Examples of org.exist.security.AuthenticationException

org.exist.security.AuthenticationException
Authentication process error. @author Dmitriy Shabanov

    @Override
    public Subject authenticate(final String accountName, Object credentials) throws AuthenticationException {
        final Account account = getAccount(accountName);
        
        if(account == null) {
            throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, "Account '" + accountName + "' not found.");
        }
        
        if("SYSTEM".equals(accountName) || (!allowGuestAuthentication && "guest".equals(accountName))) {
            throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, "Account '" + accountName + "' can not be used.");
        }


        if(!account.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCOUNT_LOCKED, "Account '" + accountName + "' is disabled.");
        }


        final Subject subject = new SubjectImpl((AccountImpl) account, credentials);
        if(!subject.isAuthenticated()) {
            throw new AuthenticationException(AuthenticationException.WRONG_PASSWORD, "Wrong password for user [" + accountName + "] ");
        }
            
        return subject;
    }

View Full Code Here

    public Subject authenticate(final String username, final Object credentials) throws AuthenticationException {
        if (LOG.isDebugEnabled())
            {LOG.debug("Authentication try for '"+username+"'.");}


        if (username == null)
          {throw new AuthenticationException(
              AuthenticationException.ACCOUNT_NOT_FOUND, "Account NULL not found");}


        if("jsessionid".equals(username)) {
        
        if (getSystemSubject().getSessionId().equals(credentials))
          {return getSystemSubject();}


        if (getGuestSubject().getSessionId().equals(credentials))
          {return getGuestSubject();}


            final Subject subject = sessions.read(new SessionDbRead<Subject>(){
                @Override
                public Subject execute(final Map<String, Session> db) {
                  
                  Session session = db.get((String)credentials);
                  if (session == null) return null;
                  
                  if (session.isValid())
                    return session.getSubject();
                  
                  return null; 
                }
            });


            if(subject == null)
                {throw new AuthenticationException(AuthenticationException.SESSION_NOT_FOUND, "Session [" + credentials + "] not found");}


            if (events != null)
              {events.authenticated(subject);}
            
            //TODO: validate session
            return subject;
        }


        for(final Realm realm : realms) {
            try {
              final Subject subject = realm.authenticate(username, credentials);
              
                if (LOG.isDebugEnabled())
                  {LOG.debug("Authenticated by '"+realm.getId()+"' as '"+subject+"'.");}
                
                if (events != null)
                  {events.authenticated(subject);}


                return subject;
            } catch(final AuthenticationException e) {
                if(e.getType() != AuthenticationException.ACCOUNT_NOT_FOUND) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Realm '"+realm.getId()+"' threw exception for account '"+username+"'. ["+e.getMessage()+"]");
                    }


                    throw e;
                }
            }
        }


        if (LOG.isDebugEnabled()) {
            LOG.debug("Account '"+username+"' not found, throw error");
        }


        throw new AuthenticationException(
        AuthenticationException.ACCOUNT_NOT_FOUND, 
        "Account [" + username + "] not found");
    }

View Full Code Here


                    return account;
                }
            });
        } catch(Exception e) {
            throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
        }
    }

View Full Code Here

            final AbstractAccount account = (AbstractAccount) getAccount(ctx, name);
            if (account == null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Account '"+name+"' can not be found.");
                }
          throw new AuthenticationException(
              AuthenticationException.ACCOUNT_NOT_FOUND,
              "Account '"+name+"' can not be found.");
            }


            return new AuthenticatedLdapSubjectAccreditedImpl(account, ctx, String.valueOf(credentials));


        } catch(final NamingException e) {
          LOG.debug(e.getMessage(), e);
            if(e instanceof javax.naming.AuthenticationException) {
                throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, e.getMessage());
            } else {
                throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
            }


        } finally {
            LdapUtils.closeContext(ctx);
        }

View Full Code Here

        
        try {
            final LdapContext ctx = getContext(invokingUser);
            final SearchResult ldapUser = findAccountByAccountName(ctx, account.getName());
            if(ldapUser == null) {
                throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, "Could not find the account in the LDAP");
            }
        
            return executeAsSystemUser(ctx, new Unit<Account>(){
                @Override
                public Account execute(LdapContext ctx, DBBroker broker) throws EXistException, PermissionDeniedException, NamingException {
                    
                    int update = UPDATE_NONE;
                    
                    //1) get the ldap group membership
                    final List<Group> memberOf_groups = getGroupMembershipForLdapUser(ctx, ldapUser);
                    
                    //2) get the ldap primary group
                    final String primaryGroup = findGroupBySID(ctx, getPrimaryGroupSID(ldapUser));
                    
