Example 11 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project cas by apereo.
the class OAuth20ProofKeyCodeExchangeAuthenticator method validateCredentials.
@Override
protected void validateCredentials(final UsernamePasswordCredentials credentials, final OAuthRegisteredService registeredService, final WebContext context, final SessionStore sessionStore) {
val clientSecret = OAuth20Utils.getClientIdAndClientSecret(context, sessionStore).getRight();
if (!OAuth20Utils.checkClientSecret(registeredService, clientSecret, getRegisteredServiceCipherExecutor())) {
throw new CredentialsException("Client Credentials provided is not valid for service: " + registeredService.getName());
}
val codeVerifier = context.getRequestParameter(OAuth20Constants.CODE_VERIFIER).map(String::valueOf).orElse(StringUtils.EMPTY);
val code = context.getRequestParameter(OAuth20Constants.CODE).map(String::valueOf).orElse(StringUtils.EMPTY);
val token = getTicketRegistry().getTicket(code, OAuth20Code.class);
if (token == null || token.isExpired()) {
LOGGER.error("Provided code [{}] is either not found in the ticket registry or has expired", code);
throw new CredentialsException("Invalid token: " + code);
}
val method = StringUtils.defaultIfEmpty(token.getCodeChallengeMethod(), "plain");
val hash = calculateCodeVerifierHash(method, codeVerifier);
if (!hash.equalsIgnoreCase(token.getCodeChallenge())) {
LOGGER.error("Code verifier [{}] does not match the challenge [{}]", hash, token.getCodeChallenge());
throw new CredentialsException("Code verification does not match the challenge assigned to: " + token.getId());
}
LOGGER.debug("Validated code verifier using verification method [{}]", method);
}
Also used :
lombok.val(lombok.val)
CredentialsException(org.pac4j.core.exception.CredentialsException)
Example 12 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project cas by apereo.
the class OAuth20ClientAuthenticator method validate.
@Override
public void validate(final UsernamePasswordCredentials credentials, final WebContext context) throws CredentialsException {
LOGGER.debug("Authenticating credential [{}]", credentials);
final String id = credentials.getUsername();
final String secret = credentials.getPassword();
final OAuthRegisteredService registeredService = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, id);
if (!this.validator.checkServiceValid(registeredService)) {
throw new CredentialsException("Service invalid for client identifier: " + id);
}
if (!this.validator.checkClientSecret(registeredService, secret)) {
throw new CredentialsException("Bad secret for client identifier: " + id);
}
final OAuthClientProfile profile = new OAuthClientProfile();
profile.setId(id);
credentials.setUserProfile(profile);
LOGGER.debug("Authenticated user profile [{}]", profile);
}
Also used :
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
OAuthClientProfile(org.apereo.cas.support.oauth.profile.OAuthClientProfile)
CredentialsException(org.pac4j.core.exception.CredentialsException)
Example 13 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project cas by apereo.
the class OAuth20UserAuthenticator method validate.
@Override
public void validate(final UsernamePasswordCredentials credentials, final WebContext context) throws CredentialsException {
final UsernamePasswordCredential casCredential = new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
try {
final String clientId = context.getRequestParameter(OAuth20Constants.CLIENT_ID);
final Service service = this.webApplicationServiceFactory.createService(clientId);
final RegisteredService registeredService = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, clientId);
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredService);
final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(null, casCredential);
final Authentication authentication = authenticationResult.getAuthentication();
final Principal principal = authentication.getPrincipal();
final OAuthUserProfile profile = new OAuthUserProfile();
final String id = registeredService.getUsernameAttributeProvider().resolveUsername(principal, service, registeredService);
LOGGER.debug("Created profile id [{}]", id);
profile.setId(id);
final Map<String, Object> attributes = registeredService.getAttributeReleasePolicy().getAttributes(principal, service, registeredService);
profile.addAttributes(attributes);
LOGGER.debug("Authenticated user profile [{}]", profile);
credentials.setUserProfile(profile);
} catch (final Exception e) {
throw new CredentialsException("Cannot login user using CAS internal authentication", e);
}
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
CredentialsException(org.pac4j.core.exception.CredentialsException)
UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential)
OAuthUserProfile(org.apereo.cas.support.oauth.profile.OAuthUserProfile)
Principal(org.apereo.cas.authentication.principal.Principal)
CredentialsException(org.pac4j.core.exception.CredentialsException)
AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)
Example 14 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project pac4j by pac4j.
the class IndirectKerberosClient method retrieveCredentials.
@Override
protected KerberosCredentials retrieveCredentials(final WebContext context) {
CommonHelper.assertNotNull("credentialsExtractor", getCredentialsExtractor());
CommonHelper.assertNotNull("authenticator", getAuthenticator());
// set the www-authenticate in case of error
context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Negotiate");
final KerberosCredentials credentials;
try {
// retrieve credentials
credentials = getCredentialsExtractor().extract(context);
logger.debug("kerberos credentials : {}", credentials);
if (credentials == null) {
throw HttpAction.unauthorized(context);
}
// validate credentials
getAuthenticator().validate(credentials, context);
} catch (final CredentialsException e) {
throw HttpAction.unauthorized(context);
}
return credentials;
}
Also used :
KerberosCredentials(org.pac4j.kerberos.credentials.KerberosCredentials)
CredentialsException(org.pac4j.core.exception.CredentialsException)
Example 15 with CredentialsException
use of org.pac4j.core.exception.CredentialsException in project pac4j by pac4j.
the class SimpleTestUsernamePasswordAuthenticator method validate.
@Override
public void validate(final UsernamePasswordCredentials credentials, final WebContext context) {
if (credentials == null) {
throw new CredentialsException("No credential");
}
String username = credentials.getUsername();
String password = credentials.getPassword();
if (CommonHelper.isBlank(username)) {
throw new CredentialsException("Username cannot be blank");
}
if (CommonHelper.isBlank(password)) {
throw new CredentialsException("Password cannot be blank");
}
if (CommonHelper.areNotEquals(username, password)) {
throw new CredentialsException("Username : '" + username + "' does not match password");
}
final CommonProfile profile = new CommonProfile();
profile.setId(username);
profile.addAttribute(Pac4jConstants.USERNAME, username);
credentials.setUserProfile(profile);
}
Also used :
CommonProfile(org.pac4j.core.profile.CommonProfile)
CredentialsException(org.pac4j.core.exception.CredentialsException)
Aggregations
CredentialsException (org.pac4j.core.exception.CredentialsException)20
TokenCredentials (org.pac4j.core.credentials.TokenCredentials)5
CommonProfile (org.pac4j.core.profile.CommonProfile)5
lombok.val (lombok.val)4
UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)4
Authentication (org.apereo.cas.authentication.Authentication)2
AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)2
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)2
Principal (org.apereo.cas.authentication.principal.Principal)2
Service (org.apereo.cas.authentication.principal.Service)2
RegisteredService (org.apereo.cas.services.RegisteredService)2
OAuthClientProfile (org.apereo.cas.support.oauth.profile.OAuthClientProfile)2
OAuthUserProfile (org.apereo.cas.support.oauth.profile.OAuthUserProfile)2
OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)2
DigestCredentials (org.pac4j.http.credentials.DigestCredentials)2
EncryptionMethod (com.nimbusds.jose.EncryptionMethod)1
JOSEException (com.nimbusds.jose.JOSEException)1
JWEAlgorithm (com.nimbusds.jose.JWEAlgorithm)1
JWEHeader (com.nimbusds.jose.JWEHeader)1
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1
