/** {@inheritDoc} */ @Override @Nonnull protected Subject populateSubject(@Nonnull final Subject subject) { if (!preserveTicket) { subject.getPrivateCredentials().clear(); } return super.populateSubject(subject); }
/** Constructor. */ public AbstractUsernamePasswordValidationAction() { removeContextAfterValidation = true; setMetricName(DEFAULT_METRIC_NAME); }
log.info("{} No UsernamePasswordContext available within authentication context", getLogPrefix()); handleError(profileRequestContext, authenticationContext, "NoCredentials", AuthnEventIds.NO_CREDENTIALS); recordFailure(); return false; } else if (upContext.getUsername() == null) { log.info("{} No username available within UsernamePasswordContext", getLogPrefix()); handleError(profileRequestContext, authenticationContext, "NoCredentials", AuthnEventIds.NO_CREDENTIALS); recordFailure(); return false; } else if (upContext.getPassword() == null) { log.info("{} No password available within UsernamePasswordContext", getLogPrefix()); handleError(profileRequestContext, authenticationContext, AuthnEventIds.INVALID_CREDENTIALS, AuthnEventIds.INVALID_CREDENTIALS); recordFailure(); return false; log.debug("{} Username '{}' did not match expression", getLogPrefix(), upContext.getUsername()); handleError(profileRequestContext, authenticationContext, AuthnEventIds.INVALID_CREDENTIALS, AuthnEventIds.INVALID_CREDENTIALS); recordFailure(); return false; log.info("{} Account for '{}' is locked out, aborting authentication", getLogPrefix(), upContext.getUsername()); handleError(profileRequestContext, authenticationContext, AuthnEventIds.ACCOUNT_LOCKED, AuthnEventIds.ACCOUNT_LOCKED); recordFailure(); return false;
/** {@inheritDoc} */ @Override protected void doInitialize() throws ComponentInitializationException { super.doInitialize(); if (authenticator == null) { throw new ComponentInitializationException("Authenticator cannot be null"); } }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { if (!super.doPreExecute(profileRequestContext, authenticationContext)) { return false; } requestedPrincipalCtx = authenticationContext.getSubcontext(RequestedPrincipalContext.class); return true; }
/** {@inheritDoc} */ @Override @Nonnull @NotEmpty public String getMetricName() { return super.getMetricName() + '.' + currentLoginConfigName; }
/** * Record a successful authentication attempt against the configured counter, * optionally clearing account lockout state. * * @param profileRequestContext current profile request context * * @since 3.3.0 */ protected void recordSuccess(@Nonnull final ProfileRequestContext profileRequestContext) { recordSuccess(); if (lockoutManager != null) { lockoutManager.clear(profileRequestContext); } }
/** * Record a failed authentication attempt against the configured counter, * optionally incrementing the account lockout counter. * * @param profileRequestContext current profile request context * @param inc true iff lockout counter should be incremented * * @since 3.3.0 */ protected void recordFailure(@Nonnull final ProfileRequestContext profileRequestContext, final boolean inc) { recordFailure(); if (inc && lockoutManager != null) { lockoutManager.increment(profileRequestContext); } }
/** {@inheritDoc} */ @Override protected void doInitialize() throws ComponentInitializationException { super.doInitialize(); if (servicePrincipal != null && keytabPath == null) { throw new ComponentInitializationException("A keytab path is required if a service principal is set"); } clientOptions = new HashMap<>(); clientOptions.put("refreshKrb5Config", Boolean.valueOf(refreshKrb5Config).toString()); if (servicePrincipal != null) { // This set of options is from a lot of trial and error, but a couple of important points: // - setting isInitiator to false prevents an extra AS exchange to get a TGT for the service // - setting storeKey to true is essential or it can't create a GSSCredential for the service serverOptions = new HashMap<>(); serverOptions.put("refreshKrb5Config", Boolean.valueOf(refreshKrb5Config).toString()); serverOptions.put("useKeyTab", "true"); serverOptions.put("keyTab", keytabPath); serverOptions.put("principal", servicePrincipal); serverOptions.put("doNotPrompt", "true"); serverOptions.put("isInitiator", "false"); serverOptions.put("storeKey", "true"); } }
/** {@inheritDoc} */ @Override @Nonnull protected Subject populateSubject(@Nonnull final Subject subject) { final Subject theSubject = super.populateSubject(subject); if (derivedSubject != null) { theSubject.getPrincipals().addAll(derivedSubject.getPrincipals()); } return theSubject; }
/** {@inheritDoc} */ @Override @Nonnull protected Subject populateSubject(@Nonnull final Subject subject) { subject.getPrincipals().add( new LdapPrincipal(getUsernamePasswordContext().getUsername(), response.getLdapEntry())); return super.populateSubject(subject); }