Example 1 with InternalUnauthenticatedException
use of org.jivesoftware.openfire.auth.InternalUnauthenticatedException in project Openfire by igniterealtime.
the class AuthenticateUser method execute.
@Override
public void execute(SessionData data, Element command) {
Element note = command.addElement("note");
JID account;
try {
account = new JID(data.getData().get("accountjid").get(0));
} catch (NullPointerException ne) {
note.addAttribute("type", "error");
note.setText("JID required parameter.");
return;
}
if (!XMPPServer.getInstance().isLocal(account)) {
note.addAttribute("type", "error");
note.setText("Cannot authenticate remote user.");
return;
}
String password = data.getData().get("password").get(0);
// Get requested user
User user;
try {
user = UserManager.getInstance().getUser(account.getNode());
} catch (UserNotFoundException e) {
// User not found
note.addAttribute("type", "error");
note.setText("User does not exists.");
return;
}
try {
AuthFactory.authenticate(user.getUsername(), password);
} catch (UnauthorizedException | ConnectionException | InternalUnauthenticatedException e) {
// Auth failed
note.addAttribute("type", "error");
note.setText("Authentication failed.");
return;
}
// Answer that the operation was successful
note.addAttribute("type", "info");
note.setText("Operation finished successfully.");
}
Also used :
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
User(org.jivesoftware.openfire.user.User)
JID(org.xmpp.packet.JID)
Element(org.dom4j.Element)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
Example 2 with InternalUnauthenticatedException
use of org.jivesoftware.openfire.auth.InternalUnauthenticatedException in project Openfire by igniterealtime.
the class AuthFilter method filter.
/*
* (non-Javadoc)
*
* @see
* com.sun.jersey.spi.container.ContainerRequestFilter#filter(com.sun.jersey
* .spi.container.ContainerRequest)
*/
@Override
public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
if (!plugin.isEnabled()) {
throw new WebApplicationException(Status.FORBIDDEN);
}
// Let the preflight request through the authentication
if ("OPTIONS".equals(containerRequest.getMethod())) {
return containerRequest;
}
// To be backwards compatible to userservice 1.*
if ("restapi/v1/userservice".equals(containerRequest.getPath())) {
return containerRequest;
}
if (!plugin.getAllowedIPs().isEmpty()) {
// Get client's IP address
String ipAddress = httpRequest.getHeader("x-forwarded-for");
if (ipAddress == null) {
ipAddress = httpRequest.getHeader("X_FORWARDED_FOR");
if (ipAddress == null) {
ipAddress = httpRequest.getHeader("X-Forward-For");
if (ipAddress == null) {
ipAddress = httpRequest.getRemoteAddr();
}
}
}
if (!plugin.getAllowedIPs().contains(ipAddress)) {
LOG.warn("REST API rejected service to IP address: " + ipAddress);
throw new WebApplicationException(Status.UNAUTHORIZED);
}
}
// Get the authentification passed in HTTP headers parameters
String auth = containerRequest.getHeaderValue("authorization");
if (auth == null) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
// HTTP Basic Auth or Shared Secret key
if ("basic".equals(plugin.getHttpAuth())) {
String[] usernameAndPassword = BasicAuth.decode(auth);
// If username or password fail
if (usernameAndPassword == null || usernameAndPassword.length != 2) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
boolean userAdmin = AdminManager.getInstance().isUserAdmin(usernameAndPassword[0], true);
if (!userAdmin) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
try {
AuthFactory.authenticate(usernameAndPassword[0], usernameAndPassword[1]);
} catch (UnauthorizedException e) {
LOG.warn("Wrong HTTP Basic Auth authorization", e);
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (ConnectionException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (InternalUnauthenticatedException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
} else {
if (!auth.equals(plugin.getSecret())) {
LOG.warn("Wrong secret key authorization. Provided key: " + auth);
throw new WebApplicationException(Status.UNAUTHORIZED);
}
}
return containerRequest;
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
Example 3 with InternalUnauthenticatedException
use of org.jivesoftware.openfire.auth.InternalUnauthenticatedException in project Openfire by igniterealtime.
the class AuthFilter method filter.
