public static void handle(final AuthenticationStatus status, final String userId) throws LoginException { switch (status) { case FAILED: throw new FailedLoginException("Wrong username or password."); case CREDENTIAL_EXPIRED: throw new CredentialExpiredException("User: '" + userId + "'"); case ACCOUNT_EXPIRED: throw new AccountExpiredException("User: '" + userId + "'"); } }
/** * Instantiates a new account state handler, that populates * the error map with LDAP error codes and corresponding exceptions. */ public DefaultAccountStateHandler() { this.errorMap = new HashMap<>(); this.errorMap.put(ActiveDirectoryAccountState.Error.ACCOUNT_DISABLED, new AccountDisabledException()); this.errorMap.put(ActiveDirectoryAccountState.Error.ACCOUNT_LOCKED_OUT, new AccountLockedException()); this.errorMap.put(ActiveDirectoryAccountState.Error.INVALID_LOGON_HOURS, new InvalidLoginTimeException()); this.errorMap.put(ActiveDirectoryAccountState.Error.INVALID_WORKSTATION, new InvalidLoginLocationException()); this.errorMap.put(ActiveDirectoryAccountState.Error.PASSWORD_MUST_CHANGE, new AccountPasswordMustChangeException()); this.errorMap.put(ActiveDirectoryAccountState.Error.PASSWORD_EXPIRED, new CredentialExpiredException()); this.errorMap.put(EDirectoryAccountState.Error.ACCOUNT_EXPIRED, new AccountExpiredException()); this.errorMap.put(EDirectoryAccountState.Error.LOGIN_LOCKOUT, new AccountLockedException()); this.errorMap.put(EDirectoryAccountState.Error.LOGIN_TIME_LIMITED, new InvalidLoginTimeException()); this.errorMap.put(EDirectoryAccountState.Error.PASSWORD_EXPIRED, new CredentialExpiredException()); this.errorMap.put(PasswordExpirationAccountState.Error.PASSWORD_EXPIRED, new CredentialExpiredException()); this.errorMap.put(PasswordPolicyControl.Error.ACCOUNT_LOCKED, new AccountLockedException()); this.errorMap.put(PasswordPolicyControl.Error.PASSWORD_EXPIRED, new CredentialExpiredException()); this.errorMap.put(PasswordPolicyControl.Error.CHANGE_AFTER_RESET, new AccountPasswordMustChangeException()); }
private class Demo implements UserDetailsChecker { public void check(UserDetails user) { if (!user.isAccountNonLocked()) throw new LockedException("User account is locked"); if (!user.isEnabled()) throw new DisabledException("User is disabled")); if (!user.isAccountNonExpired()) throw new AccountExpiredException("User account has expired"); //And here comes you! } }
throw new AccountExpiredException(uid + " cannot reuse OTP " + otp + " as it may be expired/invalid");
throw new AccountDisabledException(); case EXPIRED: throw new AccountExpiredException(); case LOCKED: throw new AccountLockedException(); val now = LocalDate.now(ZoneOffset.UTC); if (now.isEqual(account.getExpirationDate()) || now.isAfter(account.getExpirationDate())) { throw new AccountExpiredException();
@Override public void throwSecurityException() throws LoginException { switch (this) { case FAILED_AUTHENTICATION: throw new FailedLoginException(name()); case PASSWORD_EXPIRED: throw new CredentialExpiredException(name()); case BAD_PASSWORD: throw new FailedLoginException(name()); case ACCOUNT_EXPIRED: throw new AccountExpiredException(name()); case MAXIMUM_LOGINS_EXCEEDED: throw new AccountLockedException(name()); case LOGIN_TIME_LIMITED: throw new AccountLockedException(name()); case LOGIN_LOCKOUT: throw new AccountLockedException(name()); default: throw new IllegalStateException("Unknown edirectory error: " + this); } }
@Override public void throwSecurityException() throws LoginException { switch (this) { case FAILED_AUTHENTICATION: throw new FailedLoginException(name()); case PASSWORD_EXPIRED: throw new CredentialExpiredException(name()); case BAD_PASSWORD: throw new FailedLoginException(name()); case ACCOUNT_EXPIRED: throw new AccountExpiredException(name()); case MAXIMUM_LOGINS_EXCEEDED: throw new AccountLockedException(name()); case LOGIN_TIME_LIMITED: throw new AccountLockedException(name()); case LOGIN_LOCKOUT: throw new AccountLockedException(name()); default: throw new IllegalStateException("Unknown edirectory error: " + this); } }
@Override public void throwSecurityException() throws LoginException { switch (this) { case FAILED_AUTHENTICATION: throw new FailedLoginException(name()); case PASSWORD_EXPIRED: throw new CredentialExpiredException(name()); case BAD_PASSWORD: throw new FailedLoginException(name()); case ACCOUNT_EXPIRED: throw new AccountExpiredException(name()); case MAXIMUM_LOGINS_EXCEEDED: throw new AccountLockedException(name()); case LOGIN_TIME_LIMITED: throw new AccountLockedException(name()); case LOGIN_LOCKOUT: throw new AccountLockedException(name()); default: throw new IllegalStateException("Unknown edirectory error: " + this); } }
