org.apache.directory.api.ldap.model.exception.LdapAuthenticationException Java Examples

The following examples show how to use org.apache.directory.api.ldap.model.exception.LdapAuthenticationException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: LdapNetworkConnection.java    From directory-ldap-api with Apache License 2.0 6 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public BindFuture bindAsync( String name, String credentials ) throws LdapException
{
    if ( LOG.isDebugEnabled() )
    {
        LOG.debug( I18n.msg( I18n.MSG_04102_BIND_REQUEST, name ) );
    }

    // The password must not be empty or null
    if ( Strings.isEmpty( credentials ) && Strings.isNotEmpty( name ) )
    {
        if ( LOG.isDebugEnabled() )
        {
            LOG.debug( I18n.msg( I18n.MSG_04105_MISSING_PASSWORD ) );
        }
        
        throw new LdapAuthenticationException( I18n.msg( I18n.MSG_04105_MISSING_PASSWORD ) );
    }

    // Create the BindRequest
    BindRequest bindRequest = createBindRequest( name, Strings.getBytesUtf8( credentials ) );

    return bindAsync( bindRequest );
}
 
Example #2
Source File: LdapNetworkConnection.java    From directory-ldap-api with Apache License 2.0 6 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public BindFuture bindAsync( Dn name, String credentials ) throws LdapException
{
    if ( LOG.isDebugEnabled() )
    {
        LOG.debug( I18n.msg( I18n.MSG_04102_BIND_REQUEST, name ) );
    }

    // The password must not be empty or null
    if ( Strings.isEmpty( credentials ) && ( !Dn.EMPTY_DN.equals( name ) ) )
    {
        if ( LOG.isDebugEnabled() )
        {
            LOG.debug( I18n.msg( I18n.MSG_04105_MISSING_PASSWORD ) );
        }
        
        throw new LdapAuthenticationException( I18n.msg( I18n.MSG_04105_MISSING_PASSWORD ) );
    }

    // Create the BindRequest
    BindRequest bindRequest = createBindRequest( name, Strings.getBytesUtf8( credentials ) );

    return bindAsync( bindRequest );
}
 
Example #3
Source File: IAMAccountPasswordValidator.java    From aws-iam-ldap-bridge with Apache License 2.0 5 votes vote down vote up
@Override
public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException {
    try {
        LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>",
                "user", user.get("uid").getString());
        HttpClient client = new SystemDefaultHttpClient();
        HttpPost post = new HttpPost("https://signin.aws.amazon.com/oauth");
        post.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36");
        post.setHeader("Referer", "https://signin.aws.amazon.com/oauth");
        List<NameValuePair> urlParameters = new ArrayList<NameValuePair>();
        urlParameters.add(new BasicNameValuePair("client_id", "arn:aws:iam::015428540659:user/homepage"));
        urlParameters.add(new BasicNameValuePair("isIAMUser", "1"));
        urlParameters.add(new BasicNameValuePair("account", user.get("accountNumber").getString()));
        urlParameters.add(new BasicNameValuePair("username", user.get("uid").getString()));
        urlParameters.add(new BasicNameValuePair("password", pw));
        urlParameters.add(new BasicNameValuePair("Action", "login"));
        urlParameters.add(new BasicNameValuePair("redirect_uri", "https://console.aws.amazon.com/console/home?state=hashArgs%23&isauthcode=true"));
        urlParameters.add(new BasicNameValuePair("forceMobileApp", ""));
        urlParameters.add(new BasicNameValuePair("forceMobileLayout", ""));
        urlParameters.add(new BasicNameValuePair("mfaLoginFailure", ""));
        urlParameters.add(new BasicNameValuePair("RemainingExpiryPeriod", ""));
        urlParameters.add(new BasicNameValuePair("mfacode", ""));
        urlParameters.add(new BasicNameValuePair("next_mfacode", ""));
        post.setEntity(new UrlEncodedFormEntity(urlParameters, Charset.forName("UTF-8")));

        HttpResponse response = client.execute(post);
        return containsHeaders(response, "aws-account-alias", "aws-creds");
    } catch (IOException e) {
        LOG.error("Exception validating password for " + user.get("uid").getString(), e);
        return false;
    } catch (RuntimeException t) {
        LOG.error("Exception validating password for " + user.get("uid").getString(), t);
        throw t;
    }
}
 
Example #4
Source File: IAMDualValidator.java    From aws-iam-ldap-bridge with Apache License 2.0 5 votes vote down vote up
@Override
public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException {
    for (_IAMPasswordValidator v : this.validators) {
        LOG.debug("Dual Validator: trying {} for {}", v.getClass().getName(), user.get("uid").toString());
        if (v.verifyIAMPassword(user, pw)) {
            return true;
        }
    }
    return false;
}
 
Example #5
Source File: AWSIAMAuthenticator.java    From aws-iam-ldap-bridge with Apache License 2.0 4 votes vote down vote up
@Override
public LdapPrincipal authenticate(BindOperationContext bindContext) throws Exception {
    if (!isAWSAccount(bindContext) || disabled) {
        LOG.debug("Skipping " + bindContext.getDn() + " - not an AWS account");
        if (delegatedAuth == null) {
            LOG.error("Delegated auth is null");
            return null;
        }
        return delegatedAuth.authenticate(bindContext);
    }

    LOG.debug("Authenticating " + bindContext.getDn());

    byte[] password = bindContext.getCredentials();

    LookupOperationContext lookupContext = new LookupOperationContext( getDirectoryService().getAdminSession(),
            bindContext.getDn(), SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES);

    Entry userEntry = getDirectoryService().getPartitionNexus().lookup( lookupContext );

    if (validator.verifyIAMPassword(userEntry, new String(password))) {
        LdapPrincipal principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindContext.getDn(),
                AuthenticationLevel.SIMPLE, password);
        IoSession session = bindContext.getIoSession();

        if ( session != null )
        {
            SocketAddress clientAddress = session.getRemoteAddress();
            principal.setClientAddress( clientAddress );
            SocketAddress serverAddress = session.getServiceAddress();
            principal.setServerAddress( serverAddress );
        }

        bindContext.setEntry( new ClonedServerEntry( userEntry ) );
        return principal;
    } else {
        // Bad password ...
        String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() );
        LOG.info( message );
        throw new LdapAuthenticationException( message );
    }
}
 
Example #6
Source File: _IAMPasswordValidator.java    From aws-iam-ldap-bridge with Apache License 2.0 votes vote down vote up
boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException;