public void validateNonce(ConsumerDetails consumerDetails, long timestamp, String nonce) throws AuthenticationException { long nowSeconds = (System.currentTimeMillis() / 1000); if ((nowSeconds - timestamp) > getValidityWindowSeconds()) { throw new CredentialsExpiredException("Expired timestamp."); } }
/** * Initialize the login form. * * @param comp - The component */ @SuppressWarnings("deprecation") @Override public void doAfterCompose(final Component comp) throws Exception { super.doAfterCompose(comp); savedRequest = (SavedRequest) session.removeAttribute(org.carewebframework.security.spring.Constants.SAVED_REQUEST); final AuthenticationException authError = (AuthenticationException) session .removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); CredentialsExpiredException expired = getException(authError, CredentialsExpiredException.class); User user = expired != null && SecurityUtil.getSecurityService().canChangePassword() ? (User) expired .getExtraInformation() : null; String form = user != null ? ChangePasswordController.DIALOG_CHANGE_PASSWORD : LoginPaneController.DIALOG_LOGIN_PANE; Map<Object, Object> args = new HashMap<Object, Object>(); args.put("savedRequest", savedRequest); args.put("authError", authError); args.put("user", user); ZKUtil.loadZulPage(form, loginForm, args, this); getPage().setTitle(user != null ? "Change Password" : "Please Login"); resetTimer(); }
public void check(UserDetails user) { if (!user.isCredentialsNonExpired()) { logger.debug("User account credentials have expired"); throw new CredentialsExpiredException(messages.getMessage( "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired")); } } }
public void check(UserDetails user) { if (!user.isCredentialsNonExpired()) { logger.debug("User account credentials have expired"); throw new CredentialsExpiredException(messages.getMessage( "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired")); } } }
public void validateNonce(ConsumerDetails consumerDetails, long timestamp, String nonce) { if (System.currentTimeMillis() / 1000 - timestamp > getValidityWindowSeconds()) { throw new CredentialsExpiredException("Expired timestamp."); } NonceEntry entry = new NonceEntry(consumerDetails.getConsumerKey(), timestamp, nonce); synchronized (NONCES) { if (NONCES.contains(entry)) { throw new NonceAlreadyUsedException("Nonce already used: " + nonce); } else { NONCES.add(entry); } cleanupNonces(); } }
@Override public void check(UserDetails user) { if (!user.isCredentialsNonExpired()) { LOG.debug("User account credentials have expired"); throw new CredentialsExpiredException(messages.getMessage( "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired")); } if (user instanceof AuthUserDto) { AuthUserDto authUser = (AuthUserDto) user; if (authUser.isTempPassword()) { throw new TempCredentialsException("Temp credentials used to authenticate"); } } }
private void raiseExceptionForErrorCode(int code, NamingException exception) { String hexString = Integer.toHexString(code); Throwable cause = new ActiveDirectoryAuthenticationException(hexString, exception.getMessage(), exception); switch (code) { case PASSWORD_EXPIRED: throw new CredentialsExpiredException(messages.getMessage( "LdapAuthenticationProvider.credentialsExpired", "User credentials have expired"), cause); case ACCOUNT_DISABLED: throw new DisabledException(messages.getMessage( "LdapAuthenticationProvider.disabled", "User is disabled"), cause); case ACCOUNT_EXPIRED: throw new AccountExpiredException(messages.getMessage( "LdapAuthenticationProvider.expired", "User account has expired"), cause); case ACCOUNT_LOCKED: throw new LockedException(messages.getMessage( "LdapAuthenticationProvider.locked", "User account is locked"), cause); default: throw badCredentials(cause); } }
publisher.publishAuthenticationFailure(new AuthenticationServiceException("", cause), a); publisher.publishAuthenticationFailure(new CredentialsExpiredException(""), a); publisher.publishAuthenticationFailure( new CredentialsExpiredException("", cause), a); verify(appPublisher, times(2)).publishEvent( isA(AuthenticationFailureBadCredentialsEvent.class));
