Example 1 with LdapUserDetails
use of org.springframework.security.ldap.userdetails.LdapUserDetails in project nifi by apache.
the class LdapProvider method authenticate.
@Override
public final AuthenticationResponse authenticate(final LoginCredentials credentials) throws InvalidLoginCredentialsException, IdentityAccessException {
if (provider == null) {
throw new IdentityAccessException("The LDAP authentication provider is not initialized.");
}
try {
// perform the authentication
final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword());
final Authentication authentication = provider.authenticate(token);
// use dn if configured
if (IdentityStrategy.USE_DN.equals(identityStrategy)) {
// attempt to get the ldap user details to get the DN
if (authentication.getPrincipal() instanceof LdapUserDetails) {
final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal();
return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration, issuer);
} else {
logger.warn(String.format("Unable to determine user DN for %s, using username.", authentication.getName()));
return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
}
} else {
return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
}
} catch (final BadCredentialsException | UsernameNotFoundException | AuthenticationException e) {
throw new InvalidLoginCredentialsException(e.getMessage(), e);
} catch (final Exception e) {
// there appears to be a bug that generates a InternalAuthenticationServiceException wrapped around an AuthenticationException. this
// shouldn't be the case as they the service exception suggestions that something was wrong with the service. while the authentication
// exception suggests that username and/or credentials were incorrect. checking the cause seems to address this scenario.
final Throwable cause = e.getCause();
if (cause instanceof AuthenticationException) {
throw new InvalidLoginCredentialsException(e.getMessage(), e);
}
logger.error(e.getMessage());
if (logger.isDebugEnabled()) {
logger.debug(StringUtils.EMPTY, e);
}
throw new IdentityAccessException("Unable to validate the supplied credentials. Please contact the system administrator.", e);
}
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
AuthenticationException(org.springframework.ldap.AuthenticationException)
Authentication(org.springframework.security.core.Authentication)
InvalidLoginCredentialsException(org.apache.nifi.authentication.exception.InvalidLoginCredentialsException)
LdapUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
IdentityAccessException(org.apache.nifi.authentication.exception.IdentityAccessException)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationResponse(org.apache.nifi.authentication.AuthenticationResponse)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationException(org.springframework.ldap.AuthenticationException)
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
KeyStoreException(java.security.KeyStoreException)
IdentityAccessException(org.apache.nifi.authentication.exception.IdentityAccessException)
ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
ProviderDestructionException(org.apache.nifi.authentication.exception.ProviderDestructionException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
InvalidLoginCredentialsException(org.apache.nifi.authentication.exception.InvalidLoginCredentialsException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 2 with LdapUserDetails
use of org.springframework.security.ldap.userdetails.LdapUserDetails in project spring-security by spring-projects.
the class SpringSecurityAuthenticationSource method getPrincipal.
/**
* Get the principals of the logged in user, in this case the distinguished name.
* @return the distinguished name of the logged in user.
*/
@Override
public String getPrincipal() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
log.debug("Returning empty String as Principal since authentication is null");
return "";
}
Object principal = authentication.getPrincipal();
if (principal instanceof LdapUserDetails) {
LdapUserDetails details = (LdapUserDetails) principal;
return details.getDn();
}
if (authentication instanceof AnonymousAuthenticationToken) {
log.debug("Returning empty String as Principal since authentication is anonymous");
return "";
}
throw new IllegalArgumentException("The principal property of the authentication object" + "needs to be an LdapUserDetails.");
}
Also used :
Authentication(org.springframework.security.core.Authentication)
LdapUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
Example 3 with LdapUserDetails
use of org.springframework.security.ldap.userdetails.LdapUserDetails in project nifi-registry by apache.
the class LdapIdentityProvider method authenticate.
