Package com.adito.security

Examples of com.adito.security.AuthenticationScheme

330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
    }

    protected static AuthenticationScheme configureAuthenticationScheme(HttpServletRequest request, HttpServletResponse response)
                    throws IOException {
        AuthenticationScheme seq = AuthenticationModuleManager.getInstance().getSchemeForAuthenticationModuleInUse(
            WebDAVAuthenticationModule.MODULE_NAME);
        if (seq == null || !seq.getEnabled()) {
            log
                            .error("User cannot authenticate via WebDAV using only HTTP BASIC authentication as the current policy does not allow this.");
            response
                            .sendError(DAVStatus.SC_FORBIDDEN,
                                "You cannot authenticate via WebDAV using only HTTP BASIC authentication as the current policy does not allow this.");
            return seq;
        }
        seq.addModule(WebDAVAuthenticationModule.MODULE_NAME);
        try {
            seq.init(request.getSession());
        } catch (Exception e) {
            IOException ioe = new IOException("Failed to authentication scheme.");
            ioe.initCause(e);
            throw ioe;
        }
        seq.nextAuthenticationModule();
        request.getSession().setAttribute(Constants.AUTH_SENT, Boolean.TRUE);
        request.getSession().setAttribute(Constants.AUTH_SESSION, seq);
        return seq;
    }
View Full Code Here
103
104
105
106
107
108
109
110
111
112
113
114
115
116
            saveErrors(request.getSession(), errs);
            return mapping.getInputForward();         
        }
       
        // Now check to see if the password has been added to the authentication scheme
        AuthenticationScheme scheme = (AuthenticationScheme) getSessionInfo(request).getHttpSession().getAttribute(Constants.AUTH_SESSION);
        if(LogonControllerFactory.getInstance().getPasswordFromCredentials(scheme)==null) {
          // No so lets add it
          scheme.addCredentials(new PasswordCredentials(getSessionInfo(request).getUser().getPrincipalName(), f.getPassphrase().toCharArray()));
        }
       
        try {
            PublicKeyStore.getInstance().verifyPrivateKey(getSessionInfo(request).getUser().getPrincipalName(), f.getPassphrase().toCharArray());
        }
View Full Code Here
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
     * @throws Exception
     */
    public ActionForward commit(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
                    throws Exception {
        PromptForSessionPasswordForm pfspf = (PromptForSessionPasswordForm) form;
        AuthenticationScheme scheme = (AuthenticationScheme) getSessionInfo(request).getHttpSession().getAttribute(Constants.AUTH_SESSION);
        try {
            SessionInfo session = getSessionInfo(request);
            UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(session.getUser().getRealm());
            String username = session.getUser().getPrincipalName();
            if (!udb.checkPassword(username, pfspf.getPassword())) {
                throw new Exception("Incorrect password.");
            }
            scheme.addCredentials(new PasswordCredentials(username, pfspf.getPassword().toCharArray()));
            request.setAttribute(Constants.REQ_ATTR_FORWARD_TO, ((PromptForSessionPasswordForm)form).getForwardTo());
            request.setAttribute(Constants.REQ_ATTR_TARGET, ((PromptForSessionPasswordForm)form).getTarget());
            request.setAttribute(Constants.REQ_ATTR_FOLDER, ((PromptForSessionPasswordForm)form).getFolder());
            return mapping.findForward("redirect");
        } catch (InvalidLoginCredentialsException e) {
View Full Code Here
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
     * @throws Exception if authentication schemes cannot be loaded
     */
    public static boolean isAuthenticationModuleInUse(String moduleName) throws Exception {
        List authenticationSchemes = SystemDatabaseFactory.getInstance().getAuthenticationSchemeSequences();
        for (Iterator i = authenticationSchemes.iterator(); i.hasNext();) {
            AuthenticationScheme seq = (DefaultAuthenticationScheme) i.next();
            if (seq.hasModule(moduleName) && seq.getEnabled()) {
                return true;
            }
        }
        return false;
    }
View Full Code Here
106
107
108
109
110
111
112
113
114
115
116
117
118
            return forward;
        }
        PropertyList selectedModules = new PropertyList();
        SessionInfo session = LogonControllerFactory.getInstance().getSessionInfo(request);
        MultiSelectDataSource modules = new ModulesDataSource("security");
        AuthenticationScheme seq = ((DefaultAuthenticationScheme) ((AbstractResourceForm) form).getResource());
        for (int i = 0; i < seq.getModuleCount(); i++) {
            String module = seq.getModule(i);
            selectedModules.add(module);
        }
        MultiSelectSelectionModel moduleModel = new MultiSelectSelectionModel(session, modules, selectedModules);
        ((AuthenticationSchemeForm) form).setModuleModel(moduleModel);
        ((AuthenticationSchemeForm) form).setSelectedModulesList(selectedModules);
View Full Code Here
79
80
81
82
83
84
85
86
87
88
89
90
            // there is no state machine so go back to the logonpage.
            return new ActionForward("/showLogon.do");
        } else {
            List<LabelValueBean> l = new ArrayList<LabelValueBean>();
            for (Iterator i = logonStateMachine.getAuthSchemes().iterator(); i.hasNext();) {
                AuthenticationScheme seq = (DefaultAuthenticationScheme) i.next();
                LabelValueBean lvb = new LabelValueBean(seq.getResourceName(), String.valueOf(seq.getResourceId()));
                l.add(lvb);
            }
            logonStateMachine.setState(LogonStateAndCache.STATE_KNOWN_USERNAME_MULTIPLE_SCHEMES_SELECT);
            ((SchemeSelectionForm) form).setAuthenticationSchemes(l);
            return mapping.findForward("success");
View Full Code Here
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
       
