@Override public Credential update(Credential credential) throws KapuaException { // // Argument Validation ArgumentValidator.notNull(credential, "credential"); ArgumentValidator.notNull(credential.getId(), "credential.id"); ArgumentValidator.notNull(credential.getScopeId(), "credential.scopeId"); ArgumentValidator.notNull(credential.getUserId(), "credential.userId"); ArgumentValidator.notNull(credential.getCredentialType(), "credential.credentialType"); ArgumentValidator.notEmptyOrNull(credential.getCredentialKey(), "credential.credentialKey"); // // Check access KapuaLocator locator = KapuaLocator.getInstance(); AuthorizationService authorizationService = locator.getService(AuthorizationService.class); PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class); authorizationService.checkPermission(permissionFactory.newPermission(AuthenticationDomains.CREDENTIAL_DOMAIN, Actions.write, credential.getScopeId())); return entityManagerSession.onTransactedResult(em -> { Credential currentCredential = CredentialDAO.find(em, credential.getScopeId(), credential.getId()); if (currentCredential == null) { throw new KapuaEntityNotFoundException(Credential.TYPE, credential.getId()); } if (currentCredential.getCredentialType() != credential.getCredentialType()) { throw new KapuaIllegalArgumentException("credentialType", credential.getCredentialType().toString()); } // Passing attributes?? return CredentialDAO.update(em, credential); }); }
int resetAfterSeconds = (int)credentialServiceConfig.get("lockoutPolicy.resetAfter"); Date firstLoginFailure; boolean resetAttempts = failedCredential.getFirstLoginFailure() == null || now.after(failedCredential.getLoginFailuresReset()); if (resetAttempts) { firstLoginFailure = now; failedCredential.setLoginFailures(1); } else { firstLoginFailure = failedCredential.getFirstLoginFailure(); failedCredential.setLoginFailures(failedCredential.getLoginFailures() + 1); failedCredential.setFirstLoginFailure(firstLoginFailure); failedCredential.setLoginFailuresReset(loginFailureWindowExpiration); int maxLoginFailures = (int)credentialServiceConfig.get("lockoutPolicy.maxFailures"); if (failedCredential.getLoginFailures() >= maxLoginFailures) { long lockoutDuration = (int)credentialServiceConfig.get("lockoutPolicy.lockDuration"); Date resetDate = new Date(now.getTime() + (lockoutDuration * 1000)); failedCredential.setLockoutReset(resetDate); credential.setFirstLoginFailure(null); credential.setLoginFailuresReset(null); credential.setLockoutReset(null); credential.setLoginFailures(0); try { KapuaSecurityUtils.doPrivileged(() -> credentialService.update(credential));
private void deleteCredentialByAccountId(KapuaId scopeId, KapuaId accountId) throws KapuaException { KapuaLocator locator = KapuaLocator.getInstance(); CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class); CredentialQuery query = credentialFactory.newQuery(accountId); CredentialListResult credentialsToDelete = query(query); for (Credential c : credentialsToDelete.getItems()) { delete(c.getScopeId(), c.getId()); } }
if (CredentialStatus.DISABLED.equals(credential.getStatus())) { throw new DisabledAccountException(); if (credential.getExpirationDate() != null && !credential.getExpirationDate().after(new Date())) { throw new ExpiredCredentialsException(); user = KapuaSecurityUtils.doPrivileged(() -> userService.find(credential.getScopeId(), credential.getUserId())); } catch (AuthenticationException ae) { throw ae; if (CredentialStatus.DISABLED.equals(credential.getStatus())) { throw new DisabledAccountException(); if (credential.getExpirationDate() != null && !credential.getExpirationDate().after(new Date())) { throw new ExpiredCredentialsException(); if (lockoutPolicyEnabled) { Date now = new Date(); if (credential.getLockoutReset() != null && now.before(credential.getLockoutReset())) { throw new TemporaryLockedAccountException(credential.getLockoutReset());
if (credential.getCredentialType().equals(CredentialType.PASSWORD)) { throw new KapuaExistingCredentialException(CredentialType.PASSWORD); credential = CredentialDAO.find(em, credential.getScopeId(), credential.getId()); credential.setCredentialKey(fullKey); break; case PASSWORD: default: credential.setCredentialKey(fullKey);
