@Override public void apply(DirSearch client, String user) throws AuthenticationException { try { String userDn = client.findUserDn(user); // This should not be null because we were allowed to bind with this username // safe check in case we were able to bind anonymously. if (userDn == null) { throw new AuthenticationException("Authentication failed: User search failed"); } } catch (NamingException e) { throw new AuthenticationException("LDAP Authentication failed for user", e); } } }
@Override public void apply(DirSearch ldap, String user) throws AuthenticationException { LOG.info("Authenticating user '{}' using user filter", user); String userName = LdapUtils.extractUserName(user).toLowerCase(); if (!userFilter.contains(userName)) { LOG.info("Authentication failed based on user membership"); throw new AuthenticationException("Authentication failed: " + "User not a member of specified list"); } } }
public PamAuthenticator(HiveConf conf) throws AuthenticationException { super(); pamServiceNames = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PAM_SERVICES); if (pamServiceNames == null || pamServiceNames.trim().isEmpty()) { throw new AuthenticationException("No PAM services are set."); } }
@Override public void Authenticate(String user, String password) throws AuthenticationException { if (pamServiceNames == null || pamServiceNames.trim().isEmpty()) { throw new AuthenticationException("No PAM services are set."); } String errorMsg = "Error authenticating with the PAM service: "; String[] pamServices = pamServiceNames.split(","); for (String pamService : pamServices) { try { Pam pam = new Pam(pamService); boolean isAuthenticated = pam.authenticateSuccessful(user, password); if (!isAuthenticated) { throw new AuthenticationException(errorMsg + pamService); } } catch(Throwable e) { // Catch the exception caused by missing jpam.so which otherwise would // crashes the thread and causes the client hanging rather than notifying // the client nicely throw new AuthenticationException(errorMsg + pamService, e); } } } }
@Override public void authenticate(String user, String password) throws AuthenticationException { if (!user.matches("^alluxio.*")) { throw new AuthenticationException("Only allow the user starting with alluxio"); } if (!password.matches("^password")) { throw new AuthenticationException("Wrong password"); } } }
private DirSearch createDirSearch(String user, String password) throws AuthenticationException { if (StringUtils.isBlank(user)) { throw new AuthenticationException("Error validating LDAP user:" + " a null or blank user name has been provided"); } if (StringUtils.isBlank(password) || password.getBytes()[0] == 0) { throw new AuthenticationException("Error validating LDAP user:" + " a null or blank password has been provided"); } List<String> principals = LdapUtils.createCandidatePrincipals(conf, user); for (Iterator<String> iterator = principals.iterator(); iterator.hasNext();) { String principal = iterator.next(); try { return searchFactory.getInstance(conf, principal, password); } catch (AuthenticationException ex) { if (!iterator.hasNext()) { throw ex; } } } throw new AuthenticationException( String.format("No candidate principals for %s was found.", user)); }
public static AuthMethods getValidAuthMethod(String authMethodStr) throws AuthenticationException { for (AuthMethods auth : AuthMethods.values()) { if (authMethodStr.equals(auth.getAuthMethod())) { return auth; } } throw new AuthenticationException("Not a valid authentication method"); } }
@Override public void authenticate(String user, String password) throws AuthenticationException { if (!user.equals(USERNAME) || !password.equals(PASSWORD)) { throw new AuthenticationException("User authentication fails"); } } }
@Override public void apply(DirSearch client, String user) throws AuthenticationException { List<String> resultList; try { resultList = client.executeCustomQuery(query); } catch (NamingException e) { throw new AuthenticationException("LDAP Authentication failed for user", e); } if (resultList != null) { for (String matchedDn : resultList) { String shortUserName = LdapUtils.getShortName(matchedDn); LOG.info("<queried user=" + shortUserName + ",user=" + user + ">"); if (shortUserName.equalsIgnoreCase(user) || matchedDn.equalsIgnoreCase(user)) { LOG.info("Authentication succeeded based on result set from LDAP query"); return; } } } LOG.info("Authentication failed based on result set from custom LDAP query"); throw new AuthenticationException("Authentication failed: LDAP query " + "from property returned no data"); } }
