@Override protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, UserDetails user) { Authentication authNCtx = super.createSuccessfulAuthentication(authentication, user); Object principal = authNCtx.getPrincipal(); if (!(principal instanceof MidPointPrincipal)) { throw new BadCredentialsException("LdapAuthentication.incorrect.value"); } MidPointPrincipal midPointPrincipal = (MidPointPrincipal) principal; UserType userType = midPointPrincipal.getUser(); if (userType == null) { throw new BadCredentialsException("LdapAuthentication.bad.user"); } auditProvider.auditLoginSuccess(userType, ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI)); return authNCtx; } }
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI); securityHelper.auditLoginFailure(username, null, connEnv, auditMessage); } catch (WSSecurityException e) {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { LOGGER.trace("Invoked PasswordCallback with {} callbacks: {}", callbacks.length, callbacks); WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; String username = pc.getIdentifier(); String wssPasswordType = pc.getType(); LOGGER.trace("Username: '{}', Password type: {}", username, wssPasswordType); try { ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI); pc.setPassword(passwordAuthenticationEvaluatorImpl.getAndCheckUserPassword(connEnv, username)); } catch (Exception e) { LOGGER.trace("Exception in password callback: {}: {}", e.getClass().getSimpleName(), e.getMessage(), e); throw new PasswordCallbackException("Authentication failed"); } } }
public static void finishRequest(Task task, SecurityHelper securityHelper) { task.getResult().computeStatus(); ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI); connEnv.setSessionIdOverride(task.getTaskIdentifier()); securityHelper.auditLogout(connEnv, task); }
public boolean authenticate(String remoteName, String remoteAddress, String operation) { LOGGER.debug("Checking if {} ({}) is a known node", remoteName, remoteAddress); OperationResult result = new OperationResult(OPERATION_SEARCH_NODE); ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI); try { List<PrismObject<NodeType>> allNodes = repositoryService.searchObjects(NodeType.class, null, null, result); List<PrismObject<NodeType>> matchingNodes = getMatchingNodes(allNodes, remoteName, remoteAddress, operation); if (matchingNodes.size() == 1 || matchingNodes.size() >= 1 && taskManager.isLocalNodeClusteringEnabled()) { PrismObject<NodeType> actualNode = allNodes.iterator().next(); LOGGER.trace( "Matching result: The node {} was recognized as a known node (remote host name {} or IP address {} matched). Attempting to execute the requested operation: {}", actualNode.asObjectable().getName(), actualNode.asObjectable().getHostname(), remoteAddress, operation); NodeAuthenticationToken authNtoken = new NodeAuthenticationToken(actualNode, remoteAddress, Collections.emptyList()); SecurityContextHolder.getContext().setAuthentication(authNtoken); securityHelper.auditLoginSuccess(actualNode.asObjectable(), connEnv); return true; } } catch (RuntimeException | SchemaException e) { LOGGER.error("Unhandled exception when listing nodes"); LoggingUtils.logUnexpectedException(LOGGER, "Unhandled exception when listing nodes", e); } securityHelper.auditLoginFailure(remoteName != null ? remoteName : remoteAddress, null, connEnv, "Failed to authenticate node."); return false; }
@Override protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken authentication) { try { return super.doAuthentication(authentication); } catch (InternalAuthenticationServiceException e) { // This sometimes happens ... for unknown reasons the underlying libraries cannot // figure out correct exception. Which results to wrong error message (MID-4518) // So, be smart here and try to figure out correct error. throw processInternalAuthenticationException(e, e); } catch (IncorrectResultSizeDataAccessException e) { LOGGER.error("Failed to authenticate user {}. Error: {}", authentication.getName(), e.getMessage(), e); throw new BadCredentialsException("LdapAuthentication.bad.user", e); } catch (RuntimeException e) { LOGGER.error("Failed to authenticate user {}. Error: {}", authentication.getName(), e.getMessage(), e); auditProvider.auditLoginFailure(authentication.getName(), null, ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI), "bad credentials"); throw e; } }
task.setChannel(SchemaConstants.CHANNEL_REST_URI); ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI); connEnv.setSessionIdOverride(task.getTaskIdentifier()); UsernamePasswordAuthenticationToken token;
throw createFault(WSSecurityException.ErrorCode.FAILURE); ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI); String username = null; try {