Credential credentialMatched = null; for (Credential c : credentialList.getItems()) { if (CredentialType.PASSWORD.equals(c.getCredentialType())) { credentialMatched = c; break; if (CredentialStatus.DISABLED.equals(credential.getStatus())) { throw new DisabledAccountException(); if (credential.getExpirationDate() != null && !credential.getExpirationDate().after(new Date())) { throw new ExpiredCredentialsException(); if (lockoutPolicyEnabled) { Date now = new Date(); if (credential.getLockoutReset() != null && now.before(credential.getLockoutReset())) { throw new TemporaryLockedAccountException(credential.getLockoutReset());
if (CredentialType.API_KEY.equals(infoCredential.getCredentialType())) { String fullApiKey = infoCredential.getCredentialKey();
@Override public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) { final String jwt = ((JwtCredentialsImpl) authenticationToken).getJwt(); if (jwt == null) { // we don't have a JWT return false; } // check for correct credentials type final Object credentialsValue = authenticationInfo.getCredentials(); if (!(credentialsValue instanceof Credential)) { return false; } // extract credentials final Credential credentials = (Credential) credentialsValue; // Match token with info if (!jwt.equals(credentials.getCredentialKey())) { return false; } try { // validate the JWT return this.jwtProcessor.validate(jwt); } catch (Exception e) { logger.error("Error while validating JWT credentials", e); } return false; }
AuthorizationService authorizationService = locator.getService(AuthorizationService.class); PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class); authorizationService.checkPermission(permissionFactory.newPermission(AuthenticationDomains.CREDENTIAL_DOMAIN, Actions.read, credential.getId()));
if (CredentialStatus.DISABLED.equals(credential.getStatus())) { throw new DisabledAccountException(); if (credential.getExpirationDate() != null && !credential.getExpirationDate().after(new Date())) { throw new ExpiredCredentialsException(); user = KapuaSecurityUtils.doPrivileged(() -> userService.find(credential.getScopeId(), credential.getUserId())); } catch (AuthenticationException ae) { throw ae; if (CredentialStatus.DISABLED.equals(credential.getStatus())) { throw new DisabledAccountException(); if (credential.getExpirationDate() != null && !credential.getExpirationDate().after(new Date())) { throw new ExpiredCredentialsException(); if (lockoutPolicyEnabled) { Date now = new Date(); if (credential.getLockoutReset() != null && now.before(credential.getLockoutReset())) { throw new TemporaryLockedAccountException(credential.getLockoutReset());
if (credential.getCredentialType().equals(CredentialType.PASSWORD)) { throw new KapuaExistingCredentialException(CredentialType.PASSWORD); credential = CredentialDAO.find(em, credential.getScopeId(), credential.getId()); credential.setCredentialKey(fullKey); break; case PASSWORD: default: credential.setCredentialKey(fullKey);
Credential credentialMatched = null; for (Credential c : credentialList.getItems()) { if (CredentialType.PASSWORD.equals(c.getCredentialType())) { credentialMatched = c; break; if (CredentialStatus.DISABLED.equals(credential.getStatus())) { throw new DisabledAccountException(); if (credential.getExpirationDate() != null && !credential.getExpirationDate().after(new Date())) { throw new ExpiredCredentialsException(); if (lockoutPolicyEnabled) { Date now = new Date(); if (credential.getLockoutReset() != null && now.before(credential.getLockoutReset())) { throw new TemporaryLockedAccountException(credential.getLockoutReset());
private void deleteCredentialByAccountId(KapuaId scopeId, KapuaId accountId) throws KapuaException { KapuaLocator locator = KapuaLocator.getInstance(); CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class); CredentialQuery query = credentialFactory.newQuery(accountId); CredentialListResult credentialsToDelete = query(query); for (Credential c : credentialsToDelete.getItems()) { delete(c.getScopeId(), c.getId()); } }
if (CredentialType.API_KEY.equals(infoCredential.getCredentialType())) { String fullApiKey = infoCredential.getCredentialKey();
@Override public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) { final String jwt = ((JwtCredentialsImpl) authenticationToken).getJwt(); if (jwt == null) { // we don't have a JWT return false; } // check for correct credentials type final Object credentialsValue = authenticationInfo.getCredentials(); if (!(credentialsValue instanceof Credential)) { return false; } // extract credentials final Credential credentials = (Credential) credentialsValue; // Match token with info if (!jwt.equals(credentials.getCredentialKey())) { return false; } try { // validate the JWT return this.jwtProcessor.validate(jwt); } catch (Exception e) { logger.error("Error while validating JWT credentials", e); } return false; }
