@Override public String toString() { return String.format( "[%s@%d::authenticationResultCode=%s, resolvedDn=%s, ldapEntry=%s, accountState=%s, result=%s, " + "resultCode=%s, message=%s, controls=%s]", getClass().getName(), hashCode(), authenticationResultCode, resolvedDn, ldapEntry, accountState, getResult(), getResultCode(), encodeCntrlChars ? LdapUtils.percentEncodeControlChars(getMessage()) : getMessage(), Arrays.toString(getControls())); } }
authenticationContext, String.format("%s:%s:%s", error != null ? error : "ACCOUNT_WARNING", response.getResultCode(), response.getMessage()), AuthnEventIds.ACCOUNT_WARNING); || AuthenticationResultCode.INVALID_CREDENTIAL == response.getAuthenticationResultCode()) { handleError(profileRequestContext, authenticationContext, String.format("%s:%s", response.getAuthenticationResultCode(), response.getMessage()), AuthnEventIds.INVALID_CREDENTIALS); recordFailure(profileRequestContext, true); final AccountState state = response.getAccountState(); handleError(profileRequestContext, authenticationContext, String.format("%s:%s:%s", state.getError(), response.getResultCode(), response.getMessage()), AuthnEventIds.ACCOUNT_ERROR); recordFailure(profileRequestContext, true); } else if (response.getResultCode() == ResultCode.INVALID_CREDENTIALS) { handleError(profileRequestContext, authenticationContext, String.format("%s:%s", response.getResultCode(), response.getMessage()), AuthnEventIds.INVALID_CREDENTIALS); recordFailure(profileRequestContext, true); } else { throw new LdapException(response.getMessage(), response.getResultCode(), response.getMatchedDn(), response.getControls(), response.getReferralURLs(), response.getMessageId());
@Override public String toString() { return String.format( "[%s@%d::authenticationResultCode=%s, resolvedDn=%s, ldapEntry=%s, accountState=%s, result=%s, " + "resultCode=%s, message=%s, controls=%s]", getClass().getName(), hashCode(), authenticationResultCode, resolvedDn, ldapEntry, accountState, getResult(), getResultCode(), encodeCntrlChars ? LdapUtils.percentEncodeControlChars(getMessage()) : getMessage(), Arrays.toString(getControls())); } }
@Override public String toString() { return String.format( "[%s@%d::authenticationResultCode=%s, resolvedDn=%s, ldapEntry=%s, accountState=%s, result=%s, " + "resultCode=%s, message=%s, controls=%s]", getClass().getName(), hashCode(), authenticationResultCode, resolvedDn, ldapEntry, accountState, getResult(), getResultCode(), getMessage(), Arrays.toString(getControls())); } }
@Override protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential upc, final String originalPassword) throws GeneralSecurityException, PreventedException { val response = getLdapAuthenticationResponse(upc); LOGGER.debug("LDAP response: [{}]", response); if (!passwordPolicyHandlingStrategy.supports(response)) { LOGGER.warn("Authentication has failed because LDAP password policy handling strategy [{}] cannot handle [{}].", response, passwordPolicyHandlingStrategy.getClass().getSimpleName()); throw new FailedLoginException("Invalid credentials"); } LOGGER.debug("Attempting to examine and handle LDAP password policy via [{}]", passwordPolicyHandlingStrategy.getClass().getSimpleName()); val messageList = passwordPolicyHandlingStrategy.handle(response, getPasswordPolicyConfiguration()); if (response.getResult()) { LOGGER.debug("LDAP response returned a result. Creating the final LDAP principal"); val principal = createPrincipal(upc.getUsername(), response.getLdapEntry()); return createHandlerResult(upc, principal, messageList); } if (AuthenticationResultCode.DN_RESOLUTION_FAILURE == response.getAuthenticationResultCode()) { LOGGER.warn("DN resolution failed. [{}]", response.getMessage()); throw new AccountNotFoundException(upc.getUsername() + " not found."); } throw new FailedLoginException("Invalid credentials"); }
