Package com.adito.security

Examples of com.adito.security.LogonStateAndCache

71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
            ActionMessages messages = new ActionMessages();
            messages.add(Globals.MESSAGE_KEY, new ActionMessage("login.sessionLocked"));
            saveMessages(request, messages);
        }

        LogonStateAndCache logonStateMachine = (LogonStateAndCache) request.getSession().getAttribute(
                        LogonStateAndCache.LOGON_STATE_MACHINE);
        if (logonStateMachine == null) {
            // there is no state machine so go back to the logonpage.
            return new ActionForward("/showLogon.do");
        } else {
            List<LabelValueBean> l = new ArrayList<LabelValueBean>();
            for (Iterator i = logonStateMachine.getAuthSchemes().iterator(); i.hasNext();) {
                AuthenticationScheme seq = (DefaultAuthenticationScheme) i.next();
                LabelValueBean lvb = new LabelValueBean(seq.getResourceName(), String.valueOf(seq.getResourceId()));
                l.add(lvb);
            }
            logonStateMachine.setState(LogonStateAndCache.STATE_KNOWN_USERNAME_MULTIPLE_SCHEMES_SELECT);
            ((SchemeSelectionForm) form).setAuthenticationSchemes(l);
            return mapping.findForward("success");
        }
    }
View Full Code Here
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
        /*
         * Get the authentication session and module to use to validate this
         * authentication attempt
         */
        AuthenticationScheme scheme = (AuthenticationScheme) request.getSession().getAttribute(Constants.AUTH_SESSION);
        LogonStateAndCache logonStateMachine = (LogonStateAndCache) request.getSession().getAttribute(
                        LogonStateAndCache.LOGON_STATE_MACHINE);

        // there are different users so we need to logon again, clearing the authentication scheme and logon machine.
        if (sessionInfo != null && logonStateMachine != null && !sessionInfo.getUser().equals(logonStateMachine.getUser())){
            request.getSession().removeAttribute(Constants.AUTH_SESSION);
            request.getSession().removeAttribute(LogonStateAndCache.LOGON_STATE_MACHINE);
            LogonControllerFactory.getInstance().logoffSession(request, response);
            msgs.add(Globals.ERROR_KEY, new ActionMessage("login.logonNotAllowed", "Session no longer valid, logon again."));
            saveErrors(request, msgs);
            return new RedirectWithMessages(mapping.findForward("logon"), request);
        }
       
        if (logonStateMachine == null) {
            logonStateMachine = new LogonStateAndCache(LogonStateAndCache.STATE_STARTED, request.getSession());
            request.getSession().setAttribute(LogonStateAndCache.LOGON_STATE_MACHINE, logonStateMachine);
        }
        if (scheme == null) {

            ActionForward fwd = null;
View Full Code Here
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
        if (module == null) {
            throw new Exception("No current authentication module");
        }
        RequestParameterMap params = new RequestParameterMap(new ServletRequestAdapter(request));
        User currentUser = scheme.getUser();
        LogonStateAndCache logonStateMachine = (LogonStateAndCache) request.getSession().getAttribute(
                        LogonStateAndCache.LOGON_STATE_MACHINE);

        if (logonStateMachine == null) {
            logonStateMachine = new LogonStateAndCache(LogonStateAndCache.STATE_STARTED, request.getSession());
        }

        if (logonStateMachine.getState() == LogonStateAndCache.STATE_KNOWN_USERNAME_NO_SCHEME_SPOOF_PASSWORD_ENTRY) {
            scheme.addCredentials(new PasswordCredentials("", "".toCharArray()));
        } else if (logonStateMachine.getState() == LogonStateAndCache.STATE_UNKNOWN_USERNAME_PROMPT_FOR_PASSWORD) {
            Credentials creds = module.authenticate(request, params);
            if(creds!=null)
              scheme.addCredentials(creds);
        } else {
          Credentials creds = module.authenticate(request, params);
            if(creds!=null) {
              scheme.addCredentials(creds);
              logonStateMachine.setState(LogonStateAndCache.STATE_VALID_LOGON);
            }
            // Check we have a user object
            if (currentUser == null && scheme.getUser() == null) {
                throw new Exception("The first authentication did not provide a user.");
            }
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
          if(back) {
            /**
             * This is designed to take the user back to the start of their default scheme. This
             * can only be invoked from the authentication scheme selection page.
             */
                LogonStateAndCache logonStateMachine = (LogonStateAndCache) request.getSession().getAttribute(
                        LogonStateAndCache.LOGON_STATE_MACHINE);
                logonStateMachine.setState(LogonStateAndCache.STATE_USERNAME_KNOWN);
                ((LogonForm) form).setUsername(logonStateMachine.getUser() == null ? logonStateMachine.getSpoofedUsername() : logonStateMachine.getUser().getPrincipalName());
                ((LogonForm) form).setHasMoreAuthenticationSchemes(logonStateMachine.enabledSchemesGraeterThanOne());
                return mapping.findForward("display");
          }
         
            // Configure the logon state machine
            LogonStateAndCache logonStateMachine = checkLogonStateMachine(request, response, logonForm, reset);
           
            /*
             * Only when in STARTED state do we collect the username
             */
            if(logonStateMachine.getState() == LogonStateAndCache.STATE_STARTED) {
              logonStateMachine.setState(LogonStateAndCache.STATE_DISPLAY_USERNAME_ENTRY);
              return mapping.findForward("username");
            }
           
            // try to check the auth session, if not you need to sign in again.
            fwd = checkAuthSession((LogonForm)form, reset, mapping, request, response, logonStateMachine);
View Full Code Here
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
     * @return logon state machine
     * @throws Exception on any error
     */
    LogonStateAndCache checkLogonStateMachine(HttpServletRequest request, HttpServletResponse response, LogonForm form, boolean reset) throws Exception {

        LogonStateAndCache logonStateMachine = (LogonStateAndCache) request.getSession().getAttribute(
                        LogonStateAndCache.LOGON_STATE_MACHINE);

        /** Reset the logon state machine if :-
         *
         * 1. This is the first connection from this browser session.
         * 2. The 'reset' parameter has been passed on the request
         * 3. The logon state machine is in {@link LogonStateAndCache#STATE_RETURN_TO_LOGON}
         *
         */
        UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(form.getRealmName());
        if (logonStateMachine == null || logonStateMachine.getState() == LogonStateAndCache.STATE_RETURN_TO_LOGON || reset) {
          /*
           * If the client is already logged on, then we got here because
           * a <i>Session Lock</i> has occured and so only require
           * the users password
           */
            if (LogonControllerFactory.getInstance().hasClientLoggedOn(request, response) == LogonController.LOGGED_ON) {
                logonStateMachine = new LogonStateAndCache(LogonStateAndCache.STATE_DISPLAY_USERNAME_ENTERED, request.getSession());
                logonStateMachine.setUser(LogonControllerFactory.getInstance().getUser(request));
                form.initUser();
                form.setHasMoreAuthenticationSchemes(false);
            } else {
              /*
               * This is a brand new session so we require the username
               */
                logonStateMachine = new LogonStateAndCache(LogonStateAndCache.STATE_STARTED, request.getSession());
                request.getSession().removeAttribute(Constants.AUTH_SESSION);
                if(!Util.isNullOrTrimmedBlank(form.getUsername())) {
                  try {
                    User user = udb.getAccount(form.getUsername());
                    logonStateMachine.removeFromSpoofCache(user.getPrincipalName());
                    form.initUser();
                    try {
                      logonStateMachine.setUser(user);
                    }
                    catch(AccountLockedException ale) {
                      // Continue anyway and get the exception later
                    }
                    logonStateMachine.setState(LogonStateAndCache.STATE_DISPLAY_USERNAME_ENTERED);
                  }
                  catch(UserNotFoundException unfe) {
                      form.initUser();
                      // Spoof some authentication schemes
                      form.setHasMoreAuthenticationSchemes(true);
                  }
                }
               
            }
        } else {
            /*
             * A username has been provided but it was unknown. The error message
             * indicating this will not be displayed until the next stage is
             * complete
             */
          if (logonStateMachine.getState() == LogonStateAndCache.STATE_UNKNOWN_USERNAME) {
              logonStateMachine.setState(LogonStateAndCache.STATE_UNKNOWN_USERNAME_PROMPT_FOR_PASSWORD);
          }
          else  if (logonStateMachine.getState() == LogonStateAndCache.STATE_KNOWN_USERNAME_MULTIPLE_SCHEMES_SELECT){           
            /*
             * The scheme to sign on with has changed, so we need to update the
                 * logon state machine.
                 */
                logonStateMachine.forceHighestPriorityScheme(request.getParameter("selectedAuthenticationScheme"),
                    request.getParameter("username"));
                logonStateMachine.setState(LogonStateAndCache.STATE_KNOWN_USERNAME_MULTIPLE_SCHEMES);               
            } else if (logonStateMachine.getState() == LogonStateAndCache.STATE_KNOWN_USERNAME_NO_SCHEME_SPOOF_PASSWORD_ENTRY){
              /*
                 * The scheme to sign on with has changed, so we need to update the
                 * logon state machine
                 */
                logonStateMachine.setSpoofedHighestPriorityScheme(request.getParameter("username"));
            }
            else if(logonStateMachine.getState() == LogonStateAndCache.STATE_DISPLAY_USERNAME_ENTRY){
              /*
               * The username has been collected, now process it.
               */
              if(Util.isNullOrTrimmedBlank(form.getUsername())) {
                /**
                 * Page refreshed, stay in same state
                 */
                  logonStateMachine.setState(LogonStateAndCache.STATE_STARTED);
              }
              else {
                  logonStateMachine.setState(LogonStateAndCache.STATE_DISPLAY_USERNAME_ENTERED);
                  try {
                    User user = udb.getAccount(form.getUsername());
                    logonStateMachine.removeFromSpoofCache(user.getPrincipalName());
                    try {
                      logonStateMachine.setUser(user);
                    }
                    catch(AccountLockedException ale) {
                      // Continue anyway and get the exception later
                    }
                  }
                  catch(UserNotFoundException unfe) {
                    // Continue anyway
                    String username = request.getParameter("username");
                    Realm realm = UserDatabaseManager.getInstance().getDefaultRealm();
                    logonStateMachine.setState(LogonStateAndCache.STATE_UNKNOWN_USERNAME_PROMPT_FOR_PASSWORD);
                      logonStateMachine.setSpoofedHighestPriorityScheme(username);
                      logonStateMachine.getHighestPriorityScheme().setAccountLock(LogonControllerFactory.getInstance().checkForAccountLock(username, realm.getResourceName()));
                  }
              }
            }
         
            ((LogonForm) form).setHasMoreAuthenticationSchemes(logonStateMachine.enabledSchemesGraeterThanOne());
        }
       
        return logonStateMachine;
    }
View Full Code Here
TOP

Related Classes of com.adito.security.LogonStateAndCache

  • com.adito.policyframework.Policy
  • com.adito.realms.Realm
  • com.adito.security.actions.LogonAction
  • com.adito.security.actions.ShowLogonAction
  • com.adito.security.actions.ShowSelectAuthenticationSchemeAction
  • java.util.Calendar
  • java.util.List
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.