Search in sources :

Example 1 with UnauthorisedException

use of org.mule.runtime.api.security.UnauthorisedException in project mule by mulesoft.

the class UsernamePasswordAuthenticationFilter method authenticate.

/**
 * Authenticates the current message.
 *
 * @param event the current message recieved
 * @throws SecurityException if authentication fails
 */
@Override
public SecurityContext authenticate(CoreEvent event) throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException {
    Authentication authentication = getAuthenticationToken(event);
    Authentication authResult;
    try {
        authResult = getSecurityManager().authenticate(authentication);
    } catch (UnauthorisedException e) {
        // Authentication failed
        if (logger.isDebugEnabled()) {
            logger.debug("Authentication request for user: " + username + " failed: " + e.toString());
        }
        throw new UnauthorisedException(authFailedForUser(authentication.getPrincipal().toString()), e);
    }
    // Authentication success
    if (logger.isDebugEnabled()) {
        logger.debug("Authentication success: " + authResult.toString());
    }
    SecurityContext context = getSecurityManager().createSecurityContext(authResult);
    context.setAuthentication(authResult);
    return context;
}
Also used : Authentication(org.mule.runtime.api.security.Authentication) DefaultMuleAuthentication(org.mule.runtime.api.security.DefaultMuleAuthentication) SecurityContext(org.mule.runtime.api.security.SecurityContext) UnauthorisedException(org.mule.runtime.api.security.UnauthorisedException)

Example 2 with UnauthorisedException

use of org.mule.runtime.api.security.UnauthorisedException in project mule by mulesoft.

the class UsernamePasswordAuthenticationFilter method getAuthenticationToken.

protected Authentication getAuthenticationToken(CoreEvent event) throws UnauthorisedException {
    ExpressionManager expressionManager = (ExpressionManager) registry.lookupByName(OBJECT_EXPRESSION_MANAGER).get();
    Object usernameEval = expressionManager.evaluate(username, event).getValue();
    Object passwordEval = expressionManager.evaluate(password, event).getValue();
    if (usernameEval == null) {
        throw new UnauthorisedException(authNoCredentials());
    }
    if (passwordEval == null) {
        throw new UnauthorisedException(authNoCredentials());
    }
    return new DefaultMuleAuthentication(new DefaultMuleCredentials(usernameEval.toString(), passwordEval.toString().toCharArray()));
}
Also used : ExpressionManager(org.mule.runtime.core.api.el.ExpressionManager) DefaultMuleCredentials(org.mule.runtime.core.api.security.DefaultMuleCredentials) UnauthorisedException(org.mule.runtime.api.security.UnauthorisedException) DefaultMuleAuthentication(org.mule.runtime.api.security.DefaultMuleAuthentication)

Example 3 with UnauthorisedException

use of org.mule.runtime.api.security.UnauthorisedException in project mule by mulesoft.

the class DefaultMuleSecurityManager method authenticate.

/**
 * {@inheritDoc}
 */
@Override
public Authentication authenticate(Authentication authentication) throws SecurityException, SecurityProviderNotFoundException {
    Iterator<SecurityProvider> iter = providers.values().iterator();
    Class<? extends Authentication> toTest = authentication.getClass();
    while (iter.hasNext()) {
        SecurityProvider provider = iter.next();
        if (provider.supports(toTest)) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Authentication attempt using " + provider.getClass().getName());
            }
            Authentication result = null;
            try {
                result = provider.authenticate(authentication);
            } catch (Exception e) {
                if (!iter.hasNext()) {
                    throw new UnauthorisedException(authorizationAttemptFailed(), e);
                }
            }
            if (result != null) {
                return result;
            }
        }
    }
    throw new SecurityProviderNotFoundException(toTest.getName());
}
Also used : SecurityProviderNotFoundException(org.mule.runtime.api.security.SecurityProviderNotFoundException) Authentication(org.mule.runtime.api.security.Authentication) SecurityProvider(org.mule.runtime.core.api.security.SecurityProvider) UnauthorisedException(org.mule.runtime.api.security.UnauthorisedException) UnauthorisedException(org.mule.runtime.api.security.UnauthorisedException) SecurityException(org.mule.runtime.api.security.SecurityException) InitialisationException(org.mule.runtime.api.lifecycle.InitialisationException) SecurityProviderNotFoundException(org.mule.runtime.api.security.SecurityProviderNotFoundException) UnknownAuthenticationTypeException(org.mule.runtime.api.security.UnknownAuthenticationTypeException)

Example 4 with UnauthorisedException

use of org.mule.runtime.api.security.UnauthorisedException in project mule by mulesoft.

the class MuleEncryptionEndpointSecurityFilter method authenticateInbound.

