use of org.mule.runtime.api.security.UnauthorisedException in project mule by mulesoft.
the class UsernamePasswordAuthenticationFilter method authenticate.
/**
* Authenticates the current message.
*
* @param event the current message recieved
* @throws SecurityException if authentication fails
*/
@Override
public SecurityContext authenticate(CoreEvent event) throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException {
Authentication authentication = getAuthenticationToken(event);
Authentication authResult;
try {
authResult = getSecurityManager().authenticate(authentication);
} catch (UnauthorisedException e) {
// Authentication failed
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + username + " failed: " + e.toString());
}
throw new UnauthorisedException(authFailedForUser(authentication.getPrincipal().toString()), e);
}
// Authentication success
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authResult.toString());
}
SecurityContext context = getSecurityManager().createSecurityContext(authResult);
context.setAuthentication(authResult);
return context;
}
use of org.mule.runtime.api.security.UnauthorisedException in project mule by mulesoft.
the class UsernamePasswordAuthenticationFilter method getAuthenticationToken.
protected Authentication getAuthenticationToken(CoreEvent event) throws UnauthorisedException {
ExpressionManager expressionManager = (ExpressionManager) registry.lookupByName(OBJECT_EXPRESSION_MANAGER).get();
Object usernameEval = expressionManager.evaluate(username, event).getValue();
Object passwordEval = expressionManager.evaluate(password, event).getValue();
if (usernameEval == null) {
throw new UnauthorisedException(authNoCredentials());
}
if (passwordEval == null) {
throw new UnauthorisedException(authNoCredentials());
}
return new DefaultMuleAuthentication(new DefaultMuleCredentials(usernameEval.toString(), passwordEval.toString().toCharArray()));
}
use of org.mule.runtime.api.security.UnauthorisedException in project mule by mulesoft.
the class DefaultMuleSecurityManager method authenticate.
/**
* {@inheritDoc}
*/
@Override
public Authentication authenticate(Authentication authentication) throws SecurityException, SecurityProviderNotFoundException {
Iterator<SecurityProvider> iter = providers.values().iterator();
Class<? extends Authentication> toTest = authentication.getClass();
while (iter.hasNext()) {
SecurityProvider provider = iter.next();
if (provider.supports(toTest)) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Authentication attempt using " + provider.getClass().getName());
}
Authentication result = null;
try {
result = provider.authenticate(authentication);
} catch (Exception e) {
if (!iter.hasNext()) {
throw new UnauthorisedException(authorizationAttemptFailed(), e);
}
}
if (result != null) {
return result;
}
}
}
throw new SecurityProviderNotFoundException(toTest.getName());
}
use of org.mule.runtime.api.security.UnauthorisedException in project mule by mulesoft.
the class MuleEncryptionEndpointSecurityFilter method authenticateInbound.
@Override
protected SecurityContext authenticateInbound(CoreEvent event) throws SecurityException, SecurityProviderNotFoundException, CryptoFailureException, EncryptionStrategyNotFoundException, UnknownAuthenticationTypeException {
String userHeader = (String) credentialsAccessor.getCredentials(event);
if (userHeader == null) {
throw new CredentialsNotSetException(event, event.getSecurityContext(), this);
}
Credentials user = new DefaultMuleCredentials(userHeader, getSecurityManager());
Authentication authentication;
try {
authentication = getSecurityManager().authenticate(new DefaultMuleAuthentication(user));
} catch (Exception e) {
// Authentication failed
if (logger.isDebugEnabled()) {
logger.debug("Authentication request for user: " + user.getUsername() + " failed: " + e.toString());
}
throw new UnauthorisedException(authFailedForUser(user.getUsername()), e);
}
// Authentication success
if (logger.isDebugEnabled()) {
logger.debug("Authentication success: " + authentication.toString());
}
SecurityContext context = getSecurityManager().createSecurityContext(authentication);
context.setAuthentication(authentication);
return context;
}
Aggregations