                    //append the ldap primaryGroup to the head of the ldap group list, and compare
                    //to the account group list
                    memberOf_groups.add(0, getGroup(ctx, primaryGroup));


                    final String accountGroups[] = account.getGroups();
                    
                    if(!accountGroups[0].equals(ensureCase(primaryGroup))) {
                        update |= UPDATE_GROUP;
                    } else {
                        if(accountGroups.length != memberOf_groups.size()) {
                            update |= UPDATE_GROUP;
                        } else {
                            for(int i = 0; i < accountGroups.length; i++) {


                                boolean found = false;


                                for(Group memberOf_group : memberOf_groups) {
                                    if(accountGroups[i].equals(ensureCase(memberOf_group.getName()))) {
                                        found = true;
                                        break;
                                    }
                                }


                                if(!found) {
                                    update |= UPDATE_GROUP;
                                    break;
                                }
                            }
                        }
                    }
                    
                    //3) check metadata
                    final List<SimpleEntry<AXSchemaType, String>> ldapMetadatas = getMetadataForLdapUser(ldapUser);
                    final Set<SchemaType> accountMetadataKeys = account.getMetadataKeys();


                    if(accountMetadataKeys.size() != ldapMetadatas.size()) {
                        update |= UPDATE_METADATA;
                    } else {
                        for(SchemaType accountMetadataKey : accountMetadataKeys) {
                            final String accountMetadataValue = account.getMetadataValue(accountMetadataKey);


                            boolean found = false;


                            for(SimpleEntry<AXSchemaType, String> ldapMetadata : ldapMetadatas) {
                                if(accountMetadataKey.equals(ldapMetadata.getKey()) && accountMetadataValue.equals(ldapMetadata.getValue())) {
                                    found = true;
                                    break;
                                }
                            }


                            if(!found) {
                                update |= UPDATE_METADATA;
                                break;
                            }
                        }
                    }
                    
                    //update the groups?
                    if((update & UPDATE_GROUP) == UPDATE_GROUP) {
                        try {
                            Field fld = account.getClass().getSuperclass().getDeclaredField("groups");
                            fld.setAccessible(true);
                            fld.set(account, memberOf_groups);
                        } catch(NoSuchFieldException nsfe) {
                            throw new EXistException(nsfe.getMessage(), nsfe);
                        } catch(IllegalAccessException iae) {
                            throw new EXistException(iae.getMessage(), iae);
                        }
                    }
                    
                    //update the metdata?
                    if((update & UPDATE_METADATA) == UPDATE_METADATA) {
                        account.clearMetadata();
                        for(SimpleEntry<AXSchemaType, String> ldapMetadata : ldapMetadatas) {
                            account.setMetadataValue(ldapMetadata.getKey(), ldapMetadata.getValue());
                        }
                    }
                    
                    if(update != UPDATE_NONE) {
                        boolean updated = getSecurityManager().updateAccount(account);
                        if(!updated) {
                            LOG.error("Could not update account");
                        }
                    }


                    return account;
                }
            });
        } catch(final NamingException ne) {
            throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage(), ne);
        } catch(final EXistException ee) {
            throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ee.getMessage(), ee);
        }
        
    }

View Full Code Here

                    return account;
                }
            });
        } catch(final Exception e) {
          LOG.debug(e);
            throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
        }
    }

View Full Code Here

        try {
            //return sm.addGroup(instantiateGroup(this, groupname));
            return getSecurityManager().addGroup(new GroupAider(ID, groupname));


        } catch(Exception e) {
            throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
        }
    }

View Full Code Here

            try {
                ctx = getContext(getSecurityManager().getDatabase().getSubject());
                return getAccount(ctx, name);
            } catch(final NamingException ne) {
              LOG.debug(ne.getMessage(), ne);
              LOG.error(new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage()));
                return null;
            } finally {
                if(ctx != null){
                    LdapUtils.closeContext(ctx);
                }

View Full Code Here

            try {
                ctx = getContext(invokingUser);
                
                return getGroup(ctx, name);
            } catch(final NamingException ne) {
                LOG.error(new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage()));
                return null;
            } finally {
                if(ctx != null) {
                    LdapUtils.closeContext(ctx);
                }

View Full Code Here

                        LOG.error(ae.getMessage(), ae);
                        return null;
                    }
                }
            } catch(final NamingException ne) {
                LOG.error(new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage()));
                return null;
            } finally {
                if(ctx != null) {
                    LdapUtils.closeContext(ctx);
                }

View Full Code Here

0 1

TOP

Related Classes of org.exist.security.AuthenticationException

org.exist.security.internal.RealmImpl

org.exist.security.internal.SecurityManagerImpl

org.exist.security.realm.activedirectory.ActiveDirectoryRealm

org.exist.security.realm.ldap.LDAPRealm

org.exist.security.realm.oauth.OAuthRealm

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.