/** {@inheritDoc} */ @Override @Nonnull protected Subject populateSubject(@Nonnull final Subject subject) { subject.getPrincipals().add( new LdapPrincipal(getUsernamePasswordContext().getUsername(), response.getLdapEntry())); return super.populateSubject(subject); }
@Override protected void handleWarning( final AccountState.Warning warning, final AuthenticationResponse response, final LdapPasswordPolicyConfiguration configuration, final List<MessageDescriptor> messages) { if (StringUtils.isBlank(this.warningAttributeName)) { logger.debug("No warning attribute name is defined"); return; } if (StringUtils.isBlank(this.warningAttributeValue)) { logger.debug("No warning attribute value to match is defined"); return; } final LdapAttribute attribute = response.getLdapEntry().getAttribute(this.warningAttributeName); boolean matches = false; if (attribute != null) { logger.debug("Found warning attribute {} with value {}", attribute.getName(), attribute.getStringValue()); matches = this.warningAttributeValue.equals(attribute.getStringValue()); } logger.debug("matches={}, displayWarningOnMatch={}", matches, displayWarningOnMatch); if (displayWarningOnMatch == matches) { super.handleWarning(warning, response, configuration, messages); } } }
final LdapEntry entry = response.getLdapEntry(); if (response.getResult()) { if (entry != null) {
final LdapEntry entry = response.getLdapEntry(); if (response.getResult()) { if (entry != null) {
final LdapEntry entry = response.getLdapEntry(); if (response.getResult()) { if (entry != null) {
@Override protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential upc, final String originalPassword) throws GeneralSecurityException, PreventedException { val response = getLdapAuthenticationResponse(upc); LOGGER.debug("LDAP response: [{}]", response); if (!passwordPolicyHandlingStrategy.supports(response)) { LOGGER.warn("Authentication has failed because LDAP password policy handling strategy [{}] cannot handle [{}].", response, passwordPolicyHandlingStrategy.getClass().getSimpleName()); throw new FailedLoginException("Invalid credentials"); } LOGGER.debug("Attempting to examine and handle LDAP password policy via [{}]", passwordPolicyHandlingStrategy.getClass().getSimpleName()); val messageList = passwordPolicyHandlingStrategy.handle(response, getPasswordPolicyConfiguration()); if (response.getResult()) { LOGGER.debug("LDAP response returned a result. Creating the final LDAP principal"); val principal = createPrincipal(upc.getUsername(), response.getLdapEntry()); return createHandlerResult(upc, principal, messageList); } if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { LOGGER.warn("DN resolution failed. [{}]", response.getMessage()); throw new AccountNotFoundException(upc.getUsername() + " not found."); } throw new FailedLoginException("Invalid credentials"); }
LdapEntry entry = null; if (response.getResult()) { entry = response.getLdapEntry(); if (entry != null) { roles.addAll(LdapRole.toRoles(entry)); response = auth.authenticate(authRequest); if (response.getResult()) { entry = response.getLdapEntry(); if (entry != null) { roles.addAll(LdapRole.toRoles(entry));
LdapEntry entry = null; if (response.getResult()) { entry = response.getLdapEntry(); if (entry != null) { roles.addAll(LdapRole.toRoles(entry)); response = auth.authenticate(authRequest); if (response.getResult()) { entry = response.getLdapEntry(); if (entry != null) { roles.addAll(LdapRole.toRoles(entry));
val entry = response.getLdapEntry(); val profile = new CommonProfile(); profile.setId(username);
@Override public void validate(final UsernamePasswordCredentials credentials, final WebContext context) { init(); final String username = credentials.getUsername(); CommonHelper.assertNotBlank(Pac4jConstants.USERNAME, username); final AuthenticationResponse response; try { logger.debug("Attempting LDAP authentication for: {}", credentials); final List<String> attributesToRead = defineAttributesToRead(); final AuthenticationRequest request = new AuthenticationRequest(username, new Credential(credentials.getPassword()), attributesToRead.toArray(new String[attributesToRead.size()])); response = this.ldapAuthenticator.authenticate(request); } catch (final LdapException e) { throw new TechnicalException("Unexpected LDAP error", e); } logger.debug("LDAP response: {}", response); if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final List<Map<String, Object>> listAttributes = new ArrayList<>(); listAttributes.add(getAttributesFromEntry(entry)); final LdapProfile profile = convertAttributesToProfile(listAttributes, username); credentials.setUserProfile(profile); return; } if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { throw new AccountNotFoundException(username + " not found"); } throw new BadCredentialsException("Invalid credentials for: " + username); }
