Example 6 with AuthenticationException
use of org.ovirt.engine.core.sso.utils.AuthenticationException in project ovirt-engine by oVirt.
the class OAuthTokenServlet method issueTokenForPasswd.
protected void issueTokenForPasswd(HttpServletRequest request, HttpServletResponse response, String scope) throws Exception {
log.debug("Entered issueTokenForPasswd");
Credentials credentials = null;
try {
credentials = getCredentials(request);
SsoSession ssoSession = handleIssueTokenForPasswd(request, scope, credentials);
log.debug("Sending json response");
SsoUtils.sendJsonData(response, buildResponse(ssoSession));
} catch (AuthenticationException ex) {
String profile = "N/A";
if (credentials != null) {
profile = credentials.getProfile() == null ? "N/A" : credentials.getProfile();
}
throw new AuthenticationException(String.format(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CANNOT_AUTHENTICATE_USER_IN_DOMAIN, (Locale) request.getAttribute(SsoConstants.LOCALE)), credentials == null ? "N/A" : credentials.getUsername(), profile, ex.getMessage()));
}
}
Also used :
Locale(java.util.Locale)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
Credentials(org.ovirt.engine.core.sso.utils.Credentials)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Example 7 with AuthenticationException
use of org.ovirt.engine.core.sso.utils.AuthenticationException in project ovirt-engine by oVirt.
the class OAuthTokenServlet method issueTokenUsingHttpHeaders.
private void issueTokenUsingHttpHeaders(HttpServletRequest request, HttpServletResponse response) throws Exception {
log.debug("Entered issueTokenUsingHttpHeaders");
try {
AuthResult authResult = null;
for (NonInteractiveAuth auth : getAuthSeq()) {
authResult = auth.doAuth(request, response);
if (authResult.getStatus() == Authn.AuthResult.SUCCESS || authResult.getStatus() == Authn.AuthResult.NEGOTIATION_INCOMPLETE) {
break;
}
}
if (authResult != null && authResult.getStatus() != Authn.AuthResult.SUCCESS) {
log.debug("Authentication failed using http headers");
List<String> schemes = (List<String>) request.getAttribute(NegotiateAuthUtils.REQUEST_SCHEMES_KEY);
for (String scheme : new HashSet<>(schemes == null ? Collections.emptyList() : schemes)) {
response.setHeader("WWW-Authenticate", scheme);
}
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} else if (authResult != null && StringUtils.isNotEmpty(authResult.getToken())) {
SsoSession ssoSession = SsoUtils.getSsoSessionFromRequest(request, authResult.getToken());
if (ssoSession == null) {
throw new OAuthException(SsoConstants.ERR_CODE_INVALID_GRANT, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHORIZATION_GRANT_EXPIRED, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
validateClientAcceptHeader(ssoSession, request);
log.debug("Sending json response");
SsoUtils.sendJsonData(response, buildResponse(ssoSession));
} else {
throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHENTICATION_FAILED, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
} catch (Exception ex) {
throw new AuthenticationException(String.format(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CANNOT_AUTHENTICATE_USER, (Locale) request.getAttribute(SsoConstants.LOCALE)), ex.getMessage()));
}
}
Also used :
Locale(java.util.Locale)
NonInteractiveAuth(org.ovirt.engine.core.sso.utils.NonInteractiveAuth)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
AuthResult(org.ovirt.engine.core.sso.utils.AuthResult)
ArrayList(java.util.ArrayList)
List(java.util.List)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
ServletException(javax.servlet.ServletException)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
IOException(java.io.IOException)
HashSet(java.util.HashSet)
Example 8 with AuthenticationException
use of org.ovirt.engine.core.sso.utils.AuthenticationException in project ovirt-engine by oVirt.
the class OpenIdTokenServlet method issueTokenForPasswd.
protected void issueTokenForPasswd(HttpServletRequest request, HttpServletResponse response, String scope) throws Exception {
log.debug("Entered issueTokenForPasswd");
Credentials credentials = null;
try {
String[] clientIdAndSecret = SsoUtils.getClientIdClientSecret(request);
SsoUtils.validateClientRequest(request, clientIdAndSecret[0], clientIdAndSecret[1], scope, null);
String clientId = clientIdAndSecret[0];
String clientSecret = clientIdAndSecret[1];
credentials = getCredentials(request);
SsoSession ssoSession = handleIssueTokenForPasswd(request, scope, credentials);
log.debug("Sending json response");
SsoUtils.sendJsonData(response, buildResponse(request, ssoSession, clientId, clientSecret));
} catch (AuthenticationException ex) {
String profile = "N/A";
if (credentials != null) {
profile = credentials.getProfile() == null ? "N/A" : credentials.getProfile();
}
throw new AuthenticationException(String.format(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CANNOT_AUTHENTICATE_USER_IN_DOMAIN, (Locale) request.getAttribute(SsoConstants.LOCALE)), credentials == null ? "N/A" : credentials.getUsername(), profile, ex.getMessage()));
}
}
Also used :
Locale(java.util.Locale)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
Credentials(org.ovirt.engine.core.sso.utils.Credentials)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
Example 9 with AuthenticationException
use of org.ovirt.engine.core.sso.utils.AuthenticationException in project ovirt-engine by oVirt.
the class OpenIdUserInfoServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
log.debug("Entered OpenIdUserInfoServlet Query String: {}, Parameters : {}", request.getQueryString(), SsoUtils.getRequestParameters(request));
String token = request.getParameter(SsoConstants.HTTP_REQ_ATTR_ACCESS_TOKEN);
if (token == null) {
token = getTokenFromHeader(request);
}
if (token == null) {
throw new OAuthException(SsoConstants.ERROR, SsoConstants.ERR_CODE_INVALID_REQUEST);
}
SsoSession ssoSession = SsoUtils.getSsoSessionFromRequest(request, token);
if (!ssoSession.isActive()) {
throw new OAuthException(SsoConstants.ERR_CODE_INVALID_TOKEN, SsoConstants.ERR_SESSION_EXPIRED_MSG);
}
SsoUtils.sendJsonData(response, buildResponse(request, ssoSession), "application/jwt");
} catch (OAuthException ex) {
SsoUtils.sendJsonDataWithMessage(request, response, ex);
} catch (AuthenticationException ex) {
SsoUtils.sendJsonDataWithMessage(request, response, SsoConstants.ERR_CODE_ACCESS_DENIED, ex);
} catch (Exception ex) {
SsoUtils.sendJsonDataWithMessage(request, response, SsoConstants.ERR_CODE_SERVER_ERROR, ex);
}
}
Also used :
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)
ServletException(javax.servlet.ServletException)
OAuthException(org.ovirt.engine.core.sso.utils.OAuthException)
IOException(java.io.IOException)
AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)
Aggregations
AuthenticationException (org.ovirt.engine.core.sso.utils.AuthenticationException)9
IOException (java.io.IOException)6
ServletException (javax.servlet.ServletException)6
Credentials (org.ovirt.engine.core.sso.utils.Credentials)6
Locale (java.util.Locale)5
SsoSession (org.ovirt.engine.core.sso.utils.SsoSession)5
Cookie (javax.servlet.http.Cookie)2
OAuthException (org.ovirt.engine.core.sso.utils.OAuthException)2
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
List (java.util.List)1
AuthResult (org.ovirt.engine.core.sso.utils.AuthResult)1
NonInteractiveAuth (org.ovirt.engine.core.sso.utils.NonInteractiveAuth)1