@Override
protected SecurityContext authenticateInbound(CoreEvent event) throws SecurityException, SecurityProviderNotFoundException, CryptoFailureException, EncryptionStrategyNotFoundException, UnknownAuthenticationTypeException {
    String userHeader = (String) credentialsAccessor.getCredentials(event);
    if (userHeader == null) {
        throw new CredentialsNotSetException(event, event.getSecurityContext(), this);
    }
    Credentials user = new DefaultMuleCredentials(userHeader, getSecurityManager());
    Authentication authentication;
    try {
        authentication = getSecurityManager().authenticate(new DefaultMuleAuthentication(user));
    } catch (Exception e) {
        // Authentication failed
        if (logger.isDebugEnabled()) {
            logger.debug("Authentication request for user: " + user.getUsername() + " failed: " + e.toString());
        }
        throw new UnauthorisedException(authFailedForUser(user.getUsername()), e);
    }
    // Authentication success
    if (logger.isDebugEnabled()) {
        logger.debug("Authentication success: " + authentication.toString());
    }
    SecurityContext context = getSecurityManager().createSecurityContext(authentication);
    context.setAuthentication(authentication);
    return context;
}
Also used : Authentication(org.mule.runtime.api.security.Authentication) DefaultMuleAuthentication(org.mule.runtime.api.security.DefaultMuleAuthentication) SecurityContext(org.mule.runtime.api.security.SecurityContext) DefaultMuleCredentials(org.mule.runtime.core.api.security.DefaultMuleCredentials) DefaultMuleAuthentication(org.mule.runtime.api.security.DefaultMuleAuthentication) UnauthorisedException(org.mule.runtime.api.security.UnauthorisedException) CredentialsNotSetException(org.mule.runtime.core.internal.security.CredentialsNotSetException) Credentials(org.mule.runtime.api.security.Credentials) DefaultMuleCredentials(org.mule.runtime.core.api.security.DefaultMuleCredentials) EncryptionStrategyNotFoundException(org.mule.runtime.core.api.security.EncryptionStrategyNotFoundException) UnauthorisedException(org.mule.runtime.api.security.UnauthorisedException) SecurityException(org.mule.runtime.api.security.SecurityException) InitialisationException(org.mule.runtime.api.lifecycle.InitialisationException) CryptoFailureException(org.mule.runtime.core.api.security.CryptoFailureException) SecurityProviderNotFoundException(org.mule.runtime.api.security.SecurityProviderNotFoundException) CredentialsNotSetException(org.mule.runtime.core.internal.security.CredentialsNotSetException) UnknownAuthenticationTypeException(org.mule.runtime.api.security.UnknownAuthenticationTypeException)

Aggregations

UnauthorisedException (org.mule.runtime.api.security.UnauthorisedException)4 Authentication (org.mule.runtime.api.security.Authentication)3 DefaultMuleAuthentication (org.mule.runtime.api.security.DefaultMuleAuthentication)3 InitialisationException (org.mule.runtime.api.lifecycle.InitialisationException)2 SecurityContext (org.mule.runtime.api.security.SecurityContext)2 SecurityException (org.mule.runtime.api.security.SecurityException)2 SecurityProviderNotFoundException (org.mule.runtime.api.security.SecurityProviderNotFoundException)2 UnknownAuthenticationTypeException (org.mule.runtime.api.security.UnknownAuthenticationTypeException)2 DefaultMuleCredentials (org.mule.runtime.core.api.security.DefaultMuleCredentials)2 Credentials (org.mule.runtime.api.security.Credentials)1 ExpressionManager (org.mule.runtime.core.api.el.ExpressionManager)1 CryptoFailureException (org.mule.runtime.core.api.security.CryptoFailureException)1 EncryptionStrategyNotFoundException (org.mule.runtime.core.api.security.EncryptionStrategyNotFoundException)1 SecurityProvider (org.mule.runtime.core.api.security.SecurityProvider)1 CredentialsNotSetException (org.mule.runtime.core.internal.security.CredentialsNotSetException)1