use of org.neo4j.graphdb.security.AuthProviderFailedException in project neo4j by neo4j.
the class LdapRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
try {
AuthorizationInfo info = super.doGetAuthorizationInfo(principals);
securityLog.debug(withRealm("Queried for authorization info for user '%s'", principals.getPrimaryPrincipal()));
return info;
} catch (AuthorizationException e) {
securityLog.error(withRealm("Failed to get authorization info: '%s' caused by '%s'", e.getMessage(), e.getCause().getMessage()));
if (isAuthorizationExceptionAnLdapReadTimeout(e)) {
throw new AuthProviderTimeoutException(LDAP_READ_TIMEOUT_CLIENT_MESSAGE, e);
}
throw new AuthProviderFailedException(LDAP_AUTHORIZATION_FAILURE_CLIENT_MESSAGE, e);
}
}
use of org.neo4j.graphdb.security.AuthProviderFailedException in project neo4j by neo4j.
the class AuthorizationEnabledFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
validateRequestType(servletRequest);
validateResponseType(servletResponse);
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final String path = request.getContextPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
if (request.getMethod().equals("OPTIONS") || whitelisted(path)) {
// NOTE: If starting transactions with access mode on whitelisted uris should be possible we need to
// wrap servletRequest in an AuthorizedRequestWarpper here
filterChain.doFilter(servletRequest, servletResponse);
return;
}
final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
if (header == null) {
requestAuthentication(request, noHeader).accept(response);
return;
}
final String[] usernameAndPassword = extractCredential(header);
if (usernameAndPassword == null) {
badHeader.accept(response);
return;
}
final String username = usernameAndPassword[0];
final String password = usernameAndPassword[1];
try {
SecurityContext securityContext = authenticate(username, password);
switch(securityContext.subject().getAuthenticationResult()) {
case PASSWORD_CHANGE_REQUIRED:
if (!PASSWORD_CHANGE_WHITELIST.matcher(path).matches()) {
passwordChangeRequired(username, baseURL(request)).accept(response);
return;
}
// fall through
case SUCCESS:
try {
filterChain.doFilter(new AuthorizedRequestWrapper(BASIC_AUTH, username, request, securityContext), servletResponse);
} catch (AuthorizationViolationException e) {
unauthorizedAccess(e.getMessage()).accept(response);
}
return;
case TOO_MANY_ATTEMPTS:
tooManyAttempts.accept(response);
return;
default:
log.warn("Failed authentication attempt for '%s' from %s", username, request.getRemoteAddr());
requestAuthentication(request, invalidCredential).accept(response);
}
} catch (InvalidAuthTokenException e) {
requestAuthentication(request, invalidAuthToken(e.getMessage())).accept(response);
} catch (AuthProviderTimeoutException e) {
authProviderTimeout.accept(response);
} catch (AuthProviderFailedException e) {
authProviderFailed.accept(response);
}
}
Aggregations