Examples with UnixUser org.jvnet.libpam.UnixUser used on opensource projects

Example 1 with UnixUser

use of org.jvnet.libpam.UnixUser in project ranger by apache.

the class PamLoginModule method performLogin.

private boolean performLogin() throws LoginException {
    try {
        if (StringUtils.isNotEmpty(_password)) {
            UnixUser user = _pam.authenticate(_username, _password);
            _principal = new PamPrincipal(user);
            _authSucceeded = true;
            return true;
        } else {
            throw new PAMException("Password is Null or Empty!!!");
        }
    } catch (PAMException ex) {
        LoginException le = new FailedLoginException("Invalid username or password");
        le.initCause(ex);
        throw le;
    }
}

Example 2 with UnixUser

use of org.jvnet.libpam.UnixUser in project Payara by payara.

the class PamLoginModule method authenticateUser.

protected void authenticateUser() throws LoginException {
    // A Unix user must have a name not null so check here.
    if ((_username == null) || (_username.length() == 0)) {
        throw new LoginException("Invalid Username");
    }
    UnixUser user = authenticate(_username, _password);
    if (user == null) {
        // JAAS behavior
        throw new LoginException("Failed Pam Login for " + _username);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "PAM login succeeded for: " + _username);
    }
    /*
         * Get the groups from the libpam4j UnixUser class that has been 
         * returned after a successful authentication.
         */
    String[] grpList = null;
    Set<String> groupSet = user.getGroups();
    if (groupSet != null) {
        grpList = new String[groupSet.size()];
        user.getGroups().toArray(grpList);
    } else {
        // Empty group list, create a zero-length group list
        grpList = new String[0];
    }
    commitUserAuthentication(grpList);
}

Example 3 with UnixUser

use of org.jvnet.libpam.UnixUser in project athenz by yahoo.

the class UserAuthority method authenticate.

@Override
public Principal authenticate(String creds, String remoteAddr, String httpMethod, StringBuilder errMsg) {
    errMsg = errMsg == null ? new StringBuilder(512) : errMsg;
    if (!creds.startsWith("Basic ")) {
        errMsg.append("UserAuthority:authenticate: credentials do not start with 'Basic '");
        LOG.error(errMsg.toString());
        return null;
    }
    // decode - need to skip the first 6 bytes for 'Basic '
    String decoded;
    try {
        decoded = new String(Base64.decode(creds.substring(6).getBytes(StandardCharsets.UTF_8)));
    } catch (Exception e) {
        errMsg.append("UserAuthority:authenticate: factory exc=").append(e.getMessage());
        LOG.error(errMsg.toString());
        return null;
    }
    String[] userArray = decoded.split(":");
    String username = userArray[0];
    String password = userArray[1];
    // we need to catch all exceptions here and just return
    // failure to allow other authorities to handle authentication
    // if necessary
    UnixUser user = null;
    try {
        user = getPAM().authenticate(username, password);
    } catch (Throwable ex) {
        errMsg.append("UserAuthority:authenticate: failed: user=").append(username).append(" exc=").append(ex.getMessage());
        LOG.error(errMsg.toString());
        return null;
    }
    if (user == null) {
        errMsg.append("UserAuthority:authenticate: failed: user=").append(username);
        LOG.error(errMsg.toString());
        return null;
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("UserAuthority.authenticate: valid user=" + username);
    }
    // all the role members in Athenz are normalized to lower case so we need to make
    // sure our principal's name and domain are created with lower case as well
    long issueTime = 0;
    SimplePrincipal princ = (SimplePrincipal) SimplePrincipal.create(getDomain().toLowerCase(), userArray[0].toLowerCase(), creds, issueTime, this);
    if (princ == null) {
        errMsg.append("UserAuthority:authenticate: failed to create principal: user=").append(username);
        LOG.error(errMsg.toString());
        return null;
    }
    princ.setUnsignedCreds(creds);
    return princ;
}

Example 4 with UnixUser

use of org.jvnet.libpam.UnixUser in project atlas by apache.

the class PamLoginModule method performLogin.

private boolean performLogin() throws LoginException {
    try {
        UnixUser user = pam.authenticate(username, password);
        principal = new PamPrincipal(user);
        authSucceeded = true;
        return true;
    } catch (PAMException ex) {
        LoginException le = new FailedLoginException("Invalid username or password");
        le.initCause(ex);
        throw le;
    }
}

Example 5 with UnixUser

use of org.jvnet.libpam.UnixUser in project zeppelin by apache.

the class PamRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    UsernamePasswordToken userToken = (UsernamePasswordToken) token;
    UnixUser user;
    try {
        user = (new PAM(this.getService())).authenticate(userToken.getUsername(), new String(userToken.getPassword()));
    } catch (PAMException e) {
        throw new AuthenticationException("Authentication failed for PAM.", e);
    }
    return new SimpleAuthenticationInfo(new UserPrincipal(user), userToken.getCredentials(), getName());
}