Search in sources :

Example 1 with EncryptedValue

use of org.graylog2.security.encryption.EncryptedValue in project graylog2-server by Graylog2.

the class UsernamePasswordRealm method doGetAuthenticationInfo.

private AuthenticationInfo doGetAuthenticationInfo(UsernamePasswordToken token) throws AuthenticationException {
    final String username = token.getUsername();
    final String plainPassword = String.valueOf(token.getPassword());
    if (isBlank(username) || isBlank(plainPassword)) {
        LOG.error("Username or password were empty. Not attempting authentication service authentication");
        return null;
    }
    if (rootUsername.equals(username)) {
        LOG.debug("Authentication services should not handle the local admin user <{}> - skipping", username);
        return null;
    }
    LOG.debug("Attempting authentication for username <{}>", username);
    try {
        // We encrypt the password before passing it on to reduce the chance of exposing it somewhere by accident.
        final EncryptedValue encryptedPassword = encryptedValueService.encrypt(plainPassword);
        final AuthServiceResult result = authenticator.authenticate(AuthServiceCredentials.create(username, encryptedPassword));
        if (result.isSuccess()) {
            LOG.debug("Successfully authenticated username <{}> for user profile <{}> with backend <{}/{}/{}>", result.username(), result.userProfileId(), result.backendTitle(), result.backendType(), result.backendId());
            return toAuthenticationInfo(result);
        } else {
            LOG.debug("Failed to authenticate username <{}> with backend <{}/{}/{}>", result.username(), result.backendTitle(), result.backendType(), result.backendId());
            return null;
        }
    } catch (AuthServiceException e) {
        throw new AuthenticationServiceUnavailableException("Authentication service error", e);
    } catch (AuthenticationServiceUnavailableException e) {
        throw e;
    } catch (Exception e) {
        LOG.error("Unhandled authentication error", e);
        return null;
    }
}
Also used : AuthServiceException(org.graylog.security.authservice.AuthServiceException) AuthServiceResult(org.graylog.security.authservice.AuthServiceResult) EncryptedValue(org.graylog2.security.encryption.EncryptedValue) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) AuthServiceException(org.graylog.security.authservice.AuthServiceException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException)

Aggregations

AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)1 AuthServiceException (org.graylog.security.authservice.AuthServiceException)1 AuthServiceResult (org.graylog.security.authservice.AuthServiceResult)1 EncryptedValue (org.graylog2.security.encryption.EncryptedValue)1 AuthenticationServiceUnavailableException (org.graylog2.shared.security.AuthenticationServiceUnavailableException)1