@Override public Optional<P> authenticate(C credentials) throws AuthenticationException { try (Timer.Context context = gets.time()) { return cache.get(credentials); } catch (CompletionException e) { final Throwable cause = e.getCause(); if (cause instanceof InvalidCredentialsException) { return Optional.empty(); } if (cause instanceof AuthenticationException) { throw (AuthenticationException) cause; } throw new AuthenticationException(cause); } }
/** * Ensures that the account name passes site-specific complexity requirements, like minimum length. * * @param accountName the account name * @throws io.dropwizard.auth.AuthenticationException if account name does not meet complexity requirements */ public void verifyAccountNameStrength(String accountName) throws AuthenticationException { Matcher matcher = PATTERN.matcher(accountName); if (!matcher.matches()) { throw new AuthenticationException(accountName + " is not a valid email"); } }
/** * Ensures that the account name passes site-specific complexity requirements, like minimum length. * * @param accountName the account name * @throws io.dropwizard.auth.AuthenticationException if account name does not meet complexity requirements */ public void verifyAccountNameStrength(String accountName) throws AuthenticationException { Matcher matcher = PATTERN.matcher(accountName); if (!matcher.matches()) { throw new AuthenticationException(accountName + " is not a valid email"); } }
@Override public Optional<P> authenticate(C credentials) throws AuthenticationException { final Timer.Context context = gets.time(); try { return cache.get(credentials); } catch (ExecutionException e) { final Throwable cause = e.getCause(); if (cause instanceof InvalidCredentialsException) { return Optional.empty(); } // Attempt to re-throw as-is Throwables.propagateIfPossible(cause, AuthenticationException.class); throw new AuthenticationException(cause); } catch (UncheckedExecutionException e) { Throwables.throwIfUnchecked(e.getCause()); throw e; } finally { context.stop(); } }
@Override public Optional<User> authenticate(BasicCredentials credentials) throws AuthenticationException { if ("secret".equals(credentials.getPassword())) { return Optional.of(new User(credentials.getUsername())); } throw new AuthenticationException("Invalid credentials"); } }
/** * Changes the password for the specified user. This requires the current password, as well as * the password to replace it with. The new password should be checked against old hashes to be sure the new password does not closely resemble or equal any recent passwords for that UserEntry. * Password strength should also be verified. This new password must be repeated to ensure that the user has typed it in correctly. * * @param user the user to change the password for * @param currentPassword the current password for the specified user * @param newPassword the new password to use * @param newPassword2 a verification copy of the new password * @throws io.dropwizard.auth.AuthenticationException if any errors occur */ public void changePassword(T user, String currentPassword, String newPassword, String newPassword2) throws AuthenticationException { verifyPassword(user, currentPassword); if (!newPassword.equals(newPassword2)) { throw new AuthenticationException(user.getUsername() + ": New password and re-type password must be same"); } else if (newPassword.equals(currentPassword)) { throw new AuthenticationException(user.getUsername() + ": New password and old password must be different"); } verifyPasswordStrength(currentPassword, newPassword, user); Optional<? extends UserEntry> optional = userStore.changePassword(user.getUsername(), newPassword); if (!optional.isPresent()) { throw new AuthenticationException(user.getUsername() + ": Can't update UserEntry Password"); } }
/** * Changes the password for the specified user. This requires the current password, as well as * the password to replace it with. The new password should be checked against old hashes to be sure the new password does not closely resemble or equal any recent passwords for that UserEntry. * Password strength should also be verified. This new password must be repeated to ensure that the user has typed it in correctly. * * @param user the user to change the password for * @param currentPassword the current password for the specified user * @param newPassword the new password to use * @param newPassword2 a verification copy of the new password * @throws io.dropwizard.auth.AuthenticationException if any errors occur */ public void changePassword(T user, String currentPassword, String newPassword, String newPassword2) throws AuthenticationException { verifyPassword(user, currentPassword); if (!newPassword.equals(newPassword2)) { throw new AuthenticationException(user.getUsername() + ": New password and re-type password must be same"); } else if (newPassword.equals(currentPassword)) { throw new AuthenticationException(user.getUsername() + ": New password and old password must be different"); } verifyPasswordStrength(currentPassword, newPassword, user); Optional<? extends UserEntry> optional = userStore.changePassword(user.getUsername(), newPassword); if (!optional.isPresent()) { throw new AuthenticationException(user.getUsername() + ": Can't update UserEntry Password"); } }
private User extractUser(final String token) throws AuthenticationException { try { final DecodedJWT jwt = JWT.decode(token); return this.createUser(jwt); } catch (final Throwable _t) { if (_t instanceof Exception) { final Exception e = (Exception)_t; throw new AuthenticationException("Invalid authorization header.", e); } else { throw Exceptions.sneakyThrow(_t); } } }