AuthorizationService authorizationService = locator.getService(AuthorizationService.class); PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class); authorizationService.checkPermission(permissionFactory.newPermission(AuthenticationDomains.CREDENTIAL_DOMAIN, Actions.read, credential.getId()));
int resetAfterSeconds = (int)credentialServiceConfig.get("lockoutPolicy.resetAfter"); Date firstLoginFailure; boolean resetAttempts = failedCredential.getFirstLoginFailure() == null || now.after(failedCredential.getLoginFailuresReset()); if (resetAttempts) { firstLoginFailure = now; failedCredential.setLoginFailures(1); } else { firstLoginFailure = failedCredential.getFirstLoginFailure(); failedCredential.setLoginFailures(failedCredential.getLoginFailures() + 1); failedCredential.setFirstLoginFailure(firstLoginFailure); failedCredential.setLoginFailuresReset(loginFailureWindowExpiration); int maxLoginFailures = (int)credentialServiceConfig.get("lockoutPolicy.maxFailures"); if (failedCredential.getLoginFailures() >= maxLoginFailures) { long lockoutDuration = (int)credentialServiceConfig.get("lockoutPolicy.lockDuration"); Date resetDate = new Date(now.getTime() + (lockoutDuration * 1000)); failedCredential.setLockoutReset(resetDate); credential.setFirstLoginFailure(null); credential.setLoginFailuresReset(null); credential.setLockoutReset(null); credential.setLoginFailures(0); try { KapuaSecurityUtils.doPrivileged(() -> credentialService.update(credential));
@Override public Credential update(Credential credential) throws KapuaException { // // Argument Validation ArgumentValidator.notNull(credential, "credential"); ArgumentValidator.notNull(credential.getId(), "credential.id"); ArgumentValidator.notNull(credential.getScopeId(), "credential.scopeId"); ArgumentValidator.notNull(credential.getUserId(), "credential.userId"); ArgumentValidator.notNull(credential.getCredentialType(), "credential.credentialType"); ArgumentValidator.notEmptyOrNull(credential.getCredentialKey(), "credential.credentialKey"); // // Check access KapuaLocator locator = KapuaLocator.getInstance(); AuthorizationService authorizationService = locator.getService(AuthorizationService.class); PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class); authorizationService.checkPermission(permissionFactory.newPermission(AuthenticationDomains.CREDENTIAL_DOMAIN, Actions.write, credential.getScopeId())); return entityManagerSession.onTransactedResult(em -> { Credential currentCredential = CredentialDAO.find(em, credential.getScopeId(), credential.getId()); if (currentCredential == null) { throw new KapuaEntityNotFoundException(Credential.TYPE, credential.getId()); } if (currentCredential.getCredentialType() != credential.getCredentialType()) { throw new KapuaIllegalArgumentException("credentialType", credential.getCredentialType().toString()); } // Passing attributes?? return CredentialDAO.update(em, credential); }); }
private void deleteCredentialByUserId(KapuaId scopeId, KapuaId userId) throws KapuaException { KapuaLocator locator = KapuaLocator.getInstance(); CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class); CredentialQuery query = credentialFactory.newQuery(scopeId); query.setPredicate(new AttributePredicateImpl<>(CredentialAttributes.USER_ID, userId)); CredentialListResult credentialsToDelete = query(query); for (Credential c : credentialsToDelete.getItems()) { delete(c.getScopeId(), c.getId()); } }
@Override public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) { // // Token data UsernamePasswordCredentials token = (UsernamePasswordCredentials) authenticationToken; String tokenUsername = token.getUsername(); String tokenPassword = token.getPassword(); // // Info data LoginAuthenticationInfo info = (LoginAuthenticationInfo) authenticationInfo; User infoUser = (User) info.getPrincipals().getPrimaryPrincipal(); Credential infoCredential = (Credential) info.getCredentials(); // // Match token with info boolean credentialMatch = false; if (tokenUsername.equals(infoUser.getName()) && CredentialType.PASSWORD.equals(infoCredential.getCredentialType()) && BCrypt.checkpw(tokenPassword, infoCredential.getCredentialKey())) { credentialMatch = true; // FIXME: if true cache token password for authentication performance improvement } return credentialMatch; }