/*
* (non-Javadoc)
*
* @see
* com.sun.jersey.spi.container.ContainerRequestFilter#filter(com.sun.jersey
* .spi.container.ContainerRequest)
*/
@Override
public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
if (!plugin.isEnabled()) {
throw new WebApplicationException(Status.FORBIDDEN);
}
if (!plugin.getAllowedIPs().isEmpty()) {
// Get client's IP address
String ipAddress = httpRequest.getHeader("x-forwarded-for");
if (ipAddress == null) {
ipAddress = httpRequest.getHeader("X_FORWARDED_FOR");
if (ipAddress == null) {
ipAddress = httpRequest.getHeader("X-Forward-For");
if (ipAddress == null) {
ipAddress = httpRequest.getRemoteAddr();
}
}
}
if (!plugin.getAllowedIPs().contains(ipAddress)) {
LOG.warn("User service rejected service to IP address: " + ipAddress);
throw new WebApplicationException(Status.UNAUTHORIZED);
}
}
// To be backwards compatible to userservice 1.*
if ("userService/userservice".equals(containerRequest.getPath())) {
return containerRequest;
}
// Get the authentification passed in HTTP headers parameters
String auth = containerRequest.getHeaderValue("authorization");
if (auth == null) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
// HTTP Basic Auth or Shared Secret key
if (plugin.isHttpBasicAuth()) {
String[] usernameAndPassword = BasicAuth.decode(auth);
// If username or password fail
if (usernameAndPassword == null || usernameAndPassword.length != 2) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
boolean userAdmin = AdminManager.getInstance().isUserAdmin(usernameAndPassword[0], true);
if (!userAdmin) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
try {
AuthFactory.authenticate(usernameAndPassword[0], usernameAndPassword[1]);
} catch (UnauthorizedException e) {
LOG.warn("Wrong HTTP Basic Auth authorization", e);
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (ConnectionException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (InternalUnauthenticatedException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
} else {
if (!auth.equals(plugin.getSecret())) {
LOG.warn("Wrong secret key authorization. Provided key: " + auth);
throw new WebApplicationException(Status.UNAUTHORIZED);
}
}
return containerRequest;
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
Example 4 with InternalUnauthenticatedException
use of org.jivesoftware.openfire.auth.InternalUnauthenticatedException in project Openfire by igniterealtime.
the class AuthFilter method filter.
/**
* Apply the filter : check input request, validate or not with user auth
*
* @param containerRequest
* The request from Tomcat server
*/
@Override
public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
// Get the authentification passed in HTTP headers parameters
String auth = containerRequest.getHeaderValue("authorization");
// Auth)
if (auth == null) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
// lap : loginAndPassword
String[] lap = BasicAuth.decode(auth);
// If login or password fail
if (lap == null || lap.length != 2) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
boolean userAdmin = AdminManager.getInstance().isUserAdmin(lap[0], true);
if (!userAdmin) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
try {
AuthFactory.authenticate(lap[0], lap[1]);
} catch (UnauthorizedException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (ConnectionException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
} catch (InternalUnauthenticatedException e) {
throw new WebApplicationException(Status.UNAUTHORIZED);
}
return containerRequest;
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
Example 5 with InternalUnauthenticatedException
use of org.jivesoftware.openfire.auth.InternalUnauthenticatedException in project Openfire by igniterealtime.
the class IQAuthHandler method handleIQ.