        /*
         * Get the authentication session and module to use to validate this
         * authentication attempt
         */
        AuthenticationScheme scheme = (AuthenticationScheme) request.getSession().getAttribute(Constants.AUTH_SESSION);
        LogonStateAndCache logonStateMachine = (LogonStateAndCache) request.getSession().getAttribute(
                        LogonStateAndCache.LOGON_STATE_MACHINE);

        // there are different users so we need to logon again, clearing the authentication scheme and logon machine.
        if (sessionInfo != null && logonStateMachine != null && !sessionInfo.getUser().equals(logonStateMachine.getUser())){
            request.getSession().removeAttribute(Constants.AUTH_SESSION);
            request.getSession().removeAttribute(LogonStateAndCache.LOGON_STATE_MACHINE);
            LogonControllerFactory.getInstance().logoffSession(request, response);
            msgs.add(Globals.ERROR_KEY, new ActionMessage("login.logonNotAllowed", "Session no longer valid, logon again."));
            saveErrors(request, msgs);
            return new RedirectWithMessages(mapping.findForward("logon"), request);
        }
       
        if (logonStateMachine == null) {
            logonStateMachine = new LogonStateAndCache(LogonStateAndCache.STATE_STARTED, request.getSession());
            request.getSession().setAttribute(LogonStateAndCache.LOGON_STATE_MACHINE, logonStateMachine);
        }
        if (scheme == null) {

            ActionForward fwd = null;
            try {
                fwd = ShowLogonAction.checkAuthSession(null, false, mapping, request, response, logonStateMachine);
            } catch(CoreException ce) {
             
            } catch (Throwable e) {
                log.error("Logon not allowed.", e);
                ActionMessages errs = new ActionMessages();
                if(e instanceof CoreException) {
                  errs.add(Globals.ERROR_KEY, ((CoreException)e).getBundleActionMessage());
                }
                else {
                  errs.add(Globals.ERROR_KEY, new ActionMessage("login.logonNotAllowed",
                                  "Please contact your administrator."));
                }
                saveErrors(request, errs);
                request.getSession().removeAttribute(Constants.AUTH_SESSION);
                request.getSession().removeAttribute(LogonStateAndCache.LOGON_STATE_MACHINE);
                if (form != null)
                    form.reset(mapping, request);
                return new RedirectWithMessages(mapping.findForward("failed"), request);
            }
            if (fwd != null) {
                scheme = (AuthenticationScheme) request.getSession().getAttribute(Constants.AUTH_SESSION);
            }
        }

        if (scheme != null) {
            AuthenticationModule module = scheme.currentAuthenticationModule();
            if (module == null) {
                log.error("No authentication module.");
                request.getSession().removeAttribute(Constants.AUTH_SESSION);
                return mapping.findForward("logon");
            }

            try {             
              // If there is no user in the scheme then it is an invalid login
              if(scheme.getUser() == null) {
                throw new InvalidLoginCredentialsException();
              }
             
              // Check the account is enabled and not locked
              if(!PolicyUtil.isEnabled(scheme.getUser())) {
                throw new AccountLockedException(scheme.getUsername(), "Account disabled.", true, 0);
              }
             
              // Check for locks
              LogonControllerFactory.getInstance().checkForAccountLock(scheme.getUsername(), scheme.getUser().getRealm().getResourceName());

              // Authenticate
                authenticate(scheme, request);

                // Check logon is currently allowed
                String logonNotAllowedReason = LogonControllerFactory.getInstance().checkLogonAllowed(
                                scheme.getUser());

                if (logonNotAllowedReason != null) {
                    log.warn("Logon not allowed because '" + logonNotAllowedReason + "'");
                    msgs.add(Globals.ERROR_KEY, new ActionMessage("login.logonNotAllowed", logonNotAllowedReason));
                    saveErrors(request, msgs);
                    return new RedirectWithMessages(mapping.findForward("logon"), request);
                }

