in <code>user</code>
 * @throws XMLDBException
 */
private Subject getUser(String user, String password, final BrokerPool pool) throws XMLDBException {
    try {
        if (user == null) {
            user = SecurityManager.GUEST_USER;
            password = SecurityManager.GUEST_USER;
        }
        final SecurityManager securityManager = pool.getSecurityManager();
        return securityManager.authenticate(user, password);
    } catch (final AuthenticationException e) {
        throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
    }
}