Example 1 with BasicAuthInfo
use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.
the class AuthenticationFilter method processAuthenticatedSession.
private void processAuthenticatedSession(final PwmRequest pwmRequest, final PwmFilterChain chain) throws IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
// read the basic auth info out of the header (if it exists);
if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.BASIC_AUTH_ENABLED)) {
final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(pwmApplication, pwmRequest);
final BasicAuthInfo originalBasicAuthInfo = pwmSession.getLoginInfoBean().getBasicAuth();
// check to make sure basic auth info is same as currently known user in session.
if (basicAuthInfo != null && originalBasicAuthInfo != null && !(originalBasicAuthInfo.equals(basicAuthInfo))) {
// if we read here then user is using basic auth, and header has changed since last request
// this means something is screwy, so log out the session
// read the current user info for logging
final UserInfo userInfo = pwmSession.getUserInfo();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_BAD_SESSION, "basic auth header user '" + basicAuthInfo.getUsername() + "' does not match currently logged in user '" + userInfo.getUserIdentity() + "', session will be logged out");
LOGGER.info(pwmRequest, errorInformation);
// log out their user
pwmSession.unauthenticateUser(pwmRequest);
// send en error to user.
pwmRequest.respondWithError(errorInformation, true);
return;
}
}
// check status of oauth expiration
if (pwmSession.getLoginInfoBean().getOauthExp() != null) {
final OAuthSettings oauthSettings = OAuthSettings.forSSOAuthentication(pwmRequest.getConfig());
final OAuthMachine oAuthMachine = new OAuthMachine(oauthSettings);
if (oAuthMachine.checkOAuthExpiration(pwmRequest)) {
pwmRequest.respondWithError(new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, "oauth access token has expired"));
return;
}
}
handleAuthenticationCookie(pwmRequest);
if (forceRequiredRedirects(pwmRequest) == ProcessStatus.Halt) {
return;
}
// user session is authed, and session and auth header match, so forward request on.
chain.doFilter();
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmApplication(password.pwm.PwmApplication)
BasicAuthInfo(password.pwm.util.BasicAuthInfo)
UserInfo(password.pwm.ldap.UserInfo)
OAuthMachine(password.pwm.http.servlet.oauth.OAuthMachine)
OAuthSettings(password.pwm.http.servlet.oauth.OAuthSettings)
PwmSession(password.pwm.http.PwmSession)
Example 2 with BasicAuthInfo
use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.
the class RestAuthenticationProcessor method readNamedSecretName.
private String readNamedSecretName() throws PwmUnrecoverableException {
final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(pwmApplication, httpServletRequest);
if (basicAuthInfo != null) {
final String basicAuthUsername = basicAuthInfo.getUsername();
final Map<String, NamedSecretData> secrets = pwmApplication.getConfig().readSettingAsNamedPasswords(PwmSetting.WEBSERVICES_EXTERNAL_SECRET);
final NamedSecretData namedSecretData = secrets.get(basicAuthUsername);
if (namedSecretData != null) {
if (namedSecretData.getPassword().equals(basicAuthInfo.getPassword())) {
return basicAuthUsername;
}
throw PwmUnrecoverableException.newException(PwmError.ERROR_WRONGPASSWORD, "incorrect password value for named secret");
}
}
return null;
}
Also used :
NamedSecretData(password.pwm.config.value.data.NamedSecretData)
BasicAuthInfo(password.pwm.util.BasicAuthInfo)
Example 3 with BasicAuthInfo
use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.
the class RestAuthenticationProcessor method authenticateUser.
private ChaiProvider authenticateUser(final UserIdentity userIdentity) throws PwmUnrecoverableException {
final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(pwmApplication, httpServletRequest);
final AuthenticationResult authenticationResult = SimpleLdapAuthenticator.authenticateUser(pwmApplication, sessionLabel, userIdentity, basicAuthInfo.getPassword());
return authenticationResult.getUserProvider();
}
Also used :
BasicAuthInfo(password.pwm.util.BasicAuthInfo)
AuthenticationResult(password.pwm.ldap.auth.AuthenticationResult)
Example 4 with BasicAuthInfo
use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.
the class RestAuthenticationProcessor method readLdapUserIdentity.
