Search in sources :

Example 1 with AuthServiceResult

use of org.graylog.security.authservice.AuthServiceResult in project graylog2-server by Graylog2.

the class UsernamePasswordRealm method doGetAuthenticationInfo.

private AuthenticationInfo doGetAuthenticationInfo(UsernamePasswordToken token) throws AuthenticationException {
    final String username = token.getUsername();
    final String plainPassword = String.valueOf(token.getPassword());
    if (isBlank(username) || isBlank(plainPassword)) {
        LOG.error("Username or password were empty. Not attempting authentication service authentication");
        return null;
    }
    if (rootUsername.equals(username)) {
        LOG.debug("Authentication services should not handle the local admin user <{}> - skipping", username);
        return null;
    }
    LOG.debug("Attempting authentication for username <{}>", username);
    try {
        // We encrypt the password before passing it on to reduce the chance of exposing it somewhere by accident.
        final EncryptedValue encryptedPassword = encryptedValueService.encrypt(plainPassword);
        final AuthServiceResult result = authenticator.authenticate(AuthServiceCredentials.create(username, encryptedPassword));
        if (result.isSuccess()) {
            LOG.debug("Successfully authenticated username <{}> for user profile <{}> with backend <{}/{}/{}>", result.username(), result.userProfileId(), result.backendTitle(), result.backendType(), result.backendId());
            return toAuthenticationInfo(result);
        } else {
            LOG.debug("Failed to authenticate username <{}> with backend <{}/{}/{}>", result.username(), result.backendTitle(), result.backendType(), result.backendId());
            return null;
        }
    } catch (AuthServiceException e) {
        throw new AuthenticationServiceUnavailableException("Authentication service error", e);
    } catch (AuthenticationServiceUnavailableException e) {
        throw e;
    } catch (Exception e) {
        LOG.error("Unhandled authentication error", e);
        return null;
    }
}
Also used : AuthServiceException(org.graylog.security.authservice.AuthServiceException) AuthServiceResult(org.graylog.security.authservice.AuthServiceResult) EncryptedValue(org.graylog2.security.encryption.EncryptedValue) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) AuthServiceException(org.graylog.security.authservice.AuthServiceException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException)

Example 2 with AuthServiceResult

use of org.graylog.security.authservice.AuthServiceResult in project graylog2-server by Graylog2.

the class HTTPHeaderAuthenticationRealm method doAuthenticate.

private AuthenticationInfo doAuthenticate(String username, HTTPHeaderAuthConfig config, String remoteAddr) {
    LOG.debug("Attempting authentication for username <{}>", username);
    try {
        // Create already authenticated credentials to make sure the auth service backend doesn't try to
        // authenticate the user again
        final AuthServiceCredentials credentials = AuthServiceCredentials.createAuthenticated(username);
        final AuthServiceResult result = authServiceAuthenticator.authenticate(credentials);
        if (result.isSuccess()) {
            LOG.debug("Successfully authenticated username <{}> for user profile <{}> with backend <{}/{}/{}>", result.username(), result.userProfileId(), result.backendTitle(), result.backendType(), result.backendId());
            // Setting this, will let the SessionResource know, that when a non-existing session is validated, it
            // should in fact create a session.
            ShiroSecurityContext.requestSessionCreation(true);
            return toAuthenticationInfo(result);
        } else {
            LOG.warn("Failed to authenticate username <{}> from trusted HTTP header <{}> via proxy <{}>", result.username(), config.usernameHeader(), remoteAddr);
            return null;
        }
    } catch (AuthServiceException e) {
        LOG.error("Authentication service error", e);
        return null;
    } catch (Exception e) {
        LOG.error("Unhandled authentication error", e);
        return null;
    }
}
Also used : AuthServiceCredentials(org.graylog.security.authservice.AuthServiceCredentials) AuthServiceException(org.graylog.security.authservice.AuthServiceException) AuthServiceResult(org.graylog.security.authservice.AuthServiceResult) AuthServiceException(org.graylog.security.authservice.AuthServiceException) UnknownHostException(java.net.UnknownHostException) AuthenticationException(org.apache.shiro.authc.AuthenticationException)

Aggregations

AuthenticationException (org.apache.shiro.authc.AuthenticationException)2 AuthServiceException (org.graylog.security.authservice.AuthServiceException)2 AuthServiceResult (org.graylog.security.authservice.AuthServiceResult)2 UnknownHostException (java.net.UnknownHostException)1 UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)1 AuthServiceCredentials (org.graylog.security.authservice.AuthServiceCredentials)1 EncryptedValue (org.graylog2.security.encryption.EncryptedValue)1 AuthenticationServiceUnavailableException (org.graylog2.shared.security.AuthenticationServiceUnavailableException)1