Search in sources :

Example 11 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project midpoint by Evolveum.

the class AuthenticationEvaluatorImpl method checkPasswordValidityAndAge.

private <P extends CredentialPolicyType> void checkPasswordValidityAndAge(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C credentials, P passwordCredentialsPolicy) {
    if (credentials == null) {
        recordAuthenticationFailure(principal, connEnv, "no stored credential value");
        throw new AuthenticationCredentialsNotFoundException("web.security.provider.credential.bad");
    }
    validateCredentialNotNull(connEnv, principal, credentials);
    if (passwordCredentialsPolicy == null) {
        return;
    }
    Duration maxAge = passwordCredentialsPolicy.getMaxAge();
    if (maxAge != null) {
        MetadataType credentialMetedata = credentials.getMetadata();
        XMLGregorianCalendar changeTimestamp = MiscSchemaUtil.getChangeTimestamp(credentialMetedata);
        if (changeTimestamp != null) {
            XMLGregorianCalendar passwordValidUntil = XmlTypeConverter.addDuration(changeTimestamp, maxAge);
            if (clock.isPast(passwordValidUntil)) {
                recordAuthenticationFailure(principal, connEnv, "password expired");
                throw new CredentialsExpiredException("web.security.provider.password.bad");
            }
        }
    }
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) Duration(javax.xml.datatype.Duration)

Example 12 with AuthenticationCredentialsNotFoundException

use of org.springframework.security.authentication.AuthenticationCredentialsNotFoundException in project midpoint by Evolveum.

the class MidpointRestAuthenticator method handleRequest.

public void handleRequest(AuthorizationPolicy policy, Message m, ContainerRequestContext requestCtx) {
    if (policy == null) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    T authenticationContext = createAuthenticationContext(policy, requestCtx);
    if (authenticationContext == null) {
        return;
    }
    String enteredUsername = authenticationContext.getUsername();
    if (enteredUsername == null) {
        RestServiceUtil.createAbortMessage(requestCtx);
        return;
    }
    LOGGER.trace("Authenticating username '{}' to REST service", enteredUsername);
    // We need to create task before attempting authentication. Task ID is also a session ID.
    Task task = taskManager.createTaskInstance(ModelRestService.OPERATION_REST_SERVICE);
    task.setChannel(SchemaConstants.CHANNEL_REST_URI);
    ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI);
    connEnv.setSessionIdOverride(task.getTaskIdentifier());
    UsernamePasswordAuthenticationToken token;
    try {
        token = getAuthenticationEvaluator().authenticate(connEnv, authenticationContext);
    } catch (UsernameNotFoundException | BadCredentialsException e) {
        LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
        requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic authentication failed. Cannot authenticate user.").build());
        return;
    } catch (DisabledException | LockedException | CredentialsExpiredException | AccessDeniedException | AuthenticationCredentialsNotFoundException | AuthenticationServiceException e) {
        LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
        requestCtx.abortWith(Response.status(Status.FORBIDDEN).build());
        return;
    }
    UserType user = ((MidPointPrincipal) token.getPrincipal()).getUser();
    task.setOwner(user.asPrismObject());
    //  m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
    if (!authorizeUser(user, null, enteredUsername, connEnv, requestCtx)) {
        return;
    }
    String oid = requestCtx.getHeaderString("Switch-To-Principal");
    OperationResult result = task.getResult();
    if (StringUtils.isNotBlank(oid)) {
        try {
            PrismObject<UserType> authorizedUser = model.getObject(UserType.class, oid, null, task, result);
            task.setOwner(authorizedUser);
            if (!authorizeUser(AuthorizationConstants.AUTZ_REST_PROXY_URL, user, authorizedUser, enteredUsername, connEnv, requestCtx)) {
                return;
            }
            if (!authorizeUser(authorizedUser.asObjectable(), null, authorizedUser.getName().getOrig(), connEnv, requestCtx)) {
                return;
            }
        } catch (ObjectNotFoundException | SchemaException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
            LOGGER.trace("Exception while authenticating user identified with '{}' to REST service: {}", oid, e.getMessage(), e);
            requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Proxy Authentication failed. Cannot authenticate user.").build());
            return;
        }
    }
    m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
    LOGGER.trace("Authorized to use REST service ({})", user);
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) Task(com.evolveum.midpoint.task.api.Task) AccessDeniedException(org.springframework.security.access.AccessDeniedException) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) DisabledException(org.springframework.security.authentication.DisabledException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) LockedException(org.springframework.security.authentication.LockedException) AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)

Aggregations

AuthenticationCredentialsNotFoundException (org.springframework.security.authentication.AuthenticationCredentialsNotFoundException)12 Test (org.junit.Test)6 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3 ITargetObject (org.springframework.security.ITargetObject)2 AuthenticationCredentialsNotFoundEvent (org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent)2 CredentialsExpiredException (org.springframework.security.authentication.CredentialsExpiredException)2 Authentication (org.springframework.security.core.Authentication)2 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1 ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)1 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1 Task (com.evolveum.midpoint.task.api.Task)1 CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)1 ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)1 ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)1 ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)1 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)1 SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)1 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1