throw new LoginException("Authentication failed"); } else { logger.warn("Public key authentication failed for user {}: {}", user, e.getMessage(), e); throw new LoginException("Public key authentication failed for user " + user + ": " + e.getMessage());
throw new LoginException("Authentication failed"); } else { logger.warn("Public key authentication failed for user {}: {}", user, e.getMessage(), e); throw new LoginException("Public key authentication failed for user " + user + ": " + e.getMessage());
@Override public void authenticate(Set<Object> publicCredentials, Set<Object> privateCredentials, Set<Principal> identifiedPrincipals) throws AuthenticationException { Optional<PasswordCredential> password = findFirst(privateCredentials, PasswordCredential.class::isInstance).map(PasswordCredential.class::cast); checkAuthentication(password.isPresent(), "no login name"); Subject subject = new Subject(); LdapLoginModule loginModule = new LdapLoginModule(); Map<String, Object> loginOptions = ImmutableMap.<String, Object>builder() .put(USERNAME_KEY, password.get().getUsername()) .put(PASSWORD_KEY, password.get().getPassword().toCharArray()) .build(); loginModule.initialize(subject, null, loginOptions, globalLoginOptions); try { loginModule.login(); loginModule.commit(); subject.getPrincipals(UserPrincipal.class).stream() .map(Principal::getName) .map(UserNamePrincipal::new) .forEach(identifiedPrincipals::add); tryToLogout(loginModule); } catch (FailedLoginException e) { tryToAbortLogin(loginModule); throw new AuthenticationException(e.getMessage(), e); } catch (LoginException e) { tryToAbortLogin(loginModule); LOGGER.warn("LDAP login failed: {}", e.getMessage()); throw new AuthenticationException(e.getMessage(), e); } }
@Test public void testLoginMaskedPasswordUnauthenticated() throws LoginException { LoginContext context = new LoginContext("LDAPLoginMaskedPassword", callbacks -> { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { ((NameCallback) callbacks[i]).setName("first"); } else if (callbacks[i] instanceof PasswordCallback) { ((PasswordCallback) callbacks[i]).setPassword("nosecret".toCharArray()); } else { throw new UnsupportedCallbackException(callbacks[i]); } } }); try { context.login(); } catch (FailedLoginException le) { assertEquals(le.getMessage(), "Password does not match for user: first"); return; } fail("Should have failed authenticating"); }
@Test public void testLoginExternalCodecUnauthenticated() throws LoginException { LoginContext context = new LoginContext("LDAPLoginExternalPasswordCodec", callbacks -> { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { ((NameCallback) callbacks[i]).setName("first"); } else if (callbacks[i] instanceof PasswordCallback) { ((PasswordCallback) callbacks[i]).setPassword("nosecret".toCharArray()); } else { throw new UnsupportedCallbackException(callbacks[i]); } } }); try { context.login(); } catch (FailedLoginException le) { assertEquals(le.getMessage(), "Password does not match for user: first"); return; } fail("Should have failed authenticating"); } }
@Test public void testEmptyPassword() throws Exception { LoginContext context = new LoginContext("LDAPLogin", new CallbackHandler() { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { ((NameCallback) callbacks[i]).setName("first"); } else if (callbacks[i] instanceof PasswordCallback) { ((PasswordCallback) callbacks[i]).setPassword("".toCharArray()); } else { throw new UnsupportedCallbackException(callbacks[i]); } } } }); try { context.login(); fail("Should have thrown a FailedLoginException"); } catch (FailedLoginException fle) { assertEquals("Password cannot be null or empty", fle.getMessage()); } context.logout(); }
@Test public void testNullPassword() throws Exception { LoginContext context = new LoginContext("LDAPLogin", new CallbackHandler() { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { ((NameCallback) callbacks[i]).setName("first"); } else if (callbacks[i] instanceof PasswordCallback) { ((PasswordCallback) callbacks[i]).setPassword(null); } else { throw new UnsupportedCallbackException(callbacks[i]); } } } }); try { context.login(); fail("Should have thrown a FailedLoginException"); } catch (FailedLoginException fle) { assertEquals("Password cannot be null or empty", fle.getMessage()); } context.logout(); }