Search in sources :

Example 1 with BasicAuthInfo

use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.

the class AuthenticationFilter method processAuthenticatedSession.

private void processAuthenticatedSession(final PwmRequest pwmRequest, final PwmFilterChain chain) throws IOException, ServletException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    // read the basic auth info out of the header (if it exists);
    if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.BASIC_AUTH_ENABLED)) {
        final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(pwmApplication, pwmRequest);
        final BasicAuthInfo originalBasicAuthInfo = pwmSession.getLoginInfoBean().getBasicAuth();
        // check to make sure basic auth info is same as currently known user in session.
        if (basicAuthInfo != null && originalBasicAuthInfo != null && !(originalBasicAuthInfo.equals(basicAuthInfo))) {
            // if we read here then user is using basic auth, and header has changed since last request
            // this means something is screwy, so log out the session
            // read the current user info for logging
            final UserInfo userInfo = pwmSession.getUserInfo();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, "basic auth header user '" + basicAuthInfo.getUsername() + "' does not match currently logged in user '" + userInfo.getUserIdentity() + "', session will be logged out");
            LOGGER.info(pwmRequest, errorInformation);
            // log out their user
            pwmSession.unauthenticateUser(pwmRequest);
            // send en error to user.
            pwmRequest.respondWithError(errorInformation, true);
            return;
        }
    }
    // check status of oauth expiration
    if (pwmSession.getLoginInfoBean().getOauthExp() != null) {
        final OAuthSettings oauthSettings = OAuthSettings.forSSOAuthentication(pwmRequest.getConfig());
        final OAuthMachine oAuthMachine = new OAuthMachine(oauthSettings);
        if (oAuthMachine.checkOAuthExpiration(pwmRequest)) {
            pwmRequest.respondWithError(new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, "oauth access token has expired"));
            return;
        }
    }
    handleAuthenticationCookie(pwmRequest);
    if (forceRequiredRedirects(pwmRequest) == ProcessStatus.Halt) {
        return;
    }
    // user session is authed, and session and auth header match, so forward request on.
    chain.doFilter();
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmApplication(password.pwm.PwmApplication) BasicAuthInfo(password.pwm.util.BasicAuthInfo) UserInfo(password.pwm.ldap.UserInfo) OAuthMachine(password.pwm.http.servlet.oauth.OAuthMachine) OAuthSettings(password.pwm.http.servlet.oauth.OAuthSettings) PwmSession(password.pwm.http.PwmSession)

Example 2 with BasicAuthInfo

use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.

the class RestAuthenticationProcessor method readNamedSecretName.

private String readNamedSecretName() throws PwmUnrecoverableException {
    final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(pwmApplication, httpServletRequest);
    if (basicAuthInfo != null) {
        final String basicAuthUsername = basicAuthInfo.getUsername();
        final Map<String, NamedSecretData> secrets = pwmApplication.getConfig().readSettingAsNamedPasswords(PwmSetting.WEBSERVICES_EXTERNAL_SECRET);
        final NamedSecretData namedSecretData = secrets.get(basicAuthUsername);
        if (namedSecretData != null) {
            if (namedSecretData.getPassword().equals(basicAuthInfo.getPassword())) {
                return basicAuthUsername;
            }
            throw PwmUnrecoverableException.newException(PwmError.ERROR_WRONGPASSWORD, "incorrect password value for named secret");
        }
    }
    return null;
}
Also used : NamedSecretData(password.pwm.config.value.data.NamedSecretData) BasicAuthInfo(password.pwm.util.BasicAuthInfo)

Example 3 with BasicAuthInfo

use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.

the class RestAuthenticationProcessor method authenticateUser.

private ChaiProvider authenticateUser(final UserIdentity userIdentity) throws PwmUnrecoverableException {
    final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(pwmApplication, httpServletRequest);
    final AuthenticationResult authenticationResult = SimpleLdapAuthenticator.authenticateUser(pwmApplication, sessionLabel, userIdentity, basicAuthInfo.getPassword());
    return authenticationResult.getUserProvider();
}
Also used : BasicAuthInfo(password.pwm.util.BasicAuthInfo) AuthenticationResult(password.pwm.ldap.auth.AuthenticationResult)

Example 4 with BasicAuthInfo

use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.

