use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.
the class InteractiveAuthServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
log.debug("Entered InteractiveAuthServlet");
try {
String redirectUrl;
SsoSession ssoSession = SsoUtils.getSsoSession(request);
// clean up the sso session id token
ssoContext.removeSsoSessionById(ssoSession);
if (StringUtils.isEmpty(ssoSession.getClientId())) {
redirectUrl = ssoContext.getEngineUrl();
} else {
Credentials userCredentials = getUserCredentials(request);
try {
if (SsoUtils.isUserAuthenticated(request)) {
log.debug("User is authenticated redirecting to {}", SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI);
redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_REDIRECT_TO_MODULE_URI;
} else {
redirectUrl = authenticateUser(request, response, userCredentials);
}
} catch (AuthenticationException ex) {
if (userCredentials != null) {
String profile = userCredentials.getProfile() == null ? "N/A" : userCredentials.getProfile();
log.error("Cannot authenticate user '{}@{}' connecting from '{}': {}", userCredentials.getUsername(), profile, ssoSession.getSourceAddr(), ex.getMessage());
log.debug("Exception", ex);
SsoUtils.getSsoSession(request).setLoginMessage(ex.getMessage());
}
log.debug("Redirecting to LoginPage");
ssoSession.setReauthenticate(false);
ssoContext.registerSsoSessionById(SsoUtils.generateIdToken(), ssoSession);
if (StringUtils.isNotEmpty(ssoContext.getSsoDefaultProfile()) && Arrays.stream(request.getCookies()).noneMatch(c -> c.getName().equals("profile"))) {
Cookie cookie = new Cookie("profile", ssoContext.getSsoDefaultProfile());
cookie.setSecure("https".equalsIgnoreCase(request.getScheme()));
response.addCookie(cookie);
}
redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_FORM_URI;
}
}
if (redirectUrl != null) {
response.sendRedirect(redirectUrl);
}
} catch (Exception ex) {
SsoUtils.redirectToErrorPage(request, response, ex);
}
}
use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.
the class InteractiveBasicAuthServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
log.debug("Extracting basic auth credentials from header");
Credentials credentials = SsoUtils.getUserCredentialsFromHeader(request);
boolean credentialsValid = false;
try {
credentialsValid = credentials != null && SsoUtils.areCredentialsValid(request, credentials);
} catch (AuthenticationException ex) {
log.error("Error validating credentials: {}", ex.getMessage());
log.debug("Exception", ex);
}
if (credentialsValid) {
log.debug("Credentials Valid redirecting to url: {}", SsoConstants.INTERACTIVE_LOGIN_URI);
SsoUtils.getSsoSession(request).setTempCredentials(credentials);
response.sendRedirect(request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_URI);
} else {
log.debug("Redirecting to url: {}", SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI);
response.sendRedirect(request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI);
}
}
use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.
the class InteractiveBasicEnforceServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Credentials credentials = SsoUtils.getUserCredentialsFromHeader(request);
if (credentials != null) {
log.debug("Credentials Obtained redirecting to url: {}", SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI);
SsoUtils.getSsoSession(request).setTempCredentials(credentials);
response.sendRedirect(request.getContextPath() + SsoConstants.INTERACTIVE_LOGIN_NEXT_AUTH_URI);
} else {
response.setHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.
the class OAuthTokenServlet method handleIssueTokenForPasswd.
protected SsoSession handleIssueTokenForPasswd(HttpServletRequest request, String scope, Credentials credentials) throws Exception {
String token = null;
if (credentials != null && SsoUtils.areCredentialsValid(request, credentials)) {
AuthenticationUtils.handleCredentials(ssoContext, request, credentials, false);
token = (String) request.getAttribute(SsoConstants.HTTP_REQ_ATTR_ACCESS_TOKEN);
}
log.debug("Attempting to issueTokenForPasswd for user: {}", Optional.ofNullable(credentials).map(Credentials::getUsername).orElse("null"));
SsoSession ssoSession = SsoUtils.getSsoSessionFromRequest(request, token);
if (ssoSession == null) {
throw new OAuthException(SsoConstants.ERR_CODE_INVALID_GRANT, ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_AUTHORIZATION_GRANT_EXPIRED_FOR_USERNAME_PASSWORD, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
validateClientAcceptHeader(ssoSession, request);
SsoUtils.validateRequestScope(request, token, scope);
return ssoSession;
}
use of org.ovirt.engine.core.sso.utils.Credentials in project ovirt-engine by oVirt.
the class InteractiveChangePasswdServlet method service.
@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
log.debug("Entered InteractiveChangePasswdServlet");
Credentials userCredentials = null;
String redirectUrl;
try {
log.debug("User is not authenticated extracting credentials from request.");
userCredentials = getUserCredentials(request);
if (userCredentials == null) {
throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_UNABLE_TO_EXTRACT_CREDENTIALS, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
if (!userCredentials.getNewCredentials().equals(userCredentials.getConfirmedNewCredentials())) {
throw new AuthenticationException(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_PASSWORDS_DONT_MATCH, (Locale) request.getAttribute(SsoConstants.LOCALE)));
}
redirectUrl = changeUserPasswd(request, userCredentials);
} catch (Exception ex) {
String msg = String.format(ssoContext.getLocalizationUtils().localize(SsoConstants.APP_ERROR_CHANGE_PASSWORD_FAILED, (Locale) request.getAttribute(SsoConstants.LOCALE)), userCredentials == null ? "" : userCredentials.getUsername() + "@" + userCredentials.getProfile(), ex.getMessage());
log.error(msg);
log.debug("Exception", ex);
SsoUtils.getSsoSession(request).setChangePasswdMessage(msg);
redirectUrl = request.getContextPath() + SsoConstants.INTERACTIVE_CHANGE_PASSWD_FORM_URI;
}
log.debug("Redirecting to url: {}", redirectUrl);
response.sendRedirect(redirectUrl);
}
Aggregations