public void check(UserDetails user) { if (!user.isAccountNonLocked()) { throw new LockedException(messages.getMessage( "AccountStatusUserDetailsChecker.locked", "User account is locked")); } if (!user.isEnabled()) { throw new DisabledException(messages.getMessage( "AccountStatusUserDetailsChecker.disabled", "User is disabled")); } if (!user.isAccountNonExpired()) { throw new AccountExpiredException( messages.getMessage("AccountStatusUserDetailsChecker.expired", "User account has expired")); } if (!user.isCredentialsNonExpired()) { throw new CredentialsExpiredException(messages.getMessage( "AccountStatusUserDetailsChecker.credentialsExpired", "User credentials have expired")); } } }
public void check(UserDetails user) { if (!user.isAccountNonLocked()) { throw new LockedException(messages.getMessage( "AccountStatusUserDetailsChecker.locked", "User account is locked")); } if (!user.isEnabled()) { throw new DisabledException(messages.getMessage( "AccountStatusUserDetailsChecker.disabled", "User is disabled")); } if (!user.isAccountNonExpired()) { throw new AccountExpiredException( messages.getMessage("AccountStatusUserDetailsChecker.expired", "User account has expired")); } if (!user.isCredentialsNonExpired()) { throw new CredentialsExpiredException(messages.getMessage( "AccountStatusUserDetailsChecker.credentialsExpired", "User credentials have expired")); } } }
public void check( UserDetails user ) { if ( !user.isCredentialsNonExpired() ) { LOG.debug( "User account credentials have expired" ); throw new CredentialsExpiredException( messages.getMessage( "AbstractUserInDirectoryAuthenticationProvider.credentialsExpired", "User credentials have expired" ) ); } } }
public void check(UserDetails user) { if (!user.isCredentialsNonExpired()) { logger.debug("User account credentials have expired"); throw new CredentialsExpiredException(messages.getMessage( "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"), user); } } }
public void check(UserDetails user) { if (!user.isCredentialsNonExpired()) { logger.debug("User account credentials have expired"); throw new CredentialsExpiredException(messages.getMessage( "AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired")); } } }
throw new DisabledException("It is first login. Password change is required!"); } else if (password expired) { throw new CredentialsExpiredException("Password is expired. Please change it!");
@SuppressWarnings("unchecked") @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { if (authentication == null) { throw new AuthenticationServiceException("Null Authentication"); } if (!TypeUtils.isAssignable(authenticationType, authentication.getClass())) { return null; } com.holonplatform.auth.Authentication authc; try { authc = authenticator.authenticate(converter.apply((A) authentication)); } catch (com.holonplatform.auth.exceptions.UnknownAccountException e) { throw new UsernameNotFoundException("Unknown account", e); } catch (com.holonplatform.auth.exceptions.InvalidCredentialsException e) { throw new BadCredentialsException("Invalid credentials", e); } catch (com.holonplatform.auth.exceptions.ExpiredCredentialsException e) { throw new CredentialsExpiredException("Expired credentials", e); } catch (com.holonplatform.auth.exceptions.DisabledAccountException e) { throw new DisabledException("Disabled account", e); } catch (com.holonplatform.auth.exceptions.LockedAccountException e) { throw new LockedException("Locked account", e); } catch (com.holonplatform.auth.exceptions.AuthenticationException e) { throw new InternalAuthenticationServiceException("Internal authentication error", e); } return new SpringSecurityAuthenticationAdapter(authc); }
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication; AuthContextUtils.execWithAuthContext(jwtAuthentication.getDetails().getDomain(), () -> { Pair<String, Set<SyncopeGrantedAuthority>> authenticated = dataAccessor.authenticate(jwtAuthentication); jwtAuthentication.setUsername(authenticated.getLeft()); jwtAuthentication.getAuthorities().addAll(authenticated.getRight()); return null; }); JwtClaims claims = jwtAuthentication.getClaims(); Long referenceTime = new Date().getTime(); Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < referenceTime) { dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); } Long notBefore = claims.getNotBefore(); if (notBefore == null || (notBefore * 1000L) > referenceTime) { throw new CredentialsExpiredException("JWT not valid yet"); } jwtAuthentication.setAuthenticated(true); return jwtAuthentication; }
