Search in sources :

Example 1 with Credentials

use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.

the class InteractiveAuthServlet method service.

@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    log.debug("Entered InteractiveAuthServlet");
    try {
        String redirectUrl;
        SsoSession ssoSession = SsoUtils.getSsoSession(request);
        // clean up the sso session id token
        ssoContext.removeSsoSessionById(ssoSession);
        if (StringUtils.isEmpty(ssoSession.getClientId())) {
            redirectUrl = ssoContext.getEngineUrl();
        } else {
            Credentials userCredentials = getUserCredentials(request);
            try {
                if (SsoUtils.isUserAuthenticated(request)) {
                    log.debug("User is authenticated redirecting to {}", SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI);
                    redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI;
                } else {
                    redirectUrl = authenticateUser(request, response, userCredentials);
                }
            } catch (AuthenticationException ex) {
                if (userCredentials != null) {
                    String profile = userCredentials.getProfile() == null ? "N/A" : userCredentials.getProfile();
                    log.error("Cannot authenticate user '{}@{}' connecting from '{}': {}", userCredentials.getUsername(), profile, ssoSession.getSourceAddr(), ex.getMessage());
                    log.debug("Exception", ex);
                    SsoUtils.getSsoSession(request).setLoginMessage(ex.getMessage());
                }
                log.debug("Redirecting to LoginPage");
                ssoSession.setReauthenticate(false);
                ssoContext.registerSsoSessionById(SsoUtils.generateIdToken(), ssoSession);
                if (StringUtils.isNotEmpty(ssoContext.getSsoDefaultProfile()) && Arrays.stream(request.getCookies()).noneMatch(c -> c.getName().equals("profile"))) {
                    Cookie cookie = new Cookie("profile", ssoContext.getSsoDefaultProfile());
                    cookie.setSecure("https".equalsIgnoreCase(request.getScheme()));
                    response.addCookie(cookie);
                }
                redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_FORM_URI;
            }
        }
        if (redirectUrl != null) {
            response.sendRedirect(redirectUrl);
        }
    } catch (Exception ex) {
        SsoUtils.redirectToErrorPage(request, response, ex);
    }
}
Also used : Cookie(javax.servlet.http.Cookie) AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException) SsoSession(org.ovirt.engine.core.sso.utils.SsoSession) Credentials(org.ovirt.engine.core.sso.utils.Credentials) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)

Example 2 with Credentials

use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.

the class InteractiveBasicAuthServlet method service.

@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    log.debug("Extracting basic auth credentials from header");
    Credentials credentials = SsoUtils.getUserCredentialsFromHeader(request);
    boolean credentialsValid = false;
    try {
        credentialsValid = credentials != null && SsoUtils.areCredentialsValid(request, credentials);
    } catch (AuthenticationException ex) {
        log.error("Error validating credentials: {}", ex.getMessage());
        log.debug("Exception", ex);
    }
    if (credentialsValid) {
        log.debug("Credentials Valid redirecting to url: {}", SsoConstants.INTERACTIVE_LOGIN_URI);
        SsoUtils.getSsoSession(request).setTempCredentials(credentials);
        response.sendRedirect(request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_URI);
    } else {
        log.debug("Redirecting to url: {}", SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI);
        response.sendRedirect(request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI);
    }
}
Also used : AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException) Credentials(org.ovirt.engine.core.sso.utils.Credentials)

Example 3 with Credentials

use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.

the class InteractiveBasicEnforceServlet method service.

@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    Credentials credentials = SsoUtils.getUserCredentialsFromHeader(request);
    if (credentials != null) {
        log.debug("Credentials Obtained redirecting to url: {}", SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI);
        SsoUtils.getSsoSession(request).setTempCredentials(credentials);
        response.sendRedirect(request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI);
    } else {
        response.setHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
    }
}
Also used : Credentials(org.ovirt.engine.core.sso.utils.Credentials)

Example 4 with Credentials

use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.

the class OAuthTokenServlet method handleIssueTokenForPasswd.

protected SsoSession handleIssueTokenForPasswd(HttpServletRequest request, String scope, Credentials credentials) throws Exception {
    String token = null;
    if (credentials != null && SsoUtils.areCredentialsValid(request, credentials)) {
        AuthenticationUtils.handleCredentials(ssoContext, request, credentials, false);
        token = (String) request.getAttribute(SsoConstants.HTTP_REQ_ATTR_ACCESS_TOKEN);
    }
    log.debug("Attempting to issueTokenForPasswd for user: {}", Optional.ofNullable(credentials).map(Credentials::getUsername).orElse("null"));
    SsoSession ssoSession = SsoUtils.getSsoSessionFromRequest(request, token);
    if (ssoSession == null) {
        throw new OAuthException(SsoConstants.ERR_CODE_INVALID_GRANT, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHORIZATION_GRANT_EXPIRED_FOR_USERNAME_PASSWORD, (Locale) request.getAttribute(SsoConstants.LOCALE)));
    }
    validateClientAcceptHeader(ssoSession, request);
    SsoUtils.validateRequestScope(request, token, scope);
    return ssoSession;
}
Also used : Locale(java.util.Locale) OAuthException(org.ovirt.engine.core.sso.utils.OAuthException) Credentials(org.ovirt.engine.core.sso.utils.Credentials) SsoSession(org.ovirt.engine.core.sso.utils.SsoSession)

Example 5 with Credentials

use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.

the class InteractiveChangePasswdServlet method service.

@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    log.debug("Entered InteractiveChangePasswdServlet");
    Credentials userCredentials = null;
    String redirectUrl;
    try {
        log.debug("User is not authenticated extracting credentials from request.");
        userCredentials = getUserCredentials(request);
        if (userCredentials == null) {
            throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_UNABLE_TO_EXTRACT_CREDENTIALS, (Locale) request.getAttribute(SsoConstants.LOCALE)));
        }
        if (!userCredentials.getNewCredentials().equals(userCredentials.getConfirmedNewCredentials())) {
            throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_PASSWORDS_DONT_MATCH, (Locale) request.getAttribute(SsoConstants.LOCALE)));
        }
        redirectUrl = changeUserPasswd(request, userCredentials);
    } catch (Exception ex) {
        String msg = String.format(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CHANGE_PASSWORD_FAILED, (Locale) request.getAttribute(SsoConstants.LOCALE)), userCredentials == null ? "" : userCredentials.getUsername() + "@" + userCredentials.getProfile(), ex.getMessage());
        log.error(msg);
        log.debug("Exception", ex);
        SsoUtils.getSsoSession(request).setChangePasswdMessage(msg);
        redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_CHANGE_PASSWD_FORM_URI;
    }
    log.debug("Redirecting to url: {}", redirectUrl);
    response.sendRedirect(redirectUrl);
}
Also used : Locale(java.util.Locale) AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException) Credentials(org.ovirt.engine.core.sso.utils.Credentials) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) AuthenticationException(org.ovirt.engine.core.sso.utils.AuthenticationException)

Aggregations

Credentials (org.ovirt.engine.core.sso.utils.Credentials)9 AuthenticationException (org.ovirt.engine.core.sso.utils.AuthenticationException)6 Locale (java.util.Locale)4 SsoSession (org.ovirt.engine.core.sso.utils.SsoSession)4 IOException (java.io.IOException)3 ServletException (javax.servlet.ServletException)3 Cookie (javax.servlet.http.Cookie)1 OAuthException (org.ovirt.engine.core.sso.utils.OAuthException)1