@Override public void handle(final AuthenticationResponse response) { if (response.getResult()) { if (maxPasswordAge >= 0) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute pwdLastSet = entry.getAttribute("pwdLastSet"); if (pwdLastSet != null) { final Calendar exp = pwdLastSet.getValue(new FileTimeValueTranscoder()); exp.setTimeInMillis(exp.getTimeInMillis() + maxPasswordAge); response.setAccountState(new ActiveDirectoryAccountState(exp)); } } } else { if (response.getMessage() != null) { final ActiveDirectoryAccountState.Error adError = ActiveDirectoryAccountState.Error.parse( response.getMessage()); if (adError != null) { response.setAccountState(new ActiveDirectoryAccountState(adError)); } } } } }
@Override public void handle(final AuthenticationResponse response) { final PasswordExpiringControl expiringControl = (PasswordExpiringControl) response.getControl( PasswordExpiringControl.OID); if (expiringControl != null) { if (expiringControl.getTimeBeforeExpiration() > 0) { final Calendar exp = Calendar.getInstance(); exp.add(Calendar.SECOND, expiringControl.getTimeBeforeExpiration()); response.setAccountState(new PasswordExpirationAccountState(exp)); } else { logger.warn("Received password expiring control with non-positive value: %s", expiringControl); } } if (response.getAccountState() == null) { final PasswordExpiredControl expiredControl = (PasswordExpiredControl) response.getControl( PasswordExpiredControl.OID); if (expiredControl != null) { response.setAccountState( new PasswordExpirationAccountState(PasswordExpirationAccountState.Error.PASSWORD_EXPIRED)); } } } }
@Override public String toString() { return String.format( "[%s@%d::authenticationResultCode=%s, resolvedDn=%s, ldapEntry=%s, accountState=%s, result=%s, " + "resultCode=%s, message=%s, controls=%s]", getClass().getName(), hashCode(), authenticationResultCode, resolvedDn, ldapEntry, accountState, getResult(), getResultCode(), getMessage(), Arrays.toString(getControls())); } }
response = authenticator.authenticate(request); log.trace("{} Authentication response {}", getLogPrefix(), response); if (response.getResult()) { log.info("{} Login by '{}' succeeded", getLogPrefix(), getUsernamePasswordContext().getUsername()); recordSuccess(profileRequestContext); authenticationContext.getSubcontext(LDAPResponseContext.class, true) .setAuthenticationResponse(response); if (response.getAccountState() != null) { final AccountState.Error error = response.getAccountState().getError(); handleWarning( profileRequestContext, authenticationContext, String.format("%s:%s:%s", error != null ? error : "ACCOUNT_WARNING", response.getResultCode(), response.getMessage()), AuthnEventIds.ACCOUNT_WARNING); authenticationContext.getSubcontext(LDAPResponseContext.class, true) .setAuthenticationResponse(response); if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode() || AuthenticationResultCode.INVALID_CREDENTIAL == response.getAuthenticationResultCode()) { handleError(profileRequestContext, authenticationContext, String.format("%s:%s", response.getAuthenticationResultCode(), response.getMessage()), AuthnEventIds.INVALID_CREDENTIALS); recordFailure(profileRequestContext, true); } else if (response.getAccountState() != null) { final AccountState state = response.getAccountState(); handleError(profileRequestContext, authenticationContext, String.format("%s:%s:%s", state.getError(), response.getResultCode(), response.getMessage()), AuthnEventIds.ACCOUNT_ERROR); recordFailure(profileRequestContext, true);
@Override protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential upc, final String originalPassword) throws GeneralSecurityException, PreventedException { val response = getLdapAuthenticationResponse(upc); LOGGER.debug("LDAP response: [{}]", response); if (!passwordPolicyHandlingStrategy.supports(response)) { LOGGER.warn("Authentication has failed because LDAP password policy handling strategy [{}] cannot handle [{}].", response, passwordPolicyHandlingStrategy.getClass().getSimpleName()); throw new FailedLoginException("Invalid credentials"); } LOGGER.debug("Attempting to examine and handle LDAP password policy via [{}]", passwordPolicyHandlingStrategy.getClass().getSimpleName()); val messageList = passwordPolicyHandlingStrategy.handle(response, getPasswordPolicyConfiguration()); if (response.getResult()) { LOGGER.debug("LDAP response returned a result. Creating the final LDAP principal"); val principal = createPrincipal(upc.getUsername(), response.getLdapEntry()); return createHandlerResult(upc, principal, messageList); } if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { LOGGER.warn("DN resolution failed. [{}]", response.getMessage()); throw new AccountNotFoundException(upc.getUsername() + " not found."); } throw new FailedLoginException("Invalid credentials"); }
final LdapEntry entry = response.getLdapEntry(); if (response.getResult()) { if (entry != null) { final SearchResultWriter writer; System.out.println(String.format("Authentication failed for %s", entry)); return response.getResultCode().value();
if (response.getResult()) { entry = response.getLdapEntry(); if (entry != null) { roles.addAll(LdapRole.toRoles(entry)); getCredentials(nameCb, passCb, true); response = auth.authenticate(authRequest); if (response.getResult()) { entry = response.getLdapEntry(); if (entry != null) { roles.addAll(LdapRole.toRoles(entry)); final String loginDn = response.getResolvedDn(); if (loginDn != null && setLdapDnPrincipal) { principals.add(new LdapDnPrincipal(loginDn, entry));
AuthenticationResponse response = authenticator.authenticate( new AuthenticationRequest(username, new Credential(password), ReturnAttributes.ALL_USER.value())); if (response.getResult()) { // authentication succeeded LdapEntry userEntry = response.getLdapEntry(); LOGGER.debug("Failed to authenticate user", response.getMessage()); emitter.onError(new BadCredentialsException(response.getMessage()));