private static Exception handleResponseStatusCode(final HttpStatus statusCode, final Principal p) { if (statusCode == HttpStatus.FORBIDDEN || statusCode == HttpStatus.METHOD_NOT_ALLOWED) { return new AccountDisabledException("Could not authenticate forbidden account for " + p.getId()); } if (statusCode == HttpStatus.UNAUTHORIZED) { return new FailedLoginException("Could not authenticate account for " + p.getId()); } if (statusCode == HttpStatus.NOT_FOUND) { return new AccountNotFoundException("Could not locate account for " + p.getId()); } if (statusCode == HttpStatus.LOCKED) { return new AccountLockedException("Could not authenticate locked account for " + p.getId()); } if (statusCode == HttpStatus.PRECONDITION_FAILED) { return new AccountExpiredException("Could not authenticate expired account for " + p.getId()); } if (statusCode == HttpStatus.PRECONDITION_REQUIRED) { return new AccountPasswordMustChangeException("Account password must change for " + p.getId()); } return new FailedLoginException("Rest endpoint returned an unknown status code " + statusCode); } }
@Override public void throwSecurityException() throws LoginException { switch (this) { case NO_SUCH_USER: throw new AccountNotFoundException(name()); case LOGON_FAILURE: throw new FailedLoginException(name()); case INVALID_LOGON_HOURS: throw new AccountLockedException(name()); case INVALID_WORKSTATION: throw new AccountException(name()); case PASSWORD_EXPIRED: throw new CredentialExpiredException(name()); case ACCOUNT_DISABLED: throw new AccountLockedException(name()); case ACCOUNT_EXPIRED: throw new AccountExpiredException(name()); case PASSWORD_MUST_CHANGE: throw new CredentialExpiredException(name()); case ACCOUNT_LOCKED_OUT: throw new AccountLockedException(name()); default: throw new IllegalStateException("Unknown active directory error: " + this); } }
@Override public void throwSecurityException() throws LoginException { switch (this) { case NO_SUCH_USER: throw new AccountNotFoundException(name()); case LOGON_FAILURE: throw new FailedLoginException(name()); case INVALID_LOGON_HOURS: throw new AccountLockedException(name()); case INVALID_WORKSTATION: throw new AccountException(name()); case PASSWORD_EXPIRED: throw new CredentialExpiredException(name()); case ACCOUNT_DISABLED: throw new AccountLockedException(name()); case ACCOUNT_EXPIRED: throw new AccountExpiredException(name()); case PASSWORD_MUST_CHANGE: throw new CredentialExpiredException(name()); case ACCOUNT_LOCKED_OUT: throw new AccountLockedException(name()); default: throw new IllegalStateException("Unknown active directory error: " + this); } }
@Override public void throwSecurityException() throws LoginException { switch (this) { case NO_SUCH_USER: throw new AccountNotFoundException(name()); case LOGON_FAILURE: throw new FailedLoginException(name()); case INVALID_LOGON_HOURS: throw new AccountLockedException(name()); case INVALID_WORKSTATION: throw new AccountException(name()); case PASSWORD_EXPIRED: throw new CredentialExpiredException(name()); case ACCOUNT_DISABLED: throw new AccountLockedException(name()); case ACCOUNT_EXPIRED: throw new AccountExpiredException(name()); case PASSWORD_MUST_CHANGE: throw new CredentialExpiredException(name()); case ACCOUNT_LOCKED_OUT: throw new AccountLockedException(name()); default: throw new IllegalStateException("Unknown active directory error: " + this); } }
@Override public void throwSecurityException() throws LoginException { switch (this) { case ACCOUNT_NOT_FOUND: throw new AccountNotFoundException(name()); case FAILED_AUTHENTICATION: throw new FailedLoginException(name()); case ACCOUNT_DISABLED: throw new FailedLoginException(name()); case PASSWORD_EXPIRED: throw new CredentialExpiredException(name()); case CREDENTIAL_NOT_FOUND: throw new FailedLoginException(name()); case ACCOUNT_EXPIRED: throw new AccountExpiredException(name()); case MAXIMUM_LOGINS_EXCEEDED: throw new AccountLockedException(name()); case LOGIN_TIME_LIMITED: throw new AccountLockedException(name()); case LOGIN_LOCKOUT: throw new AccountLockedException(name()); case UNKNOWN: throw new FailedLoginException(name()); default: throw new IllegalStateException("Unknown FreeIPA error: " + this); } }
@Override public void throwSecurityException() throws LoginException { switch (this) { case ACCOUNT_NOT_FOUND: throw new AccountNotFoundException(name()); case FAILED_AUTHENTICATION: throw new FailedLoginException(name()); case ACCOUNT_DISABLED: throw new FailedLoginException(name()); case PASSWORD_EXPIRED: throw new CredentialExpiredException(name()); case CREDENTIAL_NOT_FOUND: throw new FailedLoginException(name()); case ACCOUNT_EXPIRED: throw new AccountExpiredException(name()); case MAXIMUM_LOGINS_EXCEEDED: throw new AccountLockedException(name()); case LOGIN_TIME_LIMITED: throw new AccountLockedException(name()); case LOGIN_LOCKOUT: throw new AccountLockedException(name()); case UNKNOWN: throw new FailedLoginException(name()); default: throw new IllegalStateException("Unknown FreeIPA error: " + this); } }