Skip to content

Commit

Permalink
Fixup - Refactored AuthenticatinRealm.doGetAuthenticationInfo of Realms
Browse files Browse the repository at this point in the history 
Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
  • Loading branch information
@Coduz
Coduz committed Nov 3, 2021
1 parent 293f3ce commit c5498bf
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 69 deletions.
70 changes: 18 additions & 52 deletions .../org/eclipse/kapua/service/authentication/shiro/realm/AccessTokenAuthenticatingRealm.java
View file
Expand Up @@ -12,68 +12,62 @@
*******************************************************************************/
package org.eclipse.kapua.service.authentication.shiro.realm;

import java.util.Date;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.ShiroException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.subject.Subject;

import org.eclipse.kapua.KapuaException;
import org.eclipse.kapua.commons.security.KapuaSecurityUtils;
import org.eclipse.kapua.commons.security.KapuaSession;
import org.eclipse.kapua.locator.KapuaLocator;
import org.eclipse.kapua.model.query.predicate.AndPredicate;
import org.eclipse.kapua.model.query.predicate.AttributePredicate.Operator;
import org.eclipse.kapua.service.account.Account;
import org.eclipse.kapua.service.account.AccountService;
import org.eclipse.kapua.service.authentication.AccessTokenCredentials;
import org.eclipse.kapua.service.authentication.shiro.AccessTokenCredentialsImpl;
import org.eclipse.kapua.service.authentication.shiro.exceptions.ExpiredAccountException;
import org.eclipse.kapua.service.authentication.token.AccessToken;
import org.eclipse.kapua.service.authentication.token.AccessTokenAttributes;
import org.eclipse.kapua.service.authentication.token.AccessTokenFactory;
import org.eclipse.kapua.service.authentication.token.AccessTokenQuery;
import org.eclipse.kapua.service.authentication.token.AccessTokenService;
import org.eclipse.kapua.service.user.User;
import org.eclipse.kapua.service.user.UserService;
import org.eclipse.kapua.service.user.UserStatus;

import java.util.Date;

/**
* {@link AccessTokenCredentials} based {@link AuthenticatingRealm} implementation.
* <p>
* since 1.0
*
* @since 1.0.0
*/
public class AccessTokenAuthenticatingRealm extends AuthenticatingRealm {
public class AccessTokenAuthenticatingRealm extends KapuaAuthenticatingRealm {

/**
* Realm name
* Realm name.
*/
public static final String REALM_NAME = "accessTokenAuthenticatingRealm";

private static final KapuaLocator LOCATOR = KapuaLocator.getInstance();

private static final AccessTokenService ACCESS_TOKEN_SERVICE = LOCATOR.getService(AccessTokenService.class);
private static final AccessTokenFactory ACCESS_TOKEN_FACTORY = LOCATOR.getFactory(AccessTokenFactory.class);
private static final AccountService ACCOUNT_SERVICE = LOCATOR.getService(AccountService.class);
private static final UserService USER_SERVICE = LOCATOR.getService(UserService.class);

/**
* Constructor
*
* @throws KapuaException
* @since 1.0.0
*/
public AccessTokenAuthenticatingRealm() throws KapuaException {
public AccessTokenAuthenticatingRealm() {
setName(REALM_NAME);

// Credential matcher for access tokens
setCredentialsMatcher(new AccessTokenCredentialsMatcher());
CredentialsMatcher credentialsMatcher = new AccessTokenCredentialsMatcher();
setCredentialsMatcher(credentialsMatcher);
}

@Override
Expand Down Expand Up @@ -101,7 +95,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
} catch (AuthenticationException ae) {
throw ae;
} catch (Exception e) {
throw new ShiroException("Error while find access token!", e);
throw new ShiroException("Unexpected error while looking for the access token!", e);
}

// Check existence
Expand All @@ -123,44 +117,16 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
} catch (AuthenticationException ae) {
throw ae;
} catch (Exception e) {
throw new ShiroException("Error while find user!", e);
}

// Check existence
if (user == null) {
throw new UnknownAccountException();
}

// Check disabled
if (UserStatus.DISABLED.equals(user.getStatus())) {
throw new DisabledAccountException();
}

// Check if expired
if (user.getExpirationDate() != null && !user.getExpirationDate().after(now)) {
throw new ExpiredCredentialsException();
throw new ShiroException("Unexpected error while looking for the user!", e);
}

//
// Find account
final Account account;
try {
account = KapuaSecurityUtils.doPrivileged(() -> ACCOUNT_SERVICE.find(user.getScopeId()));
} catch (AuthenticationException ae) {
throw ae;
} catch (Exception e) {
throw new ShiroException("Error while find account!", e);
}
// Check user
checkUser(user);