private UserIdentity readLdapUserIdentity() throws PwmUnrecoverableException {
final BasicAuthInfo basicAuthInfo = BasicAuthInfo.parseAuthHeader(pwmApplication, httpServletRequest);
if (basicAuthInfo == null) {
return null;
}
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
try {
return userSearchEngine.resolveUsername(basicAuthInfo.getUsername(), null, null, sessionLabel);
} catch (PwmOperationalException e) {
throw new PwmUnrecoverableException(e.getErrorInformation().wrapWithNewErrorCode(PwmError.ERROR_WRONGPASSWORD));
}
}
Also used :
UserSearchEngine(password.pwm.ldap.search.UserSearchEngine)
BasicAuthInfo(password.pwm.util.BasicAuthInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 5 with BasicAuthInfo
use of password.pwm.util.BasicAuthInfo in project pwm by pwm-project.
the class OAuthMachine method makeHttpRequest.
private static PwmHttpClientResponse makeHttpRequest(final PwmRequest pwmRequest, final String debugText, final OAuthSettings settings, final String requestUrl, final Map<String, String> requestParams) throws PwmUnrecoverableException {
final String requestBody = PwmURL.appendAndEncodeUrlParameters("", requestParams);
final List<X509Certificate> certs = settings.getCertificates();
final PwmHttpClientRequest pwmHttpClientRequest;
{
final Map<String, String> headers = new HashMap<>();
headers.put(HttpHeader.Authorization.getHttpName(), new BasicAuthInfo(settings.getClientID(), settings.getSecret()).toAuthHeader());
headers.put(HttpHeader.Content_Type.getHttpName(), HttpContentType.form.getHeaderValue());
pwmHttpClientRequest = new PwmHttpClientRequest(HttpMethod.POST, requestUrl, requestBody, headers);
}
final PwmHttpClientResponse pwmHttpClientResponse;
try {
final PwmHttpClientConfiguration config = PwmHttpClientConfiguration.builder().certificates(JavaHelper.isEmpty(certs) ? null : certs).maskBodyDebugOutput(true).build();
final PwmHttpClient pwmHttpClient = new PwmHttpClient(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), config);
pwmHttpClientResponse = pwmHttpClient.makeRequest(pwmHttpClientRequest);
} catch (PwmException e) {
final String errorMsg = "error during " + debugText + " http request to oauth server, remote error: " + e.getErrorInformation().toDebugStr();
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, errorMsg));
}
if (pwmHttpClientResponse.getStatusCode() != HttpStatus.SC_OK) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_OAUTH_ERROR, "unexpected HTTP status code (" + pwmHttpClientResponse.getStatusCode() + ") during " + debugText + " request to " + requestUrl));
}
return pwmHttpClientResponse;
}
Also used :
PwmHttpClientRequest(password.pwm.http.client.PwmHttpClientRequest)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmHttpClientResponse(password.pwm.http.client.PwmHttpClientResponse)
X509Certificate(java.security.cert.X509Certificate)
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmHttpClient(password.pwm.http.client.PwmHttpClient)
PwmHttpClientConfiguration(password.pwm.http.client.PwmHttpClientConfiguration)
BasicAuthInfo(password.pwm.util.BasicAuthInfo)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Aggregations
BasicAuthInfo (password.pwm.util.BasicAuthInfo)8
ErrorInformation (password.pwm.error.ErrorInformation)5
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)5
LinkedHashMap (java.util.LinkedHashMap)3
Map (java.util.Map)3
PwmException (password.pwm.error.PwmException)3
PwmHttpClientRequest (password.pwm.http.client.PwmHttpClientRequest)3
PwmHttpClientResponse (password.pwm.http.client.PwmHttpClientResponse)3
PasswordData (password.pwm.util.PasswordData)3
PwmOperationalException (password.pwm.error.PwmOperationalException)2
PwmHttpClient (password.pwm.http.client.PwmHttpClient)2
PwmHttpClientConfiguration (password.pwm.http.client.PwmHttpClientConfiguration)2
UserInfo (password.pwm.ldap.UserInfo)2
IOException (java.io.IOException)1
X509Certificate (java.security.cert.X509Certificate)1
HashMap (java.util.HashMap)1
PwmApplication (password.pwm.PwmApplication)1
PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)1
NamedSecretData (password.pwm.config.value.data.NamedSecretData)1
HttpMethod (password.pwm.http.HttpMethod)1
