/** * Throws AuthenticationRequiredException if authentication is required but there are no * credentials. */ static void throwIfMissingRequiredCredentials(boolean requireAuthentication, boolean hasCredentials) { if (requireAuthentication && !hasCredentials) { throw new AuthenticationRequiredException( "No security credentials are provided"); } }
public long getUniqueIdFromMessage(Message requestMessage, Encryptor handshake, long connectionId) throws AuthenticationRequiredException { AuthIds aIds = getAuthIdsFromMessage(requestMessage, handshake); if (connectionId != aIds.getConnectionId()) { throw new AuthenticationRequiredException( "No security credentials are provided"); } return aIds.getUniqueId(); }
/** * Binds the passed-in subject to the executing thread. Usage: * * <pre> * ThreadState state = null; * try { * state = securityService.bindSubject(subject); * // do the rest of the work as this subject * } finally { * if (state != null) * state.clear(); * } * </pre> */ @Override public ThreadState bindSubject(final Subject subject) { if (subject == null) { throw new AuthenticationRequiredException("Failed to find the authenticated user."); } ThreadState threadState = new SubjectThreadState(subject); threadState.bind(); return threadState; }
/** * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to * process operations from the same client, then it looks into Shiro's thead context. * * @return the shiro subject, null if security is not enabled */ @Override public Subject getSubject() { Subject currentUser; // First try get the principal out of AccessControlContext instead of Shiro's Thread context // since threads can be shared between JMX clients. javax.security.auth.Subject jmxSubject = javax.security.auth.Subject.getSubject(AccessController.getContext()); if (jmxSubject != null) { Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class); if (!principals.isEmpty()) { ShiroPrincipal principal = principals.iterator().next(); currentUser = principal.getSubject(); ThreadContext.bind(currentUser); return currentUser; } } // in other cases like rest call, client operations, we get it from the current thread currentUser = SecurityUtils.getSubject(); if (currentUser == null || currentUser.getPrincipal() == null) { throw new AuthenticationRequiredException("Failed to find the authenticated user."); } return currentUser; }
private AuthIds getAuthIdsFromMessage(Message requestMessage, Encryptor handshake) throws AuthenticationRequiredException { try { byte[] secureBytes = requestMessage.getSecureBytes(); secureBytes = handshake.decryptBytes(secureBytes); return new AuthIds(secureBytes); } catch (Exception ex) { throw new AuthenticationRequiredException( "No security credentials are provided", ex); } } }
protected void readMessage(DataInputStream dis, DataOutputStream dos, byte acceptanceCode, DistributedMember member) throws IOException, AuthenticationRequiredException, AuthenticationFailedException, ServerRefusedConnectionException { String message = dis.readUTF(); if (message.length() == 0 && acceptanceCode != REPLY_WAN_CREDENTIALS) { return; // success } switch (acceptanceCode) { case REPLY_EXCEPTION_AUTHENTICATION_REQUIRED: throw new AuthenticationRequiredException(message); case REPLY_EXCEPTION_AUTHENTICATION_FAILED: throw new AuthenticationFailedException(message); case REPLY_EXCEPTION_DUPLICATE_DURABLE_CLIENT: throw new ServerRefusedConnectionException(member, message); case REPLY_WAN_CREDENTIALS: checkIfAuthenticWanSite(dis, dos, member); break; default: throw new ServerRefusedConnectionException(member, message); } }
public static Properties getCredentials(String authInitMethod, Properties securityProperties, DistributedMember server, boolean isPeer, InternalLogWriter logWriter, InternalLogWriter securityLogWriter) throws AuthenticationRequiredException { Properties credentials = null; // if no authInit, Try to extract the credentials directly from securityProps if (StringUtils.isBlank(authInitMethod)) { return Credentials.getCredentials(securityProperties); } // if authInit exists try { AuthInitialize auth = CallbackInstantiator.getObjectOfType(authInitMethod, AuthInitialize.class); auth.init(logWriter, securityLogWriter); try { credentials = auth.getCredentials(securityProperties, server, isPeer); } finally { auth.close(); } } catch (GemFireSecurityException ex) { throw ex; } catch (Exception ex) { throw new AuthenticationRequiredException( String.format("Failed to acquire AuthInitialize method %s", authInitMethod), ex); } return credentials; }
throw new AuthenticationRequiredException("User authorization attributes not found.");
throw new AuthenticationRequiredException( "Server expecting SSL connection");
@Test public void loginRequiredShouldReturnTrueWhenSecurityServiceFailsToLoadSubject() { when(function.loginRequired(securityService)).thenCallRealMethod(); doThrow(new AuthenticationRequiredException("Dummy Exception")).when(securityService) .getSubject(); assertThat(function.loginRequired(securityService)).isTrue(); }
public AuthorizeRequestPP getPostAuthzRequest() throws AuthenticationRequiredException, IOException { if (!AcceptorImpl.isAuthenticationRequired()) { return null; } if (securityService.isIntegratedSecurity()) { return null; } // look client version and return authzrequest // for backward client it will be store in member variable userAuthId // for other look "requestMessage" here and get unique-id from this to get the authzrequest long uniqueId = getUniqueId(); UserAuthAttributes uaa = null; try { uaa = this.clientUserAuths.getUserAuthAttributes(uniqueId); } catch (NullPointerException npe) { if (this.isTerminated()) { // Bug #52023. throw new IOException("Server connection is terminated."); } else { logger.debug("Unexpected exception {}", npe); } } if (uaa == null) { throw new AuthenticationRequiredException("User authorization attributes not found."); } return uaa.getPostAuthzRequest(); }
/** * @return return a shiro subject */ @Override public Subject login(final Properties credentials) { if (credentials == null) { throw new AuthenticationRequiredException("credentials are null"); } // this makes sure it starts with a clean user object ThreadContext.remove(); Subject currentUser = SecurityUtils.getSubject(); GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials); try { logger.debug("Logging in " + token.getPrincipal()); currentUser.login(token); } catch (ShiroException e) { logger.info("error logging in: " + token.getPrincipal()); throw new AuthenticationFailedException( "Authentication error. Please check your credentials.", e); } Session currentSession = currentUser.getSession(); currentSession.setAttribute(CREDENTIALS_SESSION_ATTRIBUTE, credentials); return currentUser; }
throw new SystemConnectException(failReason); } else if (failReason.contains("Failed to find credentials")) { throw new AuthenticationRequiredException(failReason);
public long getUniqueId() { long uniqueId; if (this.handshake.getVersion().isPre65() || communicationMode.isWAN()) { uniqueId = this.userAuthId; } else if (this.requestMessage.isSecureMode()) { uniqueId = messageIdExtractor.getUniqueIdFromMessage(this.requestMessage, this.handshake.getEncryptor(), this.connectionId); } else { throw new AuthenticationRequiredException( "No security credentials are provided"); } return uniqueId; }
throw new AuthenticationRequiredException(s, (AuthenticationRequiredException) result); } else if (result instanceof NotAuthorizedException) { throw new NotAuthorizedException(s, (NotAuthorizedException) result);
throw new AuthenticationRequiredException( "Server expecting SSL connection");
logger.error("Failed to bind the subject of uniqueId {} for message {} with {}", uniqueId, messageType, this.getName()); throw new AuthenticationRequiredException("Failed to find the authenticated user.");
} catch (AuthenticationRequiredException e) { failOnStart(e); throw new AuthenticationRequiredException( "user/password required. Please start your server with --user and --password. " + e.getMessage());