the class RestAuthenticationProcessor method readLdapUserIdentity.

private UserIdentity readLdapUserIdentity() throws PwmUnrecoverableException {
    final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(pwmApplication, httpServletRequest);
    if (basicAuthInfo == null) {
        return null;
    }
    final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
    try {
        return userSearchEngine.resolveUsername(basicAuthInfo.getUsername(), null, null, sessionLabel);
    } catch (PwmOperationalException e) {
        throw new PwmUnrecoverableException(e.getErrorInformation().wrapWithNewErrorCode(PwmError.ERROR_WRONGPASSWORD));
    }
}
Also used : UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) BasicAuthInfo(password.pwm.util.BasicAuthInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 5 with BasicAuthInfo

use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.

the class OAuthMachine method makeHttpRequest.

private static PwmHttpClientResponse makeHttpRequest(final PwmRequest pwmRequest, final String debugText, final OAuthSettings settings, final String requestUrl, final Map<String, String> requestParams) throws PwmUnrecoverableException {
    final String requestBody = PwmURL.appendAndEncodeUrlParameters("", requestParams);
    final List<X509Certificate> certs = settings.getCertificates();
    final PwmHttpClientRequest pwmHttpClientRequest;
    {
        final Map<String, String> headers = new HashMap<>();
        headers.put(HttpHeader.Authorization.getHttpName(), new BasicAuthInfo(settings.getClientID(), settings.getSecret()).toAuthHeader());
        headers.put(HttpHeader.Content_Type.getHttpName(), HttpContentType.form.getHeaderValue());
        pwmHttpClientRequest = new PwmHttpClientRequest(HttpMethod.POST, requestUrl, requestBody, headers);
    }
    final PwmHttpClientResponse pwmHttpClientResponse;
    try {
        final PwmHttpClientConfiguration config = PwmHttpClientConfiguration.builder().certificates(JavaHelper.isEmpty(certs) ? null : certs).maskBodyDebugOutput(true).build();
        final PwmHttpClient pwmHttpClient = new PwmHttpClient(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), config);
        pwmHttpClientResponse = pwmHttpClient.makeRequest(pwmHttpClientRequest);
    } catch (PwmException e) {
        final String errorMsg = "error during " + debugText + " http request to oauth server, remote error: " + e.getErrorInformation().toDebugStr();
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg));
    }
    if (pwmHttpClientResponse.getStatusCode() != HttpStatus.SC_OK) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, "unexpected HTTP status code (" + pwmHttpClientResponse.getStatusCode() + ") during " + debugText + " request to " + requestUrl));
    }
    return pwmHttpClientResponse;
}
Also used : PwmHttpClientRequest(password.pwm.http.client.PwmHttpClientRequest) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmHttpClientResponse(password.pwm.http.client.PwmHttpClientResponse) X509Certificate(java.security.cert.X509Certificate) PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) PwmHttpClient(password.pwm.http.client.PwmHttpClient) PwmHttpClientConfiguration(password.pwm.http.client.PwmHttpClientConfiguration) BasicAuthInfo(password.pwm.util.BasicAuthInfo) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Aggregations

BasicAuthInfo (password.pwm.util.BasicAuthInfo)8 ErrorInformation (password.pwm.error.ErrorInformation)5 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)5 LinkedHashMap (java.util.LinkedHashMap)3 Map (java.util.Map)3 PwmException (password.pwm.error.PwmException)3 PwmHttpClientRequest (password.pwm.http.client.PwmHttpClientRequest)3 PwmHttpClientResponse (password.pwm.http.client.PwmHttpClientResponse)3 PasswordData (password.pwm.util.PasswordData)3 PwmOperationalException (password.pwm.error.PwmOperationalException)2 PwmHttpClient (password.pwm.http.client.PwmHttpClient)2 PwmHttpClientConfiguration (password.pwm.http.client.PwmHttpClientConfiguration)2 UserInfo (password.pwm.ldap.UserInfo)2 IOException (java.io.IOException)1 X509Certificate (java.security.cert.X509Certificate)1 HashMap (java.util.HashMap)1 PwmApplication (password.pwm.PwmApplication)1 PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)1 NamedSecretData (password.pwm.config.value.data.NamedSecretData)1 HttpMethod (password.pwm.http.HttpMethod)1