Search in sources :

Example 1 with AuthenticationResponse

use of org.ldaptive.auth.AuthenticationResponse in project cas by apereo.

the class LdapAuthenticationHandler method authenticateUsernamePasswordInternal.

@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential upc, final String originalPassword) throws GeneralSecurityException, PreventedException {
    final AuthenticationResponse response;
    try {
        LOGGER.debug("Attempting LDAP authentication for [{}]. Authenticator pre-configured attributes are [{}], " + "additional requested attributes for this authentication request are [{}]", upc, authenticator.getReturnAttributes(), authenticatedEntryAttributes);
        final AuthenticationRequest request = new AuthenticationRequest(upc.getUsername(), new org.ldaptive.Credential(upc.getPassword()), authenticatedEntryAttributes);
        response = authenticator.authenticate(request);
    } catch (final LdapException e) {
        LOGGER.trace(e.getMessage(), e);
        throw new PreventedException("Unexpected LDAP error", e);
    }
    LOGGER.debug("LDAP response: [{}]", response);
    final List<MessageDescriptor> messageList;
    final LdapPasswordPolicyConfiguration ldapPasswordPolicyConfiguration = (LdapPasswordPolicyConfiguration) super.getPasswordPolicyConfiguration();
    if (ldapPasswordPolicyConfiguration != null) {
        LOGGER.debug("Applying password policy to [{}]", response);
        messageList = ldapPasswordPolicyConfiguration.getAccountStateHandler().handle(response, ldapPasswordPolicyConfiguration);
    } else {
        LOGGER.debug("No ldap password policy configuration is defined");
        messageList = Collections.emptyList();
    }
    if (response.getResult()) {
        LOGGER.debug("LDAP response returned a result. Creating the final LDAP principal");
        return createHandlerResult(upc, createPrincipal(upc.getUsername(), response.getLdapEntry()), messageList);
    }
    if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) {
        LOGGER.warn("DN resolution failed. [{}]", response.getMessage());
        throw new AccountNotFoundException(upc.getUsername() + " not found.");
    }
    throw new FailedLoginException("Invalid credentials");
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) LdapPasswordPolicyConfiguration(org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration) AuthenticationRequest(org.ldaptive.auth.AuthenticationRequest) AuthenticationResponse(org.ldaptive.auth.AuthenticationResponse) LdapException(org.ldaptive.LdapException) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)

Example 2 with AuthenticationResponse

use of org.ldaptive.auth.AuthenticationResponse in project cas by apereo.

the class LdapAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
    try {
        final String username = authentication.getPrincipal().toString();
        final Object credentials = authentication.getCredentials();
        final String password = credentials == null ? null : credentials.toString();
        LOGGER.debug("Preparing LDAP authentication request for user [{}]", username);
        final AuthenticationRequest request = new AuthenticationRequest(username, new org.ldaptive.Credential(password), ReturnAttributes.ALL.value());
        final Authenticator authenticator = Beans.newLdaptiveAuthenticator(adminPagesSecurityProperties.getLdap());
        LOGGER.debug("Executing LDAP authentication request for user [{}]", username);
        final AuthenticationResponse response = authenticator.authenticate(request);
        LOGGER.debug("LDAP response: [{}]", response);
        if (response.getResult()) {
            final LdapEntry entry = response.getLdapEntry();
            final CommonProfile profile = new CommonProfile();
            profile.setId(username);
            entry.getAttributes().forEach(a -> profile.addAttribute(a.getName(), a.getStringValues()));
            LOGGER.debug("Collected user profile [{}]", profile);
            this.authorizationGenerator.generate(WebUtils.getPac4jJ2EContext(), profile);
            LOGGER.debug("Assembled user profile with roles after generating authorization claims [{}]", profile);
            final Collection<GrantedAuthority> authorities = new ArrayList<>();
            authorities.addAll(profile.getRoles().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
            LOGGER.debug("List of authorities remapped from profile roles are [{}]", authorities);
            final RequireAnyRoleAuthorizer authorizer = new RequireAnyRoleAuthorizer(adminPagesSecurityProperties.getAdminRoles());
            LOGGER.debug("Executing authorization for expected admin roles [{}]", authorizer.getElements());
            final J2EContext context = WebUtils.getPac4jJ2EContext();
            if (authorizer.isAllAuthorized(context, Arrays.asList(profile))) {
                return new UsernamePasswordAuthenticationToken(username, password, authorities);
            }
            LOGGER.warn("User [{}] is not authorized to access the requested resource allowed to roles [{}]", username, authorizer.getElements());
        } else {
            LOGGER.warn("LDAP authentication response produced no results for [{}]", username);
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        throw new InsufficientAuthenticationException("Unexpected LDAP error", e);
    }
    throw new BadCredentialsException("Could not authenticate provided credentials");
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) LdapEntry(org.ldaptive.LdapEntry) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) J2EContext(org.pac4j.core.context.J2EContext) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationResponse(org.ldaptive.auth.AuthenticationResponse) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.security.core.AuthenticationException) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) CommonProfile(org.pac4j.core.profile.CommonProfile) AuthenticationRequest(org.ldaptive.auth.AuthenticationRequest) Authenticator(org.ldaptive.auth.Authenticator) RequireAnyRoleAuthorizer(org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer)

Aggregations

AuthenticationRequest (org.ldaptive.auth.AuthenticationRequest)2 AuthenticationResponse (org.ldaptive.auth.AuthenticationResponse)2 ArrayList (java.util.ArrayList)1 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1 FailedLoginException (javax.security.auth.login.FailedLoginException)1 LdapPasswordPolicyConfiguration (org.apereo.cas.authentication.support.LdapPasswordPolicyConfiguration)1 LdapEntry (org.ldaptive.LdapEntry)1 LdapException (org.ldaptive.LdapException)1 Authenticator (org.ldaptive.auth.Authenticator)1 RequireAnyRoleAuthorizer (org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer)1 J2EContext (org.pac4j.core.context.J2EContext)1 CommonProfile (org.pac4j.core.profile.CommonProfile)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1