@Override public void apply(DirSearch ldap, String user) throws AuthenticationException { LOG.info("Authenticating user '{}' using {}", user, GroupMembershipKeyFilter.class.getSimpleName()); List<String> memberOf = null; try { String userDn = ldap.findUserDn(user); memberOf = ldap.findGroupsForUser(userDn); LOG.debug("User {} member of : {}", userDn, memberOf); } catch (NamingException e) { throw new AuthenticationException("LDAP Authentication failed for user", e); } for (String groupDn : memberOf) { String shortName = LdapUtils.getShortName(groupDn); if (groupFilter.contains(shortName)) { LOG.debug("GroupMembershipKeyFilter passes: user '{}' is a member of '{}' group", user, groupDn); LOG.info("Authentication succeeded based on group membership"); return; } } LOG.info("Authentication failed based on user membership"); throw new AuthenticationException("Authentication failed: " + "User not a member of specified list"); } }
/** * {@inheritDoc} */ @Override public DirSearch getInstance(HiveConf conf, String principal, String password) throws AuthenticationException { try { DirContext ctx = createDirContext(conf, principal, password); return new LdapSearch(conf, ctx); } catch (NamingException e) { LOG.debug("Could not connect to the LDAP Server:Authentication failed for {}", principal); throw new AuthenticationException("Error validating LDAP user", e); } }
Joiner.on(',').join(groupFilter)); LOG.debug(msg); throw new AuthenticationException("No DN(s) has been found for any of specified group(s)"); throw new AuthenticationException(String.format( "Authentication failed: User '%s' is not a member of listed groups", user));
/** * @param authType authentication type to use * @return the generated {@link AuthenticationProvider} * @throws AuthenticationException when unsupported authentication type is used */ public static SaslHandshakeServerHandler create(AuthType authType, SaslServer saslServer) throws AuthenticationException { switch (authType) { case SIMPLE: case CUSTOM: return new SaslHandshakeServerHandlerPlain(saslServer); default: throw new AuthenticationException("Unsupported AuthType: " + authType.getAuthName()); } } }
private boolean authenticate(String user, String password) throws AuthenticationException { String[] pamServices = pamServiceNames.split(","); String errorMsg = "Error authenticating with the PAM service: "; for (String pamService : pamServices) { try { Pam pam = new Pam(pamService); if (!pam.authenticateSuccessful(user, password)) { return false; } } catch (Throwable e) { // Catch the exception caused by missing jpam.so which otherwise would // crashes the thread and causes the client hanging rather than notifying // the client nicely throw new AuthenticationException(errorMsg + pamService, e); } } return true; }
throw new AuthenticationException(ExceptionMessage.IMPERSONATION_NOT_CONFIGURED .getMessage(connectionUser, impersonationUser)); throw new AuthenticationException(ExceptionMessage.IMPERSONATION_GROUPS_FAILED .getMessage(impersonationUser, connectionUser), e); throw new AuthenticationException( ExceptionMessage.IMPERSONATION_DENIED.getMessage(connectionUser, impersonationUser));
public static PasswdAuthenticationProvider getAuthenticationProvider(AuthMethods authMethod, HiveConf conf) throws AuthenticationException { if (authMethod == AuthMethods.LDAP) { return new LdapAuthenticationProviderImpl(conf); } else if (authMethod == AuthMethods.PAM) { return new PamAuthenticationProviderImpl(conf); } else if (authMethod == AuthMethods.CUSTOM) { return new CustomAuthenticationProviderImpl(conf); } else if (authMethod == AuthMethods.NONE) { return new AnonymousAuthenticationProviderImpl(); } else { throw new AuthenticationException("Unsupported authentication method"); } } }
/** * @param authType authentication type to use * @return the generated {@link AuthenticationProvider} * @throws AuthenticationException when unsupported authentication type is used */ public static AuthenticationProvider create(AuthType authType, AlluxioConfiguration conf) throws AuthenticationException { switch (authType) { case SIMPLE: return new SimpleAuthenticationProvider(); case CUSTOM: String customProviderName = conf.get(PropertyKey.SECURITY_AUTHENTICATION_CUSTOM_PROVIDER_CLASS); return new CustomAuthenticationProvider(customProviderName); default: throw new AuthenticationException("Unsupported AuthType: " + authType.getAuthName()); } } }
public Map getConfiguration(String mode) throws AuthenticationException { throw new AuthenticationException("", new UnsupportedOperationException()); } }
public Map getConfiguration(String mode) throws AuthenticationException { throw new AuthenticationException("", new UnsupportedOperationException()); } }
@Override public void apply(DirSearch client, String user) throws AuthenticationException { try { String userDn = client.findUserDn(user); // This should not be null because we were allowed to bind with this username // safe check in case we were able to bind anonymously. if (userDn == null) { throw new AuthenticationException("Authentication failed: User search failed"); } } catch (NamingException e) { throw new AuthenticationException("LDAP Authentication failed for user", e); } } }