Example 6 with ConnectionException
use of org.jivesoftware.openfire.auth.ConnectionException in project Openfire by igniterealtime.
the class IQAuthHandler method login.
private IQ login(String username, Element iq, IQ packet, String password, LocalClientSession session, String digest) throws UnauthorizedException, UserNotFoundException, ConnectionException, InternalUnauthenticatedException {
// Verify the validity of the username
if (username == null || username.trim().length() == 0) {
throw new UnauthorizedException("Invalid username (empty or null).");
}
try {
Stringprep.nodeprep(username);
} catch (StringprepException e) {
throw new UnauthorizedException("Invalid username: " + username, e);
}
// Verify that specified resource is not violating any string prep rule
String resource = iq.elementText("resource");
if (resource != null) {
try {
resource = JID.resourceprep(resource);
} catch (StringprepException e) {
throw new UnauthorizedException("Invalid resource: " + resource, e);
}
} else {
// Answer a not_acceptable error since a resource was not supplied
IQ response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.not_acceptable);
return response;
}
if (!JiveGlobals.getBooleanProperty("xmpp.auth.iqauth", true)) {
throw new UnauthorizedException();
}
username = username.toLowerCase();
// Verify that supplied username and password are correct (i.e. user authentication was successful)
AuthToken token = null;
if (AuthFactory.supportsPasswordRetrieval()) {
if (password != null) {
token = AuthFactory.authenticate(username, password);
} else if (digest != null) {
token = authenticate(username, session.getStreamID().toString(), digest);
}
}
if (token == null) {
throw new UnauthorizedException();
}
// Verify if there is a resource conflict between new resource and existing one.
// Check if a session already exists with the requested full JID and verify if
// we should kick it off or refuse the new connection
ClientSession oldSession = routingTable.getClientRoute(new JID(username, serverName, resource, true));
if (oldSession != null) {
try {
int conflictLimit = sessionManager.getConflictKickLimit();
if (conflictLimit == SessionManager.NEVER_KICK) {
IQ response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.forbidden);
return response;
}
int conflictCount = oldSession.incrementConflictCount();
if (conflictCount > conflictLimit) {
// Send a stream:error before closing the old connection
StreamError error = new StreamError(StreamError.Condition.conflict);
oldSession.deliverRawText(error.toXML());
oldSession.close();
} else {
IQ response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.forbidden);
return response;
}
} catch (Exception e) {
Log.error("Error during login", e);
}
}
// Set that the new session has been authenticated successfully
session.setAuthToken(token, resource);
packet.setFrom(session.getAddress());
return IQ.createResultIQ(packet);
}
Also used :
StringprepException(gnu.inet.encoding.StringprepException)
StreamError(org.xmpp.packet.StreamError)
JID(org.xmpp.packet.JID)
LocalClientSession(org.jivesoftware.openfire.session.LocalClientSession)
ClientSession(org.jivesoftware.openfire.session.ClientSession)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
IQ(org.xmpp.packet.IQ)
AuthToken(org.jivesoftware.openfire.auth.AuthToken)
StringprepException(gnu.inet.encoding.StringprepException)
PacketException(org.jivesoftware.openfire.PacketException)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
Example 7 with ConnectionException
use of org.jivesoftware.openfire.auth.ConnectionException in project Openfire by igniterealtime.
the class AuthFilter method filter.
/*
* (non-Javadoc)
*
* @see
* com.sun.jersey.spi.container.ContainerRequestFilter#filter(com.sun.jersey
* .spi.container.ContainerRequest)
*/
@Override
public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
if (!plugin.isEnabled()) {
throw new WebApplicationException(Status.FORBIDDEN);
}
// Let the preflight request through the authentication
if ("OPTIONS".equals(containerRequest.getMethod())) {
return containerRequest;
}
// To be backwards compatible to userservice 1.*
if ("restapi/v1/userservice".equals(containerRequest.getPath())) {
return containerRequest;
}
if (!plugin.getAllowedIPs().isEmpty()) {
// Get client's IP address
String ipAddress = httpRequest.getHeader("x-forwarded-for");
if (ipAddress == null) {
ipAddress = httpRequest.getHeader("X_FORWARDED_FOR");
if (ipAddress == null) {
ipAddress = httpRequest.getHeader("X-Forward-For");
if (ipAddress == null) {
ipAddress = httpRequest.getRemoteAddr();
}
}
}
if (!plugin.getAllowedIPs().contains(ipAddress)) {
LOG.warn("REST API rejected service to IP address: " + ipAddress);
throw new WebApplicationException(Status.UNAUTHORIZED);
}
}
// Get the authentification passed in HTTP headers parameters
String auth = containerRequest.getHeaderValue("authorization");
if (auth == null) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
// HTTP Basic Auth or Shared Secret key
if ("basic".equals(plugin.getHttpAuth())) {
String[] usernameAndPassword = BasicAuth.decode(auth);
// If username or password fail
if (usernameAndPassword == null || usernameAndPassword.length != 2) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
boolean userAdmin = AdminManager.getInstance().isUserAdmin(usernameAndPassword[0], true);
if (!userAdmin) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
try {
AuthFactory.authenticate(usernameAndPassword[0], usernameAndPassword[1]);
} catch (UnauthorizedException e) {
LOG.warn("Wrong HTTP Basic Auth authorization", e);
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (ConnectionException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (InternalUnauthenticatedException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
} else {
if (!auth.equals(plugin.getSecret())) {
LOG.warn("Wrong secret key authorization. Provided key: " + auth);
throw new WebApplicationException(Status.UNAUTHORIZED);
}
}
return containerRequest;
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
Aggregations
ConnectionException (org.jivesoftware.openfire.auth.ConnectionException)7
UnauthorizedException (org.jivesoftware.openfire.auth.UnauthorizedException)7
InternalUnauthenticatedException (org.jivesoftware.openfire.auth.InternalUnauthenticatedException)6
WebApplicationException (javax.ws.rs.WebApplicationException)3
UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)3
JID (org.xmpp.packet.JID)3
Element (org.dom4j.Element)2
LocalClientSession (org.jivesoftware.openfire.session.LocalClientSession)2
IQ (org.xmpp.packet.IQ)2
StringprepException (gnu.inet.encoding.StringprepException)1
RemoteException (java.rmi.RemoteException)1
PacketException (org.jivesoftware.openfire.PacketException)1
AuthToken (org.jivesoftware.openfire.auth.AuthToken)1
ClientSession (org.jivesoftware.openfire.session.ClientSession)1
User (org.jivesoftware.openfire.user.User)1
StreamError (org.xmpp.packet.StreamError)1