@Override public void handle(final AuthenticationResponse response) { if (response.getResult()) { if (maxPasswordAge >= 0) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute pwdLastSet = entry.getAttribute("pwdLastSet"); if (pwdLastSet != null) { final Calendar exp = pwdLastSet.getValue(new FileTimeValueTranscoder()); exp.setTimeInMillis(exp.getTimeInMillis() + maxPasswordAge); response.setAccountState(new ActiveDirectoryAccountState(exp)); } } } else { if (response.getMessage() != null) { final ActiveDirectoryAccountState.Error adError = ActiveDirectoryAccountState.Error.parse( response.getMessage()); if (adError != null) { response.setAccountState(new ActiveDirectoryAccountState(adError)); } } } } }
@Override public void handle(final AuthenticationResponse response) if (response.getMessage() != null) { final EDirectoryAccountState.Error edError = EDirectoryAccountState.Error.parse(response.getMessage()); if (edError != null) { response.setAccountState(new EDirectoryAccountState(edError));
LOGGER.debug("Failed to authenticate user", response.getMessage()); emitter.onError(new BadCredentialsException(response.getMessage()));
logger.warn("DN resolution failed. {}", response.getMessage()); throw new AccountNotFoundException(upc.getUsername() + " not found.");
@Override public void handle(final AuthenticationResponse response) { if (response.getMessage() != null) { final EDirectoryAccountState.Error edError = EDirectoryAccountState.Error.parse(response.getMessage()); if (edError != null) { response.setAccountState(new EDirectoryAccountState(edError)); } } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("passwordExpirationTime"); final LdapAttribute loginRemaining = entry.getAttribute("loginGraceRemaining"); final int loginRemainingValue = loginRemaining != null ? Integer.parseInt(loginRemaining.getStringValue()) : 0; if (expTime != null) { final ZonedDateTime exp = expTime.getValue(new GeneralizedTimeValueTranscoder()); if (warningPeriod != null) { final ZonedDateTime warn = exp.minus(warningPeriod); if (ZonedDateTime.now().isAfter(warn)) { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else if (loginRemaining != null) { response.setAccountState(new EDirectoryAccountState(null, loginRemainingValue)); } } }
@Override public void handle(final AuthenticationResponse response) { if (response.getMessage() != null) { final EDirectoryAccountState.Error edError = EDirectoryAccountState.Error.parse(response.getMessage()); if (edError != null) { response.setAccountState(new EDirectoryAccountState(edError)); } } else if (response.getResult()) { final LdapEntry entry = response.getLdapEntry(); final LdapAttribute expTime = entry.getAttribute("passwordExpirationTime"); final LdapAttribute loginRemaining = entry.getAttribute("loginGraceRemaining"); final int loginRemainingValue = loginRemaining != null ? Integer.parseInt(loginRemaining.getStringValue()) : 0; if (expTime != null) { final ZonedDateTime exp = expTime.getValue(new GeneralizedTimeValueTranscoder()); if (warningPeriod != null) { final ZonedDateTime warn = exp.minus(warningPeriod); if (ZonedDateTime.now().isAfter(warn)) { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else { response.setAccountState(new EDirectoryAccountState(exp, loginRemainingValue)); } } else if (loginRemaining != null) { response.setAccountState(new EDirectoryAccountState(null, loginRemainingValue)); } } }
if (response.getMessage() != null) { final ActiveDirectoryAccountState.Error adError = ActiveDirectoryAccountState.Error.parse( response.getMessage()); if (adError != null) { response.setAccountState(new ActiveDirectoryAccountState(adError));
if (response.getMessage() != null) { final ActiveDirectoryAccountState.Error adError = ActiveDirectoryAccountState.Error.parse( response.getMessage()); if (adError != null) { response.setAccountState(new ActiveDirectoryAccountState(adError));
final FreeIPAAccountState.Error fError = FreeIPAAccountState.Error.parse( response.getResultCode(), response.getMessage()); if (fError != null) { response.setAccountState(new FreeIPAAccountState(fError));
final FreeIPAAccountState.Error fError = FreeIPAAccountState.Error.parse( response.getResultCode(), response.getMessage()); if (fError != null) { response.setAccountState(new FreeIPAAccountState(fError));