@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { final JWTAuthentication jwtAuthentication = (JWTAuthentication) authentication; AuthContextUtils.execWithAuthContext(jwtAuthentication.getDetails().getDomain(), () -> { Pair<String, Set<SyncopeGrantedAuthority>> authenticated = dataAccessor.authenticate(jwtAuthentication); jwtAuthentication.setUsername(authenticated.getLeft()); jwtAuthentication.getAuthorities().addAll(authenticated.getRight()); return null; }); JwtClaims claims = jwtAuthentication.getClaims(); Long referenceTime = new Date().getTime(); Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || (expiryTime * 1000L) < referenceTime) { dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); } Long notBefore = claims.getNotBefore(); if (notBefore == null || (notBefore * 1000L) > referenceTime) { throw new CredentialsExpiredException("JWT not valid yet"); } jwtAuthentication.setAuthenticated(true); return jwtAuthentication; }
/** * If this is the access code callback request, use the {@code ForceOAuthConnector} to retrieve the * access token. * * @param authentication {@code Authentication} * @return {@code Authentication} * @throws AuthenticationException when authentication fails */ @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { OAuthAuthenticationToken authToken = (OAuthAuthenticationToken) authentication; try { Object details = authToken.getDetails(); SecurityContext sc; if (details instanceof SecurityContext) { sc = (SecurityContext) details; } else { sc = oauthConnector.getAccessToken((String) authToken.getCredentials(), (String) authToken.getDetails()); } return createAuthentication(sc); } catch (IOException ie) { LOGGER.error("Unable to get access token", ie); throw new CredentialsExpiredException("OAuth login invalid or expired access token"); } }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { if (!(authentication instanceof BearerAuthenticationToken)) { return null; } String bearerToken = (String) authentication.getCredentials(); User user; Jws<Claims> jws; try { jws = tokenAuthenticationService.parse(bearerToken); user = tokenAuthenticationService.verify(jws); } catch (ExpiredJwtException e) { throw new CredentialsExpiredException("JWT token expired", e); } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) { // assume that this is not a JWT, allow the next AuthenticationProvider to process it return null; } catch (SignatureException | MissingClaimException | IncorrectClaimException e) { throw new BadCredentialsException("JWT signature verification error or claim incorrect", e); } catch (NotFoundException e) { throw new BadCredentialsException("Invalid username", e); } catch (Exception e) { throw new InternalAuthenticationServiceException("Error authenticating with JWT token", e); } userDetailsChecker.check(user); if (log.isDebugEnabled()) { log.debug("Successfully authenticated user using JWT token, header: " + jws.getHeader() + ", body: " + jws.getBody()); } return new JwtAuthentication(user, bearerToken, jws, user.getAuthorities()); }
private void checkPasswordValidityAndAge(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, MetadataType passwordMetadata, CredentialPolicyType passwordCredentialsPolicy) { if (protectedString == null) { recordAuthenticationFailure(principal, connEnv, "no stored password value"); throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad"); } if (passwordCredentialsPolicy == null) { return; } Duration maxAge = passwordCredentialsPolicy.getMaxAge(); if (maxAge != null) { XMLGregorianCalendar changeTimestamp = MiscSchemaUtil.getChangeTimestamp(passwordMetadata); if (changeTimestamp != null) { XMLGregorianCalendar passwordValidUntil = XmlTypeConverter.addDuration(changeTimestamp, maxAge); if (clock.isPast(passwordValidUntil)) { recordAuthenticationFailure(principal, connEnv, "password expired"); throw new CredentialsExpiredException("web.security.provider.credential.expired"); } } } }