Example 1 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project cas by apereo.
the class OAuthClientAuthenticator method validate.
@Override
public void validate(final UsernamePasswordCredentials credentials, final WebContext context) throws CredentialsException {
final String id = credentials.getUsername();
final String secret = credentials.getPassword();
final OAuthRegisteredService registeredService = OAuthUtils.getRegisteredOAuthService(this.servicesManager, id);
if (!this.validator.checkServiceValid(registeredService)) {
throw new CredentialsException("Service invalid for client identifier: " + id);
}
if (!this.validator.checkClientSecret(registeredService, secret)) {
throw new CredentialsException("Bad secret for client identifier: " + id);
}
final OAuthClientProfile profile = new OAuthClientProfile();
profile.setId(id);
credentials.setUserProfile(profile);
}
Also used :
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
OAuthClientProfile(org.apereo.cas.support.oauth.profile.OAuthClientProfile)
CredentialsException(org.pac4j.core.exception.CredentialsException)
Example 2 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project cas by apereo.
the class OAuthUserAuthenticator method validate.
@Override
public void validate(final UsernamePasswordCredentials credentials, final WebContext context) throws CredentialsException {
final UsernamePasswordCredential casCredential = new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
try {
final String clientId = context.getRequestParameter(OAuthConstants.CLIENT_ID);
final Service service = this.webApplicationServiceFactory.createService(clientId);
final RegisteredService registeredService = OAuthUtils.getRegisteredOAuthService(this.servicesManager, clientId);
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredService);
final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(null, casCredential);
final Authentication authentication = authenticationResult.getAuthentication();
final Principal principal = authentication.getPrincipal();
final OAuthUserProfile profile = new OAuthUserProfile();
final String id = registeredService.getUsernameAttributeProvider().resolveUsername(principal, service);
LOGGER.debug("Created profile id [{}]", id);
profile.setId(id);
final Map<String, Object> attributes = registeredService.getAttributeReleasePolicy().getAttributes(principal, registeredService);
profile.addAttributes(attributes);
LOGGER.debug("Authenticated user profile [{}]", profile);
credentials.setUserProfile(profile);
} catch (final Exception e) {
throw new CredentialsException("Cannot login user using CAS internal authentication", e);
}
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
CredentialsException(org.pac4j.core.exception.CredentialsException)
UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential)
OAuthUserProfile(org.apereo.cas.support.oauth.profile.OAuthUserProfile)
Principal(org.apereo.cas.authentication.principal.Principal)
CredentialsException(org.pac4j.core.exception.CredentialsException)
AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)
Example 3 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project pac4j by pac4j.
the class JwtAuthenticator method validate.
@Override
public void validate(final TokenCredentials credentials, final WebContext context) {
init();
final String token = credentials.getToken();
if (context != null) {
// set the www-authenticate in case of error
context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Bearer realm=\"" + realmName + "\"");
}
try {
// Parse the token
JWT jwt = JWTParser.parse(token);
if (jwt instanceof PlainJWT) {
if (signatureConfigurations.isEmpty()) {
logger.debug("JWT is not signed and no signature configurations -> verified");
} else {
throw new CredentialsException("A non-signed JWT cannot be accepted as signature configurations have been defined");
}
} else {
SignedJWT signedJWT = null;
if (jwt instanceof SignedJWT) {
signedJWT = (SignedJWT) jwt;
}
// encrypted?
if (jwt instanceof EncryptedJWT) {
logger.debug("JWT is encrypted");
final EncryptedJWT encryptedJWT = (EncryptedJWT) jwt;
boolean found = false;
final JWEHeader header = encryptedJWT.getHeader();
final JWEAlgorithm algorithm = header.getAlgorithm();
final EncryptionMethod method = header.getEncryptionMethod();
for (final EncryptionConfiguration config : encryptionConfigurations) {
if (config.supports(algorithm, method)) {
logger.debug("Using encryption configuration: {}", config);
try {
config.decrypt(encryptedJWT);
signedJWT = encryptedJWT.getPayload().toSignedJWT();
if (signedJWT != null) {
jwt = signedJWT;
}
found = true;
break;
} catch (final JOSEException e) {
logger.debug("Decryption fails with encryption configuration: {}, passing to the next one", config);
}
}
}
if (!found) {
throw new CredentialsException("No encryption algorithm found for JWT: " + token);
}
}
// signed?
