use of org.graylog.security.authservice.AuthServiceResult in project graylog2-server by Graylog2.
the class UsernamePasswordRealm method doGetAuthenticationInfo.
private AuthenticationInfo doGetAuthenticationInfo(UsernamePasswordToken token) throws AuthenticationException {
final String username = token.getUsername();
final String plainPassword = String.valueOf(token.getPassword());
if (isBlank(username) || isBlank(plainPassword)) {
LOG.error("Username or password were empty. Not attempting authentication service authentication");
return null;
}
if (rootUsername.equals(username)) {
LOG.debug("Authentication services should not handle the local admin user <{}> - skipping", username);
return null;
}
LOG.debug("Attempting authentication for username <{}>", username);
try {
// We encrypt the password before passing it on to reduce the chance of exposing it somewhere by accident.
final EncryptedValue encryptedPassword = encryptedValueService.encrypt(plainPassword);
final AuthServiceResult result = authenticator.authenticate(AuthServiceCredentials.create(username, encryptedPassword));
if (result.isSuccess()) {
LOG.debug("Successfully authenticated username <{}> for user profile <{}> with backend <{}/{}/{}>", result.username(), result.userProfileId(), result.backendTitle(), result.backendType(), result.backendId());
return toAuthenticationInfo(result);
} else {
LOG.debug("Failed to authenticate username <{}> with backend <{}/{}/{}>", result.username(), result.backendTitle(), result.backendType(), result.backendId());
return null;
}
} catch (AuthServiceException e) {
throw new AuthenticationServiceUnavailableException("Authentication service error", e);
} catch (AuthenticationServiceUnavailableException e) {
throw e;
} catch (Exception e) {
LOG.error("Unhandled authentication error", e);
return null;
}
}
use of org.graylog.security.authservice.AuthServiceResult in project graylog2-server by Graylog2.
the class HTTPHeaderAuthenticationRealm method doAuthenticate.
private AuthenticationInfo doAuthenticate(String username, HTTPHeaderAuthConfig config, String remoteAddr) {
LOG.debug("Attempting authentication for username <{}>", username);
try {
// Create already authenticated credentials to make sure the auth service backend doesn't try to
// authenticate the user again
final AuthServiceCredentials credentials = AuthServiceCredentials.createAuthenticated(username);
final AuthServiceResult result = authServiceAuthenticator.authenticate(credentials);
if (result.isSuccess()) {
LOG.debug("Successfully authenticated username <{}> for user profile <{}> with backend <{}/{}/{}>", result.username(), result.userProfileId(), result.backendTitle(), result.backendType(), result.backendId());
// Setting this, will let the SessionResource know, that when a non-existing session is validated, it
// should in fact create a session.
ShiroSecurityContext.requestSessionCreation(true);
return toAuthenticationInfo(result);
} else {
LOG.warn("Failed to authenticate username <{}> from trusted HTTP header <{}> via proxy <{}>", result.username(), config.usernameHeader(), remoteAddr);
return null;
}
} catch (AuthServiceException e) {
LOG.error("Authentication service error", e);
return null;
} catch (Exception e) {
LOG.error("Unhandled authentication error", e);
return null;
}
}
Aggregations