@Override public void validate(final UsernamePasswordCredentials credentials, final WebContext context) { init(); final String username = credentials.getUsername(); CommonHelper.assertNotBlank(Pac4jConstants.USERNAME, username); final AuthenticationResponse response; try { logger.debug("Attempting LDAP authentication for: {}", credentials); final List<String> attributesToRead = defineAttributesToRead(); final AuthenticationRequest request = new AuthenticationRequest(username, new Credential(credentials.getPassword()), attributesToRead.toArray(new String[attributesToRead.size()])); response = this.ldapAuthenticator.authenticate(request); } catch (final LdapException e) { throw new TechnicalException("Unexpected LDAP error", e); } logger.debug("LDAP response: {}", response); if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final List<Map<String, Object>> listAttributes = new ArrayList<>(); listAttributes.add(getAttributesFromEntry(entry)); final LdapProfile profile = convertAttributesToProfile(listAttributes, username); credentials.setUserProfile(profile); return; } if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { throw new AccountNotFoundException(username + " not found"); } throw new BadCredentialsException("Invalid credentials for: " + username); }
LOGGER.debug("LDAP response: [{}]", response); if (response.getResult()) { val entry = response.getLdapEntry(); val profile = new CommonProfile(); profile.setId(username);
/** {@inheritDoc} */ @Override @Nonnull protected Subject populateSubject(@Nonnull final Subject subject) { subject.getPrincipals().add( new LdapPrincipal(getUsernamePasswordContext().getUsername(), response.getLdapEntry())); return super.populateSubject(subject); }
/** * Check for the presence of account state errors. * * @return true if account state errors exist */ public boolean hasAccountStateError() { final AccountState state = authenticationResponse.getAccountState(); return state != null ? state.getError() != null : false; }
if (response.getResult()) { logger.debug("LDAP response returned as result. Creating the final LDAP principal"); return createHandlerResult(upc, createPrincipal(upc.getUsername(), response.getLdapEntry()), messageList); if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { logger.warn("DN resolution failed. {}", response.getMessage()); throw new AccountNotFoundException(upc.getUsername() + " not found.");
final LdapEntry entry = response.getLdapEntry(); if (response.getResult()) { if (entry != null) { final SearchResultWriter writer; System.out.println(String.format("Authentication failed for %s", entry)); return response.getResultCode().value();
if (response.getResult()) { entry = response.getLdapEntry(); if (entry != null) { roles.addAll(LdapRole.toRoles(entry)); getCredentials(nameCb, passCb, true); response = auth.authenticate(authRequest); if (response.getResult()) { entry = response.getLdapEntry(); if (entry != null) { roles.addAll(LdapRole.toRoles(entry)); final String loginDn = response.getResolvedDn(); if (loginDn != null && setLdapDnPrincipal) { principals.add(new LdapDnPrincipal(loginDn, entry));
@Override protected void handleWarning( final AccountState.Warning warning, final AuthenticationResponse response, final LdapPasswordPolicyConfiguration configuration, final List<MessageDescriptor> messages) { if (StringUtils.isBlank(this.warningAttributeName)) { logger.debug("No warning attribute name is defined"); return; } if (StringUtils.isBlank(this.warningAttributeValue)) { logger.debug("No warning attribute value to match is defined"); return; } final LdapAttribute attribute = response.getLdapEntry().getAttribute(this.warningAttributeName); boolean matches = false; if (attribute != null) { logger.debug("Found warning attribute {} with value {}", attribute.getName(), attribute.getStringValue()); matches = this.warningAttributeValue.equals(attribute.getStringValue()); } logger.debug("matches={}, displayWarningOnMatch={}", matches, displayWarningOnMatch); if (displayWarningOnMatch == matches) { super.handleWarning(warning, response, configuration, messages); } } }
/** * Check for the presence of account state warnings. * * @return true if account state warnings exist */ public boolean hasAccountStateWarning() { final AccountState state = authenticationResponse.getAccountState(); return state != null ? state.getWarning() != null : false; }
@Override public void handle(final AuthenticationResponse response) if (response.getMessage() != null) { final EDirectoryAccountState.Error edError = EDirectoryAccountState.Error.parse(response.getMessage()); if (edError != null) { response.setAccountState(new EDirectoryAccountState(edError)); } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("passwordExpirationTime"); final LdapAttribute loginRemaining = entry.getAttribute("loginGraceRemaining"); warn.add(Calendar.HOUR_OF_DAY, -warningHours); if (now.after(warn)) { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); response.setAccountState(new EDirectoryAccountState(null, loginRemainingValue));
@Override public String toString() { return String.format( "[%s@%d::authenticationResultCode=%s, resolvedDn=%s, ldapEntry=%s, accountState=%s, result=%s, " + "resultCode=%s, message=%s, controls=%s]", getClass().getName(), hashCode(), authenticationResultCode, resolvedDn, ldapEntry, accountState, getResult(), getResultCode(), encodeCntrlChars ? LdapUtils.percentEncodeControlChars(getMessage()) : getMessage(), Arrays.toString(getControls())); } }
final LdapEntry entry = response.getLdapEntry(); if (response.getResult()) { if (entry != null) { SearchResultWriter writer; System.out.println(String.format("Authentication failed for %s", entry)); return response.getResultCode().value();