@Override public Optional<User> authenticate(JsonWebToken token) throws AuthenticationException { //check if token has expired: try { expiryValidator.validate(token); } catch (TokenExpiredException e) { throw new AuthenticationException(e.getMessage(), e); } //check if username is present: Object tokenUsername = token.claim().getParameter("username"); if (tokenUsername != null) { return Optional.of(new User(tokenUsername.toString())); } return Optional.absent(); } }, tokenParser, tokenVerifier, "realm");
public Optional<User> authenticateAndReturnPermittedGroups(BasicCredentials credentials) throws io.dropwizard.auth.AuthenticationException { final String sanitizedUsername = sanitizeEntity(credentials.getUsername()); try { try (AutoclosingLdapContext context = buildContext(sanitizedUsername, credentials.getPassword())) { Set<String> groupMemberships = getGroupMembershipsIntersectingWithRestrictedGroups(context, sanitizedUsername); if (!groupMemberships.isEmpty()) { return Optional.of(new User(sanitizedUsername, groupMemberships)); } } } catch (AuthenticationException ae) { LOG.debug("{} failed to authenticate. {}", sanitizedUsername, ae); } catch (IOException | NamingException err) { throw new io.dropwizard.auth.AuthenticationException(String.format("LDAP Authentication failure (username: %s)", sanitizedUsername), err); } return Optional.empty(); }
public boolean authenticate(BasicCredentials credentials) throws io.dropwizard.auth.AuthenticationException { final String sanitizedUsername = sanitizeEntity(credentials.getUsername()); try { try (AutoclosingLdapContext context = buildContext(sanitizedUsername, credentials.getPassword())) { return filterByGroup(context, sanitizedUsername); } } catch (AuthenticationException ae) { LOG.debug("{} failed to authenticate. {}", sanitizedUsername, ae); } catch (IOException | NamingException err) { throw new io.dropwizard.auth.AuthenticationException(String.format("LDAP Authentication failure (username: %s)", sanitizedUsername), err); } return false; }
/** * Authenticate a raw JWT string. * * @param s A JWT string. * @return An optional containing a user principal, if the JWT's contents * could be verified. * @throws NullPointerException If s is null. * @throws AuthenticationException If the supplied token was invalid in any way. */ @Override public Optional<Principal> authenticate(String s) throws NullPointerException, AuthenticationException { Objects.requireNonNull(s); try { final Jws<Claims> claims = Jwts.parser().setSigningKey(this.secretKey).parseClaimsJws(s); final String username = claims.getBody().getSubject(); final Principal principal = new PrincipalImpl(username); return Optional.of(principal); } catch (MalformedJwtException ex) { throw new AuthenticationException("The provided json web token was malformed.", ex); } catch (SignatureException ex) { throw new AuthenticationException("The provided json web token failed signature validation tests.", ex); } }
/** * Ensures that the password meets site-specific complexity requirements, like length or number * of character sets. This method takes the old password so that the algorithm can analyze the * new password to see if it is too similar to the old password. Note that this has to be * invoked when the user has entered the old password, as the list of old * credentials stored by ESAPI is all hashed. * Additionally, the user object is taken in order to verify the password and account name differ. * * @param oldPassword the old password * @param newPassword the new password * @param user the user * @throws io.dropwizard.auth.AuthenticationException if newPassword is too similar to oldPassword or if newPassword does not meet complexity requirements */ public void verifyPasswordStrength(String oldPassword, String newPassword, T user) throws AuthenticationException { List<Rule> rules = getPasswordRules(); PasswordValidator validator = new PasswordValidator(rules); PasswordData passwordData = new PasswordData(new Password(newPassword)); RuleResult result = validator.validate(passwordData); if (!result.isValid()) { StringBuilder messages = new StringBuilder(); for (String msg : validator.getMessages(result)) { messages.append(msg).append("\n"); } throw new AuthenticationException(messages.toString()); } }
/** * Ensures that the password meets site-specific complexity requirements, like length or number * of character sets. This method takes the old password so that the algorithm can analyze the * new password to see if it is too similar to the old password. Note that this has to be * invoked when the user has entered the old password, as the list of old * credentials stored by ESAPI is all hashed. * Additionally, the user object is taken in order to verify the password and account name differ. * * @param oldPassword the old password * @param newPassword the new password * @param user the user * @throws io.dropwizard.auth.AuthenticationException if newPassword is too similar to oldPassword or if newPassword does not meet complexity requirements */ public void verifyPasswordStrength(String oldPassword, String newPassword, T user) throws AuthenticationException { List<Rule> rules = getPasswordRules(); PasswordValidator validator = new PasswordValidator(rules); PasswordData passwordData = new PasswordData(new Password(newPassword)); RuleResult result = validator.validate(passwordData); if (!result.isValid()) { StringBuilder messages = new StringBuilder(); for (String msg : validator.getMessages(result)) { messages.append(msg).append("\n"); } throw new AuthenticationException(messages.toString()); } }