                // Check for the next authentication modules
                AuthenticationModule nextModule = scheme.nextAuthenticationModule();
                if (nextModule != null && request.getSession().getAttribute(Constants.SESSION_LOCKED) == null) {
                    if (log.isDebugEnabled())
                        log.debug("There are more authentication modules to satisfy (current mapping = " + mapping.getPath());
                    ActionForward fw = new RedirectWithMessages(mapping.findForward("logon"), request);
                    return fw;
                }

                return finishAuthentication(scheme, request, response);
            } catch (InputRequiredException ex) {
                // The page wants to display or redirect somewhere
              if(ex.getForward()==null)
                return mapping.findForward("logon");
              else
                return ex.getForward();
            } catch (AccountLockedException ale) {
                return accountLocked(mapping, request, ale, msgs);
            } catch (InvalidLoginCredentialsException ex) {
                log.error("[" + request.getRemoteHost()
                    + "] authentication failed", ex);

                LogonForm logonForm = (LogonForm) form;

                CoreServlet.getServlet().fireCoreEvent(
                    new CoreEvent(this, CoreEventConstants.LOGON, null, null, ex).addAttribute(
                        CoreAttributeConstants.EVENT_ATTR_IP_ADDRESS, request.getRemoteAddr()).addAttribute(
                        CoreAttributeConstants.EVENT_ATTR_HOST, request.getRemoteHost()).addAttribute(
                        CoreAttributeConstants.EVENT_ATTR_SCHEME, scheme.getSchemeName()).addAttribute(
                        CoreAttributeConstants.EVENT_ATTR_ACCOUNT, logonForm.getUsername()));

               
              request.getSession().removeAttribute(LogonStateAndCache.LOGON_STATE_MACHINE);
                request.getSession().removeAttribute(Constants.AUTH_SESSION);

                try {
                    scheme.setAccountLock(LogonControllerFactory.getInstance().logonFailed(((LogonForm)form).getUsername(),
                                    ((LogonForm)form).getRealmName(), scheme.getAccountLock()));
                } catch (AccountLockedException ale) {
                  return accountLocked(mapping, request, ale, msgs);
                }

                msgs.add(Globals.ERROR_KEY, new ActionMessage("login.invalidCredentials"));
View Full Code Here
61
62
63
64
65
66
67
68
69
70
71
    }

    private AuthenticationScheme getAuthenticationScheme(ActionForm form) throws Exception {
        AuthenticationSchemesForm schemesForm = (AuthenticationSchemesForm) form;
        int id = schemesForm.getSelectedResource();
        AuthenticationScheme scheme = SystemDatabaseFactory.getInstance().getAuthenticationSchemeSequence(id);
        if (scheme == null) {
            throw new Exception("No scheme with Id of " + id + ".");
        }
        return scheme;
    }
View Full Code Here
79
80
81
82
83
84
85
86
87
88
89
90
     */
    public ActionForward confirmRemove(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
        PolicyUtil.checkPermission(getResourceType(), PolicyConstants.PERM_DELETE, request);
        AuthenticationSchemesForm schemesForm = (AuthenticationSchemesForm) form;
        int id = schemesForm.getSelectedResource();
        AuthenticationScheme scheme = getAuthenticationScheme(form);
        if (scheme.isSystemScheme()) {
            throw new Exception("Cannot remove system schemes.");
        }
       
        int nextEnabled = getNextEnabledAuthenticationScheme(scheme);
        if (nextEnabled == -1) {
View Full Code Here
124
125
126
127
128
129
130
131
132
133
134
     * @throws Exception on any error
     */
    public ActionForward remove(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
                    throws Exception {
        PolicyUtil.checkPermission(getResourceType(), PolicyConstants.PERM_DELETE, request);
        AuthenticationScheme scheme = getAuthenticationScheme(form);
        int nextEnabled = getNextEnabledAuthenticationScheme(scheme);
        if (nextEnabled == -1) {
            saveError(request, "authenticationSchemes.error.mustHaveOneEnabledScheme", scheme);
            return list(mapping, form, request, response);
        }
View Full Code Here
TOP

Related Classes of com.adito.security.AuthenticationScheme

  • com.adito.core.CoreUtil
  • com.adito.core.stringreplacement.SessionInfoReplacer
  • com.adito.jdbc.JDBCSystemDatabase
  • com.adito.networkplaces.itemactions.OpenWebFolderAction
  • com.adito.policyframework.AbstractResource
  • com.adito.policyframework.forms.PoliciesForm
  • com.adito.policyframework.forms.PolicyForm
  • com.adito.policyframework.PolicyUtil
  • com.adito.policyframework.ResourceUtil
  • com.adito.security.actions.EditAuthenticationSchemeDispatchAction
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.