Examples with AuthServiceResult org.graylog.security.authservice.AuthServiceResult used on opensource projects

Example 1 with AuthServiceResult

use of org.graylog.security.authservice.AuthServiceResult in project graylog2-server by Graylog2.

the class UsernamePasswordRealm method doGetAuthenticationInfo.

private AuthenticationInfo doGetAuthenticationInfo(UsernamePasswordToken token) throws AuthenticationException {
    final String username = token.getUsername();
    final String plainPassword = String.valueOf(token.getPassword());
    if (isBlank(username) || isBlank(plainPassword)) {
        LOG.error("Username or password were empty. Not attempting authentication service authentication");
        return null;
    }
    if (rootUsername.equals(username)) {
        LOG.debug("Authentication services should not handle the local admin user <{}> - skipping", username);
        return null;
    }
    LOG.debug("Attempting authentication for username <{}>", username);
    try {
        // We encrypt the password before passing it on to reduce the chance of exposing it somewhere by accident.
        final EncryptedValue encryptedPassword = encryptedValueService.encrypt(plainPassword);
        final AuthServiceResult result = authenticator.authenticate(AuthServiceCredentials.create(username, encryptedPassword));
        if (result.isSuccess()) {
            LOG.debug("Successfully authenticated username <{}> for user profile <{}> with backend <{}/{}/{}>", result.username(), result.userProfileId(), result.backendTitle(), result.backendType(), result.backendId());
            return toAuthenticationInfo(result);
        } else {
            LOG.debug("Failed to authenticate username <{}> with backend <{}/{}/{}>", result.username(), result.backendTitle(), result.backendType(), result.backendId());
            return null;
        }
    } catch (AuthServiceException e) {
        throw new AuthenticationServiceUnavailableException("Authentication service error", e);
    } catch (AuthenticationServiceUnavailableException e) {
        throw e;
    } catch (Exception e) {
        LOG.error("Unhandled authentication error", e);
        return null;
    }
}

Example 2 with AuthServiceResult

use of org.graylog.security.authservice.AuthServiceResult in project graylog2-server by Graylog2.

the class HTTPHeaderAuthenticationRealm method doAuthenticate.

private AuthenticationInfo doAuthenticate(String username, HTTPHeaderAuthConfig config, String remoteAddr) {
    LOG.debug("Attempting authentication for username <{}>", username);
    try {
        // Create already authenticated credentials to make sure the auth service backend doesn't try to
        // authenticate the user again
        final AuthServiceCredentials credentials = AuthServiceCredentials.createAuthenticated(username);
        final AuthServiceResult result = authServiceAuthenticator.authenticate(credentials);
        if (result.isSuccess()) {
            LOG.debug("Successfully authenticated username <{}> for user profile <{}> with backend <{}/{}/{}>", result.username(), result.userProfileId(), result.backendTitle(), result.backendType(), result.backendId());
            // Setting this, will let the SessionResource know, that when a non-existing session is validated, it
            // should in fact create a session.
            ShiroSecurityContext.requestSessionCreation(true);
            return toAuthenticationInfo(result);
        } else {
            LOG.warn("Failed to authenticate username <{}> from trusted HTTP header <{}> via proxy <{}>", result.username(), config.usernameHeader(), remoteAddr);
            return null;
        }
    } catch (AuthServiceException e) {
        LOG.error("Authentication service error", e);
        return null;
    } catch (Exception e) {
        LOG.error("Unhandled authentication error", e);
        return null;
    }
}