Examples with APIKeyMgtRemoteUserStoreMgtServiceAPIManagementException org.wso2.carbon.apimgt.keymgt.stub.usermanager.APIKeyMgtRemoteUserStoreMgtServiceAPIManagementException used on opensource projects

Example 1 with APIKeyMgtRemoteUserStoreMgtServiceAPIManagementException

use of org.wso2.carbon.apimgt.keymgt.stub.usermanager.APIKeyMgtRemoteUserStoreMgtServiceAPIManagementException in project carbon-apimgt by wso2.

the class BasicAuthCredentialValidator method validate.

/**
 * Validates the given username and password against the users in the user store.
 *
 * @param username given username
 * @param password given password
 * @return true if the validation passed
 * @throws APISecurityException If an authentication failure or some other error occurs
 */
@MethodStats
public BasicAuthValidationInfoDTO validate(String username, String password) throws APISecurityException {
    boolean isAuthenticated;
    String cachedPasswordHash = null;
    String providedPasswordHash = null;
    String invalidCachedPasswordHash;
    if (gatewayKeyCacheEnabled) {
        providedPasswordHash = GatewayUtils.hashString(password.getBytes(StandardCharsets.UTF_8));
        BasicAuthValidationInfoDTO cachedValidationInfoObj = (BasicAuthValidationInfoDTO) getGatewayUsernameCache().get(username);
        if (cachedValidationInfoObj != null) {
            cachedPasswordHash = cachedValidationInfoObj.getHashedPassword();
            cachedValidationInfoObj.setCached(true);
        }
        if (cachedPasswordHash != null && cachedPasswordHash.equals(providedPasswordHash)) {
            log.debug("Basic Authentication: <Valid Username Cache> Username & password authenticated");
            return cachedValidationInfoObj;
        } else {
            BasicAuthValidationInfoDTO invalidCacheValidationInfoObj = (BasicAuthValidationInfoDTO) getInvalidUsernameCache().get(username);
            if (invalidCacheValidationInfoObj != null) {
                invalidCacheValidationInfoObj.setCached(true);
                invalidCachedPasswordHash = invalidCacheValidationInfoObj.getHashedPassword();
                if (invalidCachedPasswordHash != null && invalidCachedPasswordHash.equals(providedPasswordHash)) {
                    log.debug("Basic Authentication: <Invalid Username Cache> Username & password authentication failed");
                    invalidCacheValidationInfoObj.setAuthenticated(// If (username->password) is in the invalid cache
                    false);
                    return invalidCacheValidationInfoObj;
                }
            }
        }
    }
    BasicAuthValidationInfoDTO basicAuthValidationInfoDTO;
    try {
        org.wso2.carbon.apimgt.impl.dto.xsd.BasicAuthValidationInfoDTO generatedInfoDTO = apiKeyMgtRemoteUserStoreMgtServiceStub.getUserAuthenticationInfo(username, password);
        basicAuthValidationInfoDTO = convertToDTO(generatedInfoDTO);
        isAuthenticated = basicAuthValidationInfoDTO.isAuthenticated();
    } catch (APIKeyMgtRemoteUserStoreMgtServiceAPIManagementException | RemoteException e) {
        log.error("Basic Authentication: Error while accessing backend services to validate user authentication for user : " + username);
        throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, e.getMessage(), e);
    }
    if (gatewayKeyCacheEnabled) {
        basicAuthValidationInfoDTO.setHashedPassword(providedPasswordHash);
        if (isAuthenticated) {
            // put (username->password) into the valid cache
            getGatewayUsernameCache().put(username, basicAuthValidationInfoDTO);
        } else {
            // put (username->password) into the invalid cache
            getInvalidUsernameCache().put(username, basicAuthValidationInfoDTO);
        }
    }
    return basicAuthValidationInfoDTO;
}