Example 11 with LockedException
use of org.springframework.security.authentication.LockedException in project dhis2-core by dhis2.
the class TwoFactorAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication auth) throws AuthenticationException {
log.debug(String.format("Login attempt: %s", auth.getName()));
String username = auth.getName();
User user = userService.getUserWithEagerFetchAuthorities(username);
if (user == null) {
throw new BadCredentialsException("Invalid username or password");
}
// Initialize all required properties of user credentials since these
// will become detached
user.getAllAuthorities();
if (user.isTwoFA() && auth.getDetails() instanceof TwoFactorWebAuthenticationDetails) {
TwoFactorWebAuthenticationDetails authDetails = (TwoFactorWebAuthenticationDetails) auth.getDetails();
if (authDetails == null) {
log.info("Missing authentication details in authentication request.");
throw new PreAuthenticatedCredentialsNotFoundException("Missing authentication details in authentication request.");
}
String ip = authDetails.getIp();
String code = StringUtils.deleteWhitespace(authDetails.getCode());
if (securityService.isLocked(username)) {
log.debug(String.format("Temporary lockout for user: %s and IP: %s", username, ip));
throw new LockedException(String.format("IP is temporarily locked: %s", ip));
}
if (!LongValidator.getInstance().isValid(code) || !SecurityUtils.verify(user, code)) {
log.debug(String.format("Two-factor authentication failure for user: %s", user.getUsername()));
throw new BadCredentialsException("Invalid verification code");
}
} else if (user.isTwoFA() && !(auth.getDetails() instanceof TwoFactorWebAuthenticationDetails)) {
throw new BadCredentialsException("Can't authenticate non form based login with 2FA enabled");
}
// -------------------------------------------------------------------------
// Delegate authentication downstream, using User as
// principal
// -------------------------------------------------------------------------
Authentication result = super.authenticate(auth);
// Put detached state of the user credentials into the session as user
// must not be updated during session execution
user = SerializationUtils.clone(user);
// Initialize cached authorities
user.isSuper();
user.getAllAuthorities();
return new UsernamePasswordAuthenticationToken(user, result.getCredentials(), result.getAuthorities());
}
Also used :
PreAuthenticatedCredentialsNotFoundException(org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException)
User(org.hisp.dhis.user.User)
LockedException(org.springframework.security.authentication.LockedException)
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
Example 12 with LockedException
use of org.springframework.security.authentication.LockedException in project OpenClinica by OpenClinica.
the class OpenClinicaUsernamePasswordAuthenticationFilter method attemptAuthentication.
// ~ Methods ========================================================================================================
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
}
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
// Place the last username attempted into HttpSession for views
HttpSession session = request.getSession(false);
if (session != null || getAllowSessionCreation()) {
request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, TextEscapeUtils.escapeEntities(username));
}
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
Authentication authentication = null;
UserAccountBean userAccountBean = null;
ResourceBundleProvider.updateLocale(new Locale("en_US"));
try {
EntityBean eb = getUserAccountDao().findByUserName(username);
userAccountBean = eb.getId() != 0 ? (UserAccountBean) eb : null;
authentication = this.getAuthenticationManager().authenticate(authRequest);
auditUserLogin(username, LoginStatus.SUCCESSFUL_LOGIN, userAccountBean);
resetLockCounter(username, LoginStatus.SUCCESSFUL_LOGIN, userAccountBean);
} catch (LockedException le) {
auditUserLogin(username, LoginStatus.FAILED_LOGIN_LOCKED, userAccountBean);
throw le;
} catch (BadCredentialsException au) {
auditUserLogin(username, LoginStatus.FAILED_LOGIN, userAccountBean);
lockAccount(username, LoginStatus.FAILED_LOGIN, userAccountBean);
throw au;
} catch (AuthenticationException ae) {
throw ae;
}
return authentication;
}
Also used :
Locale(java.util.Locale)
LockedException(org.springframework.security.authentication.LockedException)
AuthenticationException(org.springframework.security.core.AuthenticationException)
HttpSession(javax.servlet.http.HttpSession)
Authentication(org.springframework.security.core.Authentication)
EntityBean(org.akaza.openclinica.bean.core.EntityBean)
UserAccountBean(org.akaza.openclinica.bean.login.UserAccountBean)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Aggregations
LockedException (org.springframework.security.authentication.LockedException)12
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)6
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)6
Authentication (org.springframework.security.core.Authentication)4
AuthenticationException (org.springframework.security.core.AuthenticationException)3
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)2
AccountLockedException (com.haulmont.cuba.security.global.AccountLockedException)2
LoginException (com.haulmont.cuba.security.global.LoginException)2
Locale (java.util.Locale)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpSession (javax.servlet.http.HttpSession)2
Test (org.junit.Test)2
Test (org.junit.jupiter.api.Test)2
AuthenticationCredentialsNotFoundException (org.springframework.security.authentication.AuthenticationCredentialsNotFoundException)2
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1
ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)1
Task (com.evolveum.midpoint.task.api.Task)1
CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)1
ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)1
