use of org.springframework.security.ldap.userdetails.LdapUserDetails in project nifi by apache.
the class LdapProvider method authenticate.
@Override
public final AuthenticationResponse authenticate(final LoginCredentials credentials) throws InvalidLoginCredentialsException, IdentityAccessException {
if (provider == null) {
throw new IdentityAccessException("The LDAP authentication provider is not initialized.");
}
try {
// perform the authentication
final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword());
final Authentication authentication = provider.authenticate(token);
// use dn if configured
if (IdentityStrategy.USE_DN.equals(identityStrategy)) {
// attempt to get the ldap user details to get the DN
if (authentication.getPrincipal() instanceof LdapUserDetails) {
final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal();
return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration, issuer);
} else {
logger.warn(String.format("Unable to determine user DN for %s, using username.", authentication.getName()));
return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
}
} else {
return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
}
} catch (final BadCredentialsException | UsernameNotFoundException | AuthenticationException e) {
throw new InvalidLoginCredentialsException(e.getMessage(), e);
} catch (final Exception e) {
// there appears to be a bug that generates a InternalAuthenticationServiceException wrapped around an AuthenticationException. this
// shouldn't be the case as they the service exception suggestions that something was wrong with the service. while the authentication
// exception suggests that username and/or credentials were incorrect. checking the cause seems to address this scenario.
final Throwable cause = e.getCause();
if (cause instanceof AuthenticationException) {
throw new InvalidLoginCredentialsException(e.getMessage(), e);
}
logger.error(e.getMessage());
if (logger.isDebugEnabled()) {
logger.debug(StringUtils.EMPTY, e);
}
throw new IdentityAccessException("Unable to validate the supplied credentials. Please contact the system administrator.", e);
}
}
use of org.springframework.security.ldap.userdetails.LdapUserDetails in project spring-security by spring-projects.
the class SpringSecurityAuthenticationSource method getPrincipal.
/**
* Get the principals of the logged in user, in this case the distinguished name.
* @return the distinguished name of the logged in user.
*/
@Override
public String getPrincipal() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
log.debug("Returning empty String as Principal since authentication is null");
return "";
}
Object principal = authentication.getPrincipal();
if (principal instanceof LdapUserDetails) {
LdapUserDetails details = (LdapUserDetails) principal;
return details.getDn();
}
if (authentication instanceof AnonymousAuthenticationToken) {
log.debug("Returning empty String as Principal since authentication is anonymous");
return "";
}
throw new IllegalArgumentException("The principal property of the authentication object" + "needs to be an LdapUserDetails.");
}
use of org.springframework.security.ldap.userdetails.LdapUserDetails in project nifi-registry by apache.
the class LdapIdentityProvider method authenticate.
@Override
public AuthenticationResponse authenticate(AuthenticationRequest authenticationRequest) throws InvalidCredentialsException, IdentityAccessException {
if (authenticationRequest == null || StringUtils.isEmpty(authenticationRequest.getUsername())) {
logger.debug("Call to authenticate method with null or empty authenticationRequest, returning null without attempting to authenticate");
return null;
}
if (ldapAuthenticationProvider == null) {
throw new IdentityAccessException("The LDAP authentication provider is not initialized.");
}
try {
final String username = authenticationRequest.getUsername();
final Object credentials = authenticationRequest.getCredentials();
final String password = credentials != null && credentials instanceof String ? (String) credentials : null;
// perform the authentication
final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, credentials);
final Authentication authentication = ldapAuthenticationProvider.authenticate(token);
logger.debug("Created authentication token: {}", token.toString());
// use dn if configured
if (IdentityStrategy.USE_DN.equals(identityStrategy)) {
// attempt to get the ldap user details to get the DN
if (authentication.getPrincipal() instanceof LdapUserDetails) {
final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal();
return new AuthenticationResponse(userDetails.getDn(), username, expiration, issuer);
} else {
logger.warn(String.format("Unable to determine user DN for %s, using username.", authentication.getName()));
return new AuthenticationResponse(authentication.getName(), username, expiration, issuer);
}
} else {
return new AuthenticationResponse(authentication.getName(), username, expiration, issuer);
}
} catch (final BadCredentialsException | UsernameNotFoundException | AuthenticationException e) {
throw new InvalidCredentialsException(e.getMessage(), e);
} catch (final Exception e) {
// there appears to be a bug that generates a InternalAuthenticationServiceException wrapped around an AuthenticationException. this
// shouldn't be the case as they the service exception suggestions that something was wrong with the service. while the authentication
// exception suggests that username and/or credentials were incorrect. checking the cause seems to address this scenario.
final Throwable cause = e.getCause();
if (cause instanceof AuthenticationException) {
throw new InvalidCredentialsException(e.getMessage(), e);
}
logger.error(e.getMessage());
if (logger.isDebugEnabled()) {
logger.debug(StringUtils.EMPTY, e);
}
throw new IdentityAccessException("Unable to validate the supplied credentials. Please contact the system administrator.", e);
}
}
Aggregations