new AuthenticationRequest(username, new Credential(password), ReturnAttributes.ALL_USER.value())); if (response.getResult()) { // authentication succeeded LdapEntry userEntry = response.getLdapEntry();
@Override public void handle(final AuthenticationResponse response) { if (response.getResult()) { if (maxPasswordAge >= 0) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute pwdLastSet = entry.getAttribute("pwdLastSet"); if (pwdLastSet != null) { final Calendar exp = pwdLastSet.getValue(new FileTimeValueTranscoder()); exp.setTimeInMillis(exp.getTimeInMillis() + maxPasswordAge); response.setAccountState(new ActiveDirectoryAccountState(exp)); } } } else { if (response.getMessage() != null) { final ActiveDirectoryAccountState.Error adError = ActiveDirectoryAccountState.Error.parse( response.getMessage()); if (adError != null) { response.setAccountState(new ActiveDirectoryAccountState(adError)); } } } } }
return createHandlerResult(upc, createPrincipal(upc.getUsername(), response.getLdapEntry()), messageList);
final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("passwordExpirationTime"); final LdapAttribute loginRemaining = entry.getAttribute("loginGraceRemaining");
@Override public void handle(final AuthenticationResponse response) { if (response.getMessage() != null) { final EDirectoryAccountState.Error edError = EDirectoryAccountState.Error.parse(response.getMessage()); if (edError != null) { response.setAccountState(new EDirectoryAccountState(edError)); } } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("passwordExpirationTime"); final LdapAttribute loginRemaining = entry.getAttribute("loginGraceRemaining"); final int loginRemainingValue = loginRemaining != null ? Integer.parseInt(loginRemaining.getStringValue()) : 0; if (expTime != null) { final ZonedDateTime exp = expTime.getValue(new GeneralizedTimeValueTranscoder()); if (warningPeriod != null) { final ZonedDateTime warn = exp.minus(warningPeriod); if (ZonedDateTime.now().isAfter(warn)) { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else if (loginRemaining != null) { response.setAccountState(new EDirectoryAccountState(null, loginRemainingValue)); } } }
@Override public void handle(final AuthenticationResponse response) { if (response.getMessage() != null) { final EDirectoryAccountState.Error edError = EDirectoryAccountState.Error.parse(response.getMessage()); if (edError != null) { response.setAccountState(new EDirectoryAccountState(edError)); } } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("passwordExpirationTime"); final LdapAttribute loginRemaining = entry.getAttribute("loginGraceRemaining"); final int loginRemainingValue = loginRemaining != null ? Integer.parseInt(loginRemaining.getStringValue()) : 0; if (expTime != null) { final ZonedDateTime exp = expTime.getValue(new GeneralizedTimeValueTranscoder()); if (warningPeriod != null) { final ZonedDateTime warn = exp.minus(warningPeriod); if (ZonedDateTime.now().isAfter(warn)) { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else if (loginRemaining != null) { response.setAccountState(new EDirectoryAccountState(null, loginRemainingValue)); } } }
final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("msDS-UserPasswordExpiryTimeComputed"); final LdapAttribute pwdLastSet = entry.getAttribute("pwdLastSet");
final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("msDS-UserPasswordExpiryTimeComputed"); final LdapAttribute pwdLastSet = entry.getAttribute("pwdLastSet");
final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("krbPasswordExpiration"); final LdapAttribute failedLogins = entry.getAttribute("krbLoginFailedCount");
final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("krbPasswordExpiration"); final LdapAttribute failedLogins = entry.getAttribute("krbLoginFailedCount");