Examples with AuthenticationResult org.neo4j.kernel.api.security.AuthenticationResult used on opensource projects

Search in sources :

Example 6 with AuthenticationResult

use of org.neo4j.kernel.api.security.AuthenticationResult in project neo4j by neo4j.

the class BasicAuthManager method login.

@Override
public BasicSecurityContext login(Map<String, Object> authToken) throws InvalidAuthTokenException {
    assertValidScheme(authToken);
    String username = AuthToken.safeCast(AuthToken.PRINCIPAL, authToken);
    String password = AuthToken.safeCast(AuthToken.CREDENTIALS, authToken);
    User user = userRepository.getUserByName(username);
    AuthenticationResult result = AuthenticationResult.FAILURE;
    if (user != null) {
        result = authStrategy.authenticate(user, password);
        if (result == AuthenticationResult.SUCCESS && user.passwordChangeRequired()) {
            result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
        }
    }
    return new BasicSecurityContext(this, user, result);
}
Also used : User(org.neo4j.kernel.impl.security.User) AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult)

Example 7 with AuthenticationResult

use of org.neo4j.kernel.api.security.AuthenticationResult in project neo4j by neo4j.

the class InternalFlatFileRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!authenticationEnabled) {
        return null;
    }
    ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
    String username;
    String password;
    try {
        username = AuthToken.safeCast(AuthToken.PRINCIPAL, shiroAuthToken.getAuthTokenMap());
        password = AuthToken.safeCast(AuthToken.CREDENTIALS, shiroAuthToken.getAuthTokenMap());
    } catch (InvalidAuthTokenException e) {
        throw new UnsupportedTokenException(e);
    }
    User user = userRepository.getUserByName(username);
    if (user == null) {
        throw new UnknownAccountException();
    }
    AuthenticationResult result = authenticationStrategy.authenticate(user, password);
    switch(result) {
        case FAILURE:
            throw new IncorrectCredentialsException();
        case TOO_MANY_ATTEMPTS:
            throw new ExcessiveAttemptsException();
        default:
            break;
    }
    if (user.hasFlag(InternalFlatFileRealm.IS_SUSPENDED)) {
        throw new DisabledAccountException("User '" + user.name() + "' is suspended.");
    }
    if (user.passwordChangeRequired()) {
        result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
    }
    // and we do not need to store hashed credentials in the AuthenticationInfo.
    return new ShiroAuthenticationInfo(user.name(), getName(), result);
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) IncorrectCredentialsException(org.apache.shiro.authc.IncorrectCredentialsException) User(org.neo4j.kernel.impl.security.User) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException) AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult)

Example 8 with AuthenticationResult

use of org.neo4j.kernel.api.security.AuthenticationResult in project neo4j by neo4j.

the class MultiRealmAuthManagerTest method shouldNotLogAuthenticationIfFlagSaysNo.

@Test
public void shouldNotLogAuthenticationIfFlagSaysNo() throws Throwable {
    // Given
    manager.shutdown();
    manager = createAuthManager(false);
    users.create(newUser("jake", "abc123", false));
    manager.start();
    setMockAuthenticationStrategyResult("jake", "abc123", AuthenticationResult.SUCCESS);
    // When
    AuthenticationResult result = manager.login(authToken("jake", "abc123")).subject().getAuthenticationResult();
    // Then
    assertThat(result, equalTo(AuthenticationResult.SUCCESS));
    logProvider.assertNone(info("[jake]: logged in"));
}
Also used : AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult) Test(org.junit.Test)

Example 9 with AuthenticationResult

use of org.neo4j.kernel.api.security.AuthenticationResult in project neo4j by neo4j.

the class MultiRealmAuthManagerTest method shouldFailAuthenticationAndEscapeIfUserIsNotFound.

@Test
public void shouldFailAuthenticationAndEscapeIfUserIsNotFound() throws Throwable {
    // Given
    manager.start();
    // When
    AuthSubject authSubject = manager.login(authToken("unknown\n\t\r\"haxx0r\"", "abc123")).subject();
    AuthenticationResult result = authSubject.getAuthenticationResult();
    // Then
    assertThat(result, equalTo(AuthenticationResult.FAILURE));
    logProvider.assertExactly(error("[%s]: failed to log in: invalid principal or credentials", escape("unknown\n\t\r\"haxx0r\"")));
}
Also used : AuthSubject(org.neo4j.kernel.api.security.AuthSubject) AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult) Test(org.junit.Test)

Example 10 with AuthenticationResult

use of org.neo4j.kernel.api.security.AuthenticationResult in project neo4j by neo4j.

the class MultiRealmAuthManagerTest method shouldFindAndAuthenticateUserSuccessfully.

@Test
public void shouldFindAndAuthenticateUserSuccessfully() throws Throwable {
    // Given
    users.create(newUser("jake", "abc123", false));
    manager.start();
    setMockAuthenticationStrategyResult("jake", "abc123", AuthenticationResult.SUCCESS);
    // When
    AuthenticationResult result = manager.login(authToken("jake", "abc123")).subject().getAuthenticationResult();
    // Then
    assertThat(result, equalTo(AuthenticationResult.SUCCESS));
    logProvider.assertExactly(info("[jake]: logged in"));
}
Also used : AuthenticationResult(org.neo4j.kernel.api.security.AuthenticationResult) Test(org.junit.Test)

Aggregations

AuthenticationResult (org.neo4j.kernel.api.security.AuthenticationResult)13 Test (org.junit.Test)11 User (org.neo4j.kernel.impl.security.User)5 AuthSubject (org.neo4j.kernel.api.security.AuthSubject)3 DisabledAccountException (org.apache.shiro.authc.DisabledAccountException)1 ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)1 IncorrectCredentialsException (org.apache.shiro.authc.IncorrectCredentialsException)1 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)1 UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)1 InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial