Package com.esri.gpt.framework.security.identity

Examples of com.esri.gpt.framework.security.identity.IdentityException

150
151
152
153
154
155
156
157
  try {
    LdapClient client = newLdapClient();
    client.connect();
    return client;
  } catch (Exception e) {
    throw new IdentityException("Unable to connect to LDAP.",e);
  }
}
View Full Code Here
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
        String sBaseDN = userProps.getUserSearchDIT();
        String sFilter = userProps.returnUserLoginSearchFilter(unCredential.getUsername());
        StringSet ssDNs = getQueryFunctions().searchDNs(
                          getConnectedContext(),sBaseDN,sFilter);
        if (ssDNs.size() > 1) {
          throw new IdentityException("Multiple LDAP usernames matched for:"+ unCredential.getUsername());
        } else if (ssDNs.size() == 1) {
          sAuthenticatedDN = ssDNs.iterator().next();
        }
      }
    }

    // Attempt to connect with the supplied credentials.
    // An AuthenticationException will be thrown if the credentials are invalid
    if (bUseDirectConnect) {
      connectionClient = new LdapClient(getConfiguration(),upCredentials);
      sAuthenticatedDN = connectionClient.connect();
      bUseLoginPattern = false;
      connectionClient.close();
      connectionClient = null;
    }

    // Attempt to authenticate by first executing a search for all users
    // matching the input username, then checking the supplied password against
    // each matching DN.
    // An AuthenticationException will be thrown if the credentials are invalid.
    if (bUseLoginPattern) {
      sAuthenticatedDN = searchForUser(upCredentials);
      sTargetedGroupDN = upCredentials.getTargetedGroupDN();
    }

    // ensure an authenticated DN
    if (sAuthenticatedDN.length() == 0) {
      throw new AuthenticationException("Invalid credentials.");
    }
   
    // populate the authentication status and profile information
    user.setDistinguishedName(sAuthenticatedDN);
    populateUser(requestContext,user,sTargetedGroupDN);
   
    RoleSet roles = user.getAuthenticationStatus().getAuthenticatedRoles();
    if (roles.hasRole("gptForbiddenAccess")) {
      User activeUser = requestContext.getUser();
      if(activeUser.getAuthenticationStatus().getWasAuthenticated()){
        String activeUserDn = requestContext.getUser().getDistinguishedName();
        String managedUserDn = user.getDistinguishedName();
        if(activeUserDn.equals(managedUserDn)){
        throw new AuthenticationException("Forbidden");
        }
      }else{
        throw new AuthenticationException("Forbidden");
      }
    }
   
  } catch (AuthenticationException e) {
    user.getAuthenticationStatus().reset();
    throw new CredentialsDeniedException("Invalid credentials.");
  } catch (com.esri.gpt.framework.context.ConfigurationException e) {
    user.getAuthenticationStatus().reset();
    throw new IdentityException(e.getMessage(),e);
  } catch (NamingException e) {
    user.getAuthenticationStatus().reset();
    throw new IdentityException(e.getMessage(),e);
  } catch (SQLException e) {
    user.getAuthenticationStatus().reset();
    throw e;
  } catch (IdentityException e) {
    user.getAuthenticationStatus().reset();
View Full Code Here
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
        } else if (sUsername.length() > 64) {
          sMsg += " The username is greater than 64 characters.";
        } else {
          sMsg += " This username already exists with a different DN.";
        }
        throw new IdentityException(sMsg);
      }
      insertUser(con,sDn,sUsername);
      nUserId = readUserByDN(con,user);
      if (nUserId < 0) {
        String sMsg = "A valid userid was not auto-generated for remote user: "+sDn;
        throw new IdentityException(sMsg);
      }
    }
  }
}
View Full Code Here
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
  PreparedStatement st = null;
  try {
   
    // ensure that a distinguished name was supplied
    if (user.getDistinguishedName().length() == 0) {
      throw new IdentityException("Empty DN");
    }
   
    // query for the distinguished name reference within the local users table
    String sSql = null;
    if (getIsDbCaseSensitive(this.getRequestContext())) {
      sSql = "SELECT USERID,USERNAME FROM "+getUserTableName()+" WHERE UPPER(DN)=?";
    } else {
      sSql = "SELECT USERID,USERNAME FROM "+getUserTableName()+" WHERE DN=?";
    }

    logExpression(sSql);
    st = con.prepareStatement(sSql);
    st.setString(1,user.getDistinguishedName().toUpperCase());
    ResultSet rs = st.executeQuery();
    int nCount = 0;
    while (rs.next()) {
      nUserId = rs.getInt(1);
      sUsername = Val.chkStr(rs.getString(2));
     
      // throw an exception if multiple users with the same
      // distinguished name exist
      nCount++;
      if (nCount > 1) {
        String sMsg = "Integrity violation within local user table: "+
                      "multiple references to same DN";
        throw new IdentityException(sMsg);
      }
    }
  } finally {
    closeStatement(st);
  }
View Full Code Here
TOP

Related Classes of com.esri.gpt.framework.security.identity.IdentityException

  • com.esri.gpt.framework.security.identity.ldap.LdapClient
  • com.esri.gpt.framework.security.identity.ldap.LdapIdentityAdapter
  • com.esri.gpt.framework.security.identity.local.LocalDao
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.