// Check existence
if (account == null) {
throw new UnknownAccountException();
}

// Check account expired
if (account.getExpirationDate() != null && !account.getExpirationDate().after(now)) {
throw new ExpiredAccountException(account.getExpirationDate());
}
//
// Check account
Account account = checkAccount(user.getScopeId());

//
// BuildAuthenticationInfo
Expand Down
7 changes: 3 additions & 4 deletions .../java/org/eclipse/kapua/service/authentication/shiro/realm/ApiKeyAuthenticatingRealm.java
View file
Expand Up @@ -82,7 +82,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
userService = LOCATOR.getService(UserService.class);
credentialService = LOCATOR.getService(CredentialService.class);
} catch (KapuaRuntimeException kre) {
throw new ShiroException("Error while getting services!", kre);
throw new ShiroException("Unexpected error while loading KapuaServices!", kre);
}

//
Expand All @@ -95,8 +95,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
} catch (KapuaIllegalArgumentException ae) {
LOG.warn("The given Api Key is not valid. Subsequent UnknownAccountException expected! Given ApiKey: {}", tokenApiKey);
} catch (Exception e) {

throw new ShiroException("Error while find credentials!", e);
throw new ShiroException("Unexpected error while looking for the credentials!", e);
}

//
Expand All @@ -120,7 +119,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
} catch (AuthenticationException ae) {
throw ae;
} catch (Exception e) {
throw new ShiroException("Error while find user!", e);
throw new ShiroException("Unexpected error while looking for the user!", e);
}

//
Expand Down
8 changes: 4 additions & 4 deletions ...ain/java/org/eclipse/kapua/service/authentication/shiro/realm/JwtAuthenticatingRealm.java
View file
Expand Up @@ -75,7 +75,7 @@ protected void onInit() {
jwtProcessor = JwtProcessors.createDefault();
setCredentialsMatcher(new JwtCredentialsMatcher(jwtProcessor));
} catch (OpenIDException se) {
throw new ShiroException("Error while creating Jwt Processor!", se);
throw new ShiroException("Unexpected error while creating Jwt Processor!", se);
}
}

Expand All @@ -102,7 +102,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
locator = KapuaLocator.getInstance();
userService = locator.getService(UserService.class);
} catch (KapuaRuntimeException kre) {
throw new ShiroException("Error while getting services!", kre);
throw new ShiroException("Unexpected error while loading KapuaServices!", kre);
}

String id = extractExternalId(idToken);
Expand All @@ -116,7 +116,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
} catch (AuthenticationException ae) {
throw ae;
} catch (Exception e) {
throw new ShiroException("Error looking up the user", e);
throw new ShiroException("Unexpected error while looking for the user", e);
}

//
Expand Down Expand Up @@ -151,7 +151,7 @@ private String extractExternalId(String jwt) {
try {
final JwtContext ctx = jwtProcessor.process(jwt);
id = ctx.getJwtClaims().getClaimValueAsString(jwtProcessor.getExternalIdClaimName());
} catch (final Exception e) {
} catch (Exception e) {
throw new ShiroException("Failed to parse JWT", e);
}

Expand Down
6 changes: 3 additions & 3 deletions ...n/java/org/eclipse/kapua/service/authentication/shiro/realm/KapuaAuthenticatingRealm.java
View file
Expand Up @@ -93,7 +93,7 @@ protected Account checkAccount(KapuaId accountId) {
} catch (AuthenticationException ae) {
throw ae;
} catch (Exception e) {
throw new ShiroException("Internal error while looking for the account!", e);
throw new ShiroException("Unexpected error while looking for the account!", e);
}

// Check existence
Expand Down Expand Up @@ -177,7 +177,7 @@ protected Map<String, Object> getCredentialServiceConfig(KapuaId scopeId) {
CredentialService credentialService = LOCATOR.getService(CredentialService.class);
return KapuaSecurityUtils.doPrivileged(() -> credentialService.getConfigValues(scopeId));
} catch (KapuaException e) {
throw new ShiroException("Error while find credentials!", e);
throw new ShiroException("Unexpected error while looking for the CredentialService!", e);
}
}

Expand All @@ -198,7 +198,7 @@ protected void resetCredentialLockout(Credential credential) {
try {
KapuaSecurityUtils.doPrivileged(() -> credentialService.update(credential));
} catch (KapuaException kex) {
throw new ShiroException("Error while updating lockout policy", kex);
throw new ShiroException("Unexpected error while looking for the lockout policy", kex);
}
}

Expand Down
12 changes: 6 additions & 6 deletions ...ava/org/eclipse/kapua/service/authentication/shiro/realm/UserPassAuthenticatingRealm.java
View file
Expand Up @@ -87,7 +87,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
userService = LOCATOR.getService(UserService.class);
credentialService = LOCATOR.getService(CredentialService.class);
} catch (KapuaRuntimeException kre) {
throw new ShiroException("Error while getting services!