@Override
public AuthenticationResponse authenticate(AuthenticationRequest authenticationRequest) throws InvalidCredentialsException, IdentityAccessException {
if (authenticationRequest == null || StringUtils.isEmpty(authenticationRequest.getUsername())) {
logger.debug("Call to authenticate method with null or empty authenticationRequest, returning null without attempting to authenticate");
return null;
}
if (ldapAuthenticationProvider == null) {
throw new IdentityAccessException("The LDAP authentication provider is not initialized.");
}
try {
final String username = authenticationRequest.getUsername();
final Object credentials = authenticationRequest.getCredentials();
final String password = credentials != null && credentials instanceof String ? (String) credentials : null;
// perform the authentication
final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, credentials);
final Authentication authentication = ldapAuthenticationProvider.authenticate(token);
logger.debug("Created authentication token: {}", token.toString());
// use dn if configured
if (IdentityStrategy.USE_DN.equals(identityStrategy)) {
// attempt to get the ldap user details to get the DN
if (authentication.getPrincipal() instanceof LdapUserDetails) {
final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal();
return new AuthenticationResponse(userDetails.getDn(), username, expiration, issuer);
} else {
logger.warn(String.format("Unable to determine user DN for %s, using username.", authentication.getName()));
return new AuthenticationResponse(authentication.getName(), username, expiration, issuer);
}
} else {
return new AuthenticationResponse(authentication.getName(), username, expiration, issuer);
}
} catch (final BadCredentialsException | UsernameNotFoundException | AuthenticationException e) {
throw new InvalidCredentialsException(e.getMessage(), e);
} catch (final Exception e) {
// there appears to be a bug that generates a InternalAuthenticationServiceException wrapped around an AuthenticationException. this
// shouldn't be the case as they the service exception suggestions that something was wrong with the service. while the authentication
// exception suggests that username and/or credentials were incorrect. checking the cause seems to address this scenario.
final Throwable cause = e.getCause();
if (cause instanceof AuthenticationException) {
throw new InvalidCredentialsException(e.getMessage(), e);
}
logger.error(e.getMessage());
if (logger.isDebugEnabled()) {
logger.debug(StringUtils.EMPTY, e);
}
throw new IdentityAccessException("Unable to validate the supplied credentials. Please contact the system administrator.", e);
}
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
AuthenticationException(org.springframework.ldap.AuthenticationException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationResponse(org.apache.nifi.registry.security.authentication.AuthenticationResponse)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationException(org.springframework.ldap.AuthenticationException)
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
KeyStoreException(java.security.KeyStoreException)
IdentityAccessException(org.apache.nifi.registry.security.authentication.exception.IdentityAccessException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SecurityProviderDestructionException(org.apache.nifi.registry.security.exception.SecurityProviderDestructionException)
InvalidCredentialsException(org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException)
SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidCredentialsException(org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException)
Authentication(org.springframework.security.core.Authentication)
LdapUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails)
IdentityAccessException(org.apache.nifi.registry.security.authentication.exception.IdentityAccessException)
Aggregations
Authentication (org.springframework.security.core.Authentication)3
LdapUserDetails (org.springframework.security.ldap.userdetails.LdapUserDetails)3
IOException (java.io.IOException)2
KeyManagementException (java.security.KeyManagementException)2
KeyStoreException (java.security.KeyStoreException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
CertificateException (java.security.cert.CertificateException)2
AuthenticationException (org.springframework.ldap.AuthenticationException)2
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)2
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)2
AuthenticationResponse (org.apache.nifi.authentication.AuthenticationResponse)1
IdentityAccessException (org.apache.nifi.authentication.exception.IdentityAccessException)1
InvalidLoginCredentialsException (org.apache.nifi.authentication.exception.InvalidLoginCredentialsException)1
ProviderCreationException (org.apache.nifi.authentication.exception.ProviderCreationException)1
ProviderDestructionException (org.apache.nifi.authentication.exception.ProviderDestructionException)1
AuthenticationResponse (org.apache.nifi.registry.security.authentication.AuthenticationResponse)1
IdentityAccessException (org.apache.nifi.registry.security.authentication.exception.IdentityAccessException)1
InvalidCredentialsException (org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException)1
