Search in sources :

Example 1 with LdapUserDetails

use of org.springframework.security.ldap.userdetails.LdapUserDetails in project nifi by apache.

the class LdapProvider method authenticate.

@Override
public final AuthenticationResponse authenticate(final LoginCredentials credentials) throws InvalidLoginCredentialsException, IdentityAccessException {
    if (provider == null) {
        throw new IdentityAccessException("The LDAP authentication provider is not initialized.");
    }
    try {
        // perform the authentication
        final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword());
        final Authentication authentication = provider.authenticate(token);
        // use dn if configured
        if (IdentityStrategy.USE_DN.equals(identityStrategy)) {
            // attempt to get the ldap user details to get the DN
            if (authentication.getPrincipal() instanceof LdapUserDetails) {
                final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal();
                return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration, issuer);
            } else {
                logger.warn(String.format("Unable to determine user DN for %s, using username.", authentication.getName()));
                return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
            }
        } else {
            return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
        }
    } catch (final BadCredentialsException | UsernameNotFoundException | AuthenticationException e) {
        throw new InvalidLoginCredentialsException(e.getMessage(), e);
    } catch (final Exception e) {
        // there appears to be a bug that generates a InternalAuthenticationServiceException wrapped around an AuthenticationException. this
        // shouldn't be the case as they the service exception suggestions that something was wrong with the service. while the authentication
        // exception suggests that username and/or credentials were incorrect. checking the cause seems to address this scenario.
        final Throwable cause = e.getCause();
        if (cause instanceof AuthenticationException) {
            throw new InvalidLoginCredentialsException(e.getMessage(), e);
        }
        logger.error(e.getMessage());
        if (logger.isDebugEnabled()) {
            logger.debug(StringUtils.EMPTY, e);
        }
        throw new IdentityAccessException("Unable to validate the supplied credentials. Please contact the system administrator.", e);
    }
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) AuthenticationException(org.springframework.ldap.AuthenticationException) Authentication(org.springframework.security.core.Authentication) InvalidLoginCredentialsException(org.apache.nifi.authentication.exception.InvalidLoginCredentialsException) LdapUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) IdentityAccessException(org.apache.nifi.authentication.exception.IdentityAccessException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationResponse(org.apache.nifi.authentication.AuthenticationResponse) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.ldap.AuthenticationException) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) KeyStoreException(java.security.KeyStoreException) IdentityAccessException(org.apache.nifi.authentication.exception.IdentityAccessException) ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) ProviderDestructionException(org.apache.nifi.authentication.exception.ProviderDestructionException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) InvalidLoginCredentialsException(org.apache.nifi.authentication.exception.InvalidLoginCredentialsException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 2 with LdapUserDetails

use of org.springframework.security.ldap.userdetails.LdapUserDetails in project spring-security by spring-projects.

the class SpringSecurityAuthenticationSource method getPrincipal.

/**
 * Get the principals of the logged in user, in this case the distinguished name.
 * @return the distinguished name of the logged in user.
 */
@Override
public String getPrincipal() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        log.debug("Returning empty String as Principal since authentication is null");
        return "";
    }
    Object principal = authentication.getPrincipal();
    if (principal instanceof LdapUserDetails) {
        LdapUserDetails details = (LdapUserDetails) principal;
        return details.getDn();
    }
    if (authentication instanceof AnonymousAuthenticationToken) {
        log.debug("Returning empty String as Principal since authentication is anonymous");
        return "";
    }
    throw new IllegalArgumentException("The principal property of the authentication object" + "needs to be an LdapUserDetails.");
}
Also used : Authentication(org.springframework.security.core.Authentication) LdapUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)

Example 3 with LdapUserDetails

use of org.springframework.security.ldap.userdetails.LdapUserDetails in project nifi-registry by apache.

the class LdapIdentityProvider method authenticate.

