Examples of javax.naming.AuthenticationException

• javax.naming.AuthenticationException
  This exception is thrown when an authentication error occurs while accessing the naming or directory service. An authentication error can happen, for example, when the credentials supplied by the user program is invalid or otherwise fails to authenticate the user to the naming/directory service.

  If the program wants to handle this exception in particular, it should catch AuthenticationException explicitly before attempting to catch NamingException. After catching AuthenticationException, the program could reattempt the authentication by updating the resolved context's environment properties with the appropriate appropriate credentials.

  Synchronization and serialization issues that apply to NamingException apply directly here. @author Rosanna Lee @author Scott Seligman @since 1.3

                } else {
                    clientIdentity = securityService.login(realmName, user, pass);
                }
                ClientSecurity.setIdentity(clientIdentity);
            } catch (LoginException e) {
                throw (AuthenticationException) new AuthenticationException("User could not be authenticated: " + user).initCause(e);
            }
        }
    }

                } else {
                    clientIdentity = securityService.login(realmName, user, pass);
                }
                ClientSecurity.setIdentity(clientIdentity);
            } catch (LoginException e) {
                throw (AuthenticationException) new AuthenticationException("User could not be authenticated: " + user).initCause(e);
            }
        }
    }

                } else {
                    identity = securityService.login(realmName, user, pass);
                }
                securityService.associate(identity);
            } catch (LoginException e) {
                throw (AuthenticationException) new AuthenticationException("User could not be authenticated: "+user).initCause(e);
            }
        }

        ContainerSystem containerSystem = SystemInstance.get().getComponent(ContainerSystem.class);
        Context context = containerSystem.getJNDIContext();

        final AuthenticationResponse res;
        try {
            res = requestAuthorization(req);
        } catch (RemoteException e) {
            throw new AuthenticationException(e.getLocalizedMessage());
        }

        switch (res.getResponseCode()) {
            case ResponseCodes.AUTH_GRANTED:
                client = res.getIdentity();
                break;
            case ResponseCodes.AUTH_REDIRECT:
                client = res.getIdentity();
                server = res.getServer();
                break;
            case ResponseCodes.AUTH_DENIED:
                throw (AuthenticationException) new AuthenticationException("This principle is not authorized.").initCause(res.getDeniedCause());
        }
    }

                } else {
                    identity = securityService.login(realmName, user, pass);
                }
                securityService.associate(identity);
            } catch (final LoginException e) {
                throw (AuthenticationException) new AuthenticationException("User could not be authenticated: " + user).initCause(e);
            }
        }

        final ContainerSystem containerSystem = SystemInstance.get().getComponent(ContainerSystem.class);
        Context context = containerSystem.getJNDIContext();

         LoginContext lc = new LoginContext(protocol, null, handler, conf);
         lc.login();
      }
      catch(LoginException e)
      {
         AuthenticationException ex = new AuthenticationException("Failed to login using protocol="+protocol);
         ex.setRootCause(e);
         throw ex;
      }

   }

      sTargetedGroupDN = upCredentials.getTargetedGroupDN();
    }

    // ensure an authenticated DN
    if (sAuthenticatedDN.length() == 0) {
      throw new AuthenticationException("Invalid credentials.");
    }

    // populate the authentication status and profile information
    user.setDistinguishedName(sAuthenticatedDN);
    populateUser(requestContext,user,sTargetedGroupDN);

    RoleSet roles = user.getAuthenticationStatus().getAuthenticatedRoles();
    if (roles.hasRole("gptForbiddenAccess")) {
      User activeUser = requestContext.getUser();
      if(activeUser.getAuthenticationStatus().getWasAuthenticated()){
        String activeUserDn = requestContext.getUser().getDistinguishedName();
        String managedUserDn = user.getDistinguishedName();
        if(activeUserDn.equals(managedUserDn)){
        throw new AuthenticationException("Forbidden");
        }
      }else{
        throw new AuthenticationException("Forbidden");
      }
    }

  } catch (AuthenticationException e) {
    user.getAuthenticationStatus().reset();

    env.put(Context.SECURITY_PROTOCOL,sSecurityProtocol);
  }
  if (sPrincipal.length() > 0) {
    env.put(Context.SECURITY_PRINCIPAL,sPrincipal);
  } else if (bForceCredentials) {
    throw new AuthenticationException("Invalid credentials.");
  }
  if (sPassword.length() > 0) {
    env.put(Context.SECURITY_CREDENTIALS,sPassword);
  } else if (bForceCredentials) {
    throw new AuthenticationException("Invalid credentials.");
  }

  // env.put(Context.REFERRAL,"follow");

  // make the initial directory context

  user.getAuthenticationStatus().reset();
  DirContext dirContext = getConnectedContext();

  // ensure an authenticated DN
  if (sAuthenticatedDN.length() == 0) {
    throw new AuthenticationException("Invalid credentials.");
  }

  // populate profile information
  user.setDistinguishedName(sAuthenticatedDN);
  user.setKey(user.getDistinguishedName());
  getQueryFunctions().readUserProfile(dirContext,user);
  user.setName(user.getProfile().getUsername());

  // read groups, set authenticated roles
  getQueryFunctions().readUserGroups(dirContext,user);
  Groups userGroups = user.getGroups();
  Roles configuredRoles = getConfiguration().getIdentityConfiguration().getConfiguredRoles();
  RoleSet authenticatedRoles = user.getAuthenticationStatus().getAuthenticatedRoles();
  for (Role role: configuredRoles.values()) {
    if (userGroups.containsKey(role.getDistinguishedName())) {
      authenticatedRoles.addAll(role.getFullRoleSet());
    }
  }
  user.getAuthenticationStatus().setWasAuthenticated(true);

  // ensure membership if a targeted metadata management group was specified
  if (targetedGroupDN.length() > 0) {
    if (!userGroups.containsKey(targetedGroupDN)) {
      user.getAuthenticationStatus().reset();
      throw new AuthenticationException("Invalid credentials, not a member of the supplied group.");
    }
  }

  // ensure a local reference for the user
  LocalDao localDao = new LocalDao(requestContext);

    // throw an exception if authentication failed
    if (bMultipleAuthenticated) {
      // more than one username/password match was found
      String sMsg = "Multiple LDAP credential matches were found for login: "+sUsername;
      LogUtil.getLogger().warning(sMsg);
      throw new AuthenticationException(sMsg);
    } else if (sAuthenticatedDN.length() == 0) {
      // no username/password match was found
      throw new AuthenticationException("Invalid credentials.");
    }

  } finally {
    credentials.setDistinguishedName(sAuthenticatedDN);
    if (client != null) client.close();