if (signedJWT != null) {
logger.debug("JWT is signed");
boolean verified = false;
boolean found = false;
final JWSAlgorithm algorithm = signedJWT.getHeader().getAlgorithm();
for (final SignatureConfiguration config : signatureConfigurations) {
if (config.supports(algorithm)) {
logger.debug("Using signature configuration: {}", config);
try {
verified = config.verify(signedJWT);
found = true;
if (verified) {
break;
}
} catch (final JOSEException e) {
logger.debug("Verification fails with signature configuration: {}, passing to the next one", config);
}
}
}
if (!found) {
throw new CredentialsException("No signature algorithm found for JWT: " + token);
}
if (!verified) {
throw new CredentialsException("JWT verification failed: " + token);
}
}
}
createJwtProfile(credentials, jwt);
} catch (final ParseException e) {
throw new CredentialsException("Cannot decrypt / verify JWT", e);
}
}
Also used :
PlainJWT(com.nimbusds.jwt.PlainJWT)
SignatureConfiguration(org.pac4j.jwt.config.signature.SignatureConfiguration)
EncryptionConfiguration(org.pac4j.jwt.config.encryption.EncryptionConfiguration)
PlainJWT(com.nimbusds.jwt.PlainJWT)
JWT(com.nimbusds.jwt.JWT)
SignedJWT(com.nimbusds.jwt.SignedJWT)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
SignedJWT(com.nimbusds.jwt.SignedJWT)
EncryptionMethod(com.nimbusds.jose.EncryptionMethod)
CredentialsException(org.pac4j.core.exception.CredentialsException)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
JWEHeader(com.nimbusds.jose.JWEHeader)
JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm)
ParseException(java.text.ParseException)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
JOSEException(com.nimbusds.jose.JOSEException)
Example 4 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project pac4j by pac4j.
the class FormClient method retrieveCredentials.
@Override
protected UsernamePasswordCredentials retrieveCredentials(final WebContext context) {
CommonHelper.assertNotNull("credentialsExtractor", getCredentialsExtractor());
CommonHelper.assertNotNull("authenticator", getAuthenticator());
final String username = context.getRequestParameter(this.usernameParameter);
UsernamePasswordCredentials credentials;
try {
// retrieve credentials
credentials = getCredentialsExtractor().extract(context);
logger.debug("usernamePasswordCredentials: {}", credentials);
if (credentials == null) {
throw handleInvalidCredentials(context, username, "Username and password cannot be blank -> return to the form with error", MISSING_FIELD_ERROR);
}
// validate credentials
getAuthenticator().validate(credentials, context);
} catch (final CredentialsException e) {
throw handleInvalidCredentials(context, username, "Credentials validation fails -> return to the form with error", computeErrorMessage(e));
}
return credentials;
}
Also used :
CredentialsException(org.pac4j.core.exception.CredentialsException)
UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials)
Example 5 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project pac4j by pac4j.
the class IndirectBasicAuthClient method retrieveCredentials.
@Override
protected UsernamePasswordCredentials retrieveCredentials(final WebContext context) {
assertNotNull("credentialsExtractor", getCredentialsExtractor());
assertNotNull("authenticator", getAuthenticator());
// set the www-authenticate in case of error
context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Basic realm=\"" + realmName + "\"");
final UsernamePasswordCredentials credentials;
try {
// retrieve credentials
credentials = getCredentialsExtractor().extract(context);
logger.debug("credentials : {}", credentials);
if (credentials == null) {
throw HttpAction.unauthorized(context);
}
// validate credentials
getAuthenticator().validate(credentials, context);
} catch (final CredentialsException e) {
throw HttpAction.unauthorized(context);
}
return credentials;
}
Also used :
CredentialsException(org.pac4j.core.exception.CredentialsException)
UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials)
Aggregations
CredentialsException (org.pac4j.core.exception.CredentialsException)20
TokenCredentials (org.pac4j.core.credentials.TokenCredentials)5
CommonProfile (org.pac4j.core.profile.CommonProfile)5
lombok.val (lombok.val)4
UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)4
Authentication (org.apereo.cas.authentication.Authentication)2
AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)2
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)2
Principal (org.apereo.cas.authentication.principal.Principal)2
Service (org.apereo.cas.authentication.principal.Service)2
RegisteredService (org.apereo.cas.services.RegisteredService)2
OAuthClientProfile (org.apereo.cas.support.oauth.profile.OAuthClientProfile)2
OAuthUserProfile (org.apereo.cas.support.oauth.profile.OAuthUserProfile)2
OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)2
DigestCredentials (org.pac4j.http.credentials.DigestCredentials)2
EncryptionMethod (com.nimbusds.jose.EncryptionMethod)1
JOSEException (com.nimbusds.jose.JOSEException)1
JWEAlgorithm (com.nimbusds.jose.JWEAlgorithm)1
JWEHeader (com.nimbusds.jose.JWEHeader)1
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1