@Override
public AuthenticationResponse authenticate(AuthenticationRequest authenticationRequest) throws InvalidCredentialsException, IdentityAccessException {
    if (authenticationRequest == null || StringUtils.isEmpty(authenticationRequest.getUsername())) {
        logger.debug("Call to authenticate method with null or empty authenticationRequest, returning null without attempting to authenticate");
        return null;
    }
    if (ldapAuthenticationProvider == null) {
        throw new IdentityAccessException("The LDAP authentication provider is not initialized.");
    }
    try {
        final String username = authenticationRequest.getUsername();
        final Object credentials = authenticationRequest.getCredentials();
        final String password = credentials != null && credentials instanceof String ? (String) credentials : null;
        // perform the authentication
        final UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, credentials);
        final Authentication authentication = ldapAuthenticationProvider.authenticate(token);
        logger.debug("Created authentication token: {}", token.toString());
        // use dn if configured
        if (IdentityStrategy.USE_DN.equals(identityStrategy)) {
            // attempt to get the ldap user details to get the DN
            if (authentication.getPrincipal() instanceof LdapUserDetails) {
                final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal();
                return new AuthenticationResponse(userDetails.getDn(), username, expiration, issuer);
            } else {
                logger.warn(String.format("Unable to determine user DN for %s, using username.", authentication.getName()));
                return new AuthenticationResponse(authentication.getName(), username, expiration, issuer);
            }
        } else {
            return new AuthenticationResponse(authentication.getName(), username, expiration, issuer);
        }
    } catch (final BadCredentialsException | UsernameNotFoundException | AuthenticationException e) {
        throw new InvalidCredentialsException(e.getMessage(), e);
    } catch (final Exception e) {
        // there appears to be a bug that generates a InternalAuthenticationServiceException wrapped around an AuthenticationException. this
        // shouldn't be the case as they the service exception suggestions that something was wrong with the service. while the authentication
        // exception suggests that username and/or credentials were incorrect. checking the cause seems to address this scenario.
        final Throwable cause = e.getCause();
        if (cause instanceof AuthenticationException) {
            throw new InvalidCredentialsException(e.getMessage(), e);
        }
        logger.error(e.getMessage());
        if (logger.isDebugEnabled()) {
            logger.debug(StringUtils.EMPTY, e);
        }
        throw new IdentityAccessException("Unable to validate the supplied credentials. Please contact the system administrator.", e);
    }
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) AuthenticationException(org.springframework.ldap.AuthenticationException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationResponse(org.apache.nifi.registry.security.authentication.AuthenticationResponse) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.ldap.AuthenticationException) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) KeyStoreException(java.security.KeyStoreException) IdentityAccessException(org.apache.nifi.registry.security.authentication.exception.IdentityAccessException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) SecurityProviderDestructionException(org.apache.nifi.registry.security.exception.SecurityProviderDestructionException) InvalidCredentialsException(org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException) SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidCredentialsException(org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException) Authentication(org.springframework.security.core.Authentication) LdapUserDetails(org.springframework.security.ldap.userdetails.LdapUserDetails) IdentityAccessException(org.apache.nifi.registry.security.authentication.exception.IdentityAccessException)

Aggregations

Authentication (org.springframework.security.core.Authentication)3 LdapUserDetails (org.springframework.security.ldap.userdetails.LdapUserDetails)3 IOException (java.io.IOException)2 KeyManagementException (java.security.KeyManagementException)2 KeyStoreException (java.security.KeyStoreException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 UnrecoverableKeyException (java.security.UnrecoverableKeyException)2 CertificateException (java.security.cert.CertificateException)2 AuthenticationException (org.springframework.ldap.AuthenticationException)2 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)2 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)2 AuthenticationResponse (org.apache.nifi.authentication.AuthenticationResponse)1 IdentityAccessException (org.apache.nifi.authentication.exception.IdentityAccessException)1 InvalidLoginCredentialsException (org.apache.nifi.authentication.exception.InvalidLoginCredentialsException)1 ProviderCreationException (org.apache.nifi.authentication.exception.ProviderCreationException)1 ProviderDestructionException (org.apache.nifi.authentication.exception.ProviderDestructionException)1 AuthenticationResponse (org.apache.nifi.registry.security.authentication.AuthenticationResponse)1 IdentityAccessException (org.apache.nifi.registry.security.authentication.exception.IdentityAccessException)1 InvalidCredentialsException (org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException)1