Search in sources :

Example 1 with AuthenticateResponse

use of org.platformlayer.auth.model.AuthenticateResponse in project platformlayer by platformlayer.

the class LoginService method authenticate.

public AuthenticateResponse authenticate(HttpServletRequest httpRequest, AuthenticateRequest request) {
    AuthenticateResponse response = new AuthenticateResponse();
    String username = null;
    UserEntity user = null;
    if (request.auth.passwordCredentials != null) {
        username = request.auth.passwordCredentials.username;
        String password = request.auth.passwordCredentials.password;
        try {
            user = userAuthenticator.authenticate(username, password);
        } catch (AuthenticatorException e) {
            // An exception indicates something went wrong (i.e. not just
            // bad credentials)
            log.warn("Error while getting user info", e);
            throw new IllegalStateException("Error while getting user info", e);
        }
    } else if (request.auth.certificateCredentials != null) {
        username = request.auth.certificateCredentials.username;
        X509Certificate[] certificateChain = HttpUtils.getCertificateChain(httpRequest);
        if (certificateChain == null) {
            return null;
        }
        byte[] challengeResponse = request.auth.certificateCredentials.challengeResponse;
        CertificateAuthenticationRequest details = new CertificateAuthenticationRequest();
        details.certificateChain = certificateChain;
        details.username = username;
        // details.projectKey = projectKey;
        details.challengeResponse = challengeResponse;
        CertificateAuthenticationResponse result = null;
        try {
            result = userAuthenticator.authenticate(details);
        } catch (AuthenticatorException e) {
            log.warn("Error while authenticating by certificate", e);
            throw new IllegalStateException("Error while authenticating by certificate", e);
        }
        if (result == null) {
            return null;
        }
        if (challengeResponse != null) {
            if (result.user == null) {
                return null;
            }
            user = (UserEntity) result.user;
        } else {
            log.debug("Returning authentication challenge for user: " + username);
            response.challenge = result.challenge;
            return response;
        }
    } else {
        return null;
    }
    if (user == null) {
        log.debug("Authentication request failed.  Username=" + username);
        return null;
    }
    log.debug("Successful authentication for user: " + user.key);
    response.access = tokenHelpers.buildAccess(user);
    return response;
}
Also used : AuthenticateResponse(org.platformlayer.auth.model.AuthenticateResponse) CertificateAuthenticationResponse(org.platformlayer.auth.CertificateAuthenticationResponse) CertificateAuthenticationRequest(org.platformlayer.auth.CertificateAuthenticationRequest) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) UserEntity(org.platformlayer.auth.UserEntity)

Example 2 with AuthenticateResponse

use of org.platformlayer.auth.model.AuthenticateResponse in project platformlayer by platformlayer.

the class RestLoginServlet method processRequest.

protected void processRequest(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse, final AuthenticateRequest request, boolean checkLimit) throws IOException {
    try {
        if (request.auth == null) {
            httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }
        String username = getUsername(request);
        if (Strings.isNullOrEmpty(username)) {
            httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }
        if (checkLimit && limits.isOverLimit(httpRequest, username)) {
            final AsyncContext asyncContext = httpRequest.startAsync(httpRequest, httpResponse);
            asyncExecutor.schedule(LoginService.OVER_LIMIT_DELAY, new Runnable() {

                @Override
                public void run() {
                    try {
                        processRequest(httpRequest, httpResponse, request, false);
                        asyncContext.complete();
                    } catch (Exception e) {
                        log.error("Unexpected error caught in async task", e);
                    }
                }
            });
            return;
        }
        AuthenticateResponse authenticateResponse = loginService.authenticate(httpRequest, request);
        if (authenticateResponse == null) {
            limits.recordFail(httpRequest, username);
            httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }
        marshaller.write(httpRequest, httpResponse, authenticateResponse);
    } catch (WebApplicationException e) {
        log.info("Returning exception from servlet", e);
        httpResponse.sendError(e.getResponse().getStatus());
    } catch (Exception e) {
        log.warn("Unexpected error in servlet", e);
        httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    }
}
Also used : AuthenticateResponse(org.platformlayer.auth.model.AuthenticateResponse) WebApplicationException(javax.ws.rs.WebApplicationException) AsyncContext(javax.servlet.AsyncContext) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) WebApplicationException(javax.ws.rs.WebApplicationException)

Aggregations

AuthenticateResponse (org.platformlayer.auth.model.AuthenticateResponse)2 IOException (java.io.IOException)1 AsyncContext (javax.servlet.AsyncContext)1 ServletException (javax.servlet.ServletException)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 AuthenticatorException (org.platformlayer.auth.AuthenticatorException)1 CertificateAuthenticationRequest (org.platformlayer.auth.CertificateAuthenticationRequest)1 CertificateAuthenticationResponse (org.platformlayer.auth.CertificateAuthenticationResponse)1 UserEntity (org.platformlayer.auth.UserEntity)1