@Override
public IQ handleIQ(IQ packet) throws UnauthorizedException, PacketException {
JID from = packet.getFrom();
LocalClientSession session = (LocalClientSession) sessionManager.getSession(from);
// If no session was found then answer an error (if possible)
if (session == null) {
Log.error("Error during authentication. Session not found in " + sessionManager.getPreAuthenticatedKeys() + " for key " + from);
// This error packet will probably won't make it through
IQ reply = IQ.createResultIQ(packet);
reply.setChildElement(packet.getChildElement().createCopy());
reply.setError(PacketError.Condition.internal_server_error);
return reply;
}
IQ response;
boolean resourceBound = false;
if (JiveGlobals.getBooleanProperty("xmpp.auth.iqauth", true)) {
try {
Element iq = packet.getElement();
Element query = iq.element("query");
Element queryResponse = probeResponse.createCopy();
if (IQ.Type.get == packet.getType()) {
String username = query.elementText("username");
if (username != null) {
queryResponse.element("username").setText(username);
}
response = IQ.createResultIQ(packet);
response.setChildElement(queryResponse);
// JID until the user actually authenticates with the server.
if (session.getStatus() != Session.STATUS_AUTHENTICATED) {
response.setTo((JID) null);
}
} else // Otherwise set query
{
if (query.elements().isEmpty()) {
// Anonymous authentication
response = anonymousLogin(session, packet);
resourceBound = session.getStatus() == Session.STATUS_AUTHENTICATED;
} else {
String username = query.elementText("username");
// Login authentication
String password = query.elementText("password");
String digest = null;
if (query.element("digest") != null) {
digest = query.elementText("digest").toLowerCase();
}
// If we're already logged in, this is a password reset
if (session.getStatus() == Session.STATUS_AUTHENTICATED) {
// Check that a new password has been specified
if (password == null || password.trim().length() == 0) {
response = IQ.createResultIQ(packet);
response.setError(PacketError.Condition.not_allowed);
response.setType(IQ.Type.error);
} else {
// Check if a user is trying to change his own password
if (session.getUsername().equalsIgnoreCase(username)) {
response = passwordReset(password, packet, username, session);
} else // Check if an admin is trying to set the password for another user
if (XMPPServer.getInstance().getAdmins().contains(new JID(from.getNode(), from.getDomain(), null, true))) {
response = passwordReset(password, packet, username, session);
} else {
// User not authorized to change the password of another user
throw new UnauthorizedException();
}
}
} else {
// it is an auth attempt
response = login(username, query, packet, password, session, digest);
resourceBound = session.getStatus() == Session.STATUS_AUTHENTICATED;
}
}
}
} catch (UserNotFoundException | UnauthorizedException e) {
response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.not_authorized);
} catch (ConnectionException | InternalUnauthenticatedException e) {
response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.internal_server_error);
}
} else {
response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.not_authorized);
}
// Send the response directly since we want to be sure that we are sending it back
// to the correct session. Any other session of the same user but with different
// resource is incorrect.
session.process(response);
if (resourceBound) {
// After the client has been informed, inform all listeners as well.
SessionEventDispatcher.dispatchEvent(session, SessionEventDispatcher.EventType.resource_bound);
}
return null;
}
Also used :
LocalClientSession(org.jivesoftware.openfire.session.LocalClientSession)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
JID(org.xmpp.packet.JID)
Element(org.dom4j.Element)
IQ(org.xmpp.packet.IQ)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
Aggregations
ConnectionException (org.jivesoftware.openfire.auth.ConnectionException)6
InternalUnauthenticatedException (org.jivesoftware.openfire.auth.InternalUnauthenticatedException)6
UnauthorizedException (org.jivesoftware.openfire.auth.UnauthorizedException)6
WebApplicationException (javax.ws.rs.WebApplicationException)3
UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)3
JID (org.xmpp.packet.JID)3
Element (org.dom4j.Element)2
LocalClientSession (org.jivesoftware.openfire.session.LocalClientSession)2
IQ (org.xmpp.packet.IQ)2
StringprepException (gnu.inet.encoding.StringprepException)1
PacketException (org.jivesoftware.openfire.PacketException)1
AuthToken (org.jivesoftware.openfire.auth.AuthToken)1
ClientSession (org.jivesoftware.openfire.session.ClientSession)1
User (org.jivesoftware.openfire.user.User)1
StreamError (org.xmpp.packet.StreamError)1
