Search in sources :

Example 6 with AuthenticationServiceUnavailableException

use of org.graylog2.shared.security.AuthenticationServiceUnavailableException in project graylog2-server by Graylog2.

the class LDAPAuthServiceBackend method authenticateAndProvision.

@Override
public Optional<AuthenticationDetails> authenticateAndProvision(AuthServiceCredentials authCredentials, ProvisionerService provisionerService) {
    try (final LDAPConnection connection = ldapConnector.connect(config.getLDAPConnectorConfig())) {
        if (connection == null) {
            return Optional.empty();
        }
        final Optional<LDAPUser> optionalUser = findUser(connection, authCredentials);
        if (!optionalUser.isPresent()) {
            LOG.debug("User <{}> not found in LDAP", authCredentials.username());
            return Optional.empty();
        }
        final LDAPUser userEntry = optionalUser.get();
        if (!authCredentials.isAuthenticated()) {
            if (!isAuthenticated(connection, userEntry, authCredentials)) {
                LOG.debug("Invalid credentials for user <{}> (DN: {})", authCredentials.username(), userEntry.dn());
                return Optional.empty();
            }
        }
        final UserDetails userDetails = provisionerService.provision(provisionerService.newDetails(this).authServiceType(backendType()).authServiceId(backendId()).accountIsEnabled(true).base64AuthServiceUid(userEntry.base64UniqueId()).username(userEntry.username()).fullName(userEntry.fullName()).email(userEntry.email()).defaultRoles(backend.defaultRoles()).build());
        return Optional.of(AuthenticationDetails.builder().userDetails(userDetails).build());
    } catch (GeneralSecurityException e) {
        LOG.error("Error setting up TLS connection", e);
        throw new AuthenticationServiceUnavailableException("Error setting up TLS connection", e);
    } catch (LDAPException e) {
        LOG.error("LDAP error", e);
        throw new AuthenticationServiceUnavailableException("LDAP error", e);
    }
}
Also used : UserDetails(org.graylog.security.authservice.UserDetails) LDAPException(com.unboundid.ldap.sdk.LDAPException) GeneralSecurityException(java.security.GeneralSecurityException) LDAPUser(org.graylog.security.authservice.ldap.LDAPUser) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException)

Aggregations

AuthenticationServiceUnavailableException (org.graylog2.shared.security.AuthenticationServiceUnavailableException)5 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)2 LDAPException (com.unboundid.ldap.sdk.LDAPException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 AuthenticationException (org.apache.shiro.authc.AuthenticationException)2 Session (org.apache.shiro.session.Session)2 UserDetails (org.graylog.security.authservice.UserDetails)2 LDAPUser (org.graylog.security.authservice.ldap.LDAPUser)2 ImmutableMap (com.google.common.collect.ImmutableMap)1 ApiOperation (io.swagger.annotations.ApiOperation)1 Map (java.util.Map)1 BadRequestException (javax.ws.rs.BadRequestException)1 InternalServerErrorException (javax.ws.rs.InternalServerErrorException)1 NotAuthorizedException (javax.ws.rs.NotAuthorizedException)1 POST (javax.ws.rs.POST)1 ServiceUnavailableException (javax.ws.rs.ServiceUnavailableException)1 SecurityContext (javax.ws.rs.core.SecurityContext)1 UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)1 Subject (org.apache.shiro.subject.Subject)1 AuthServiceException (org.graylog.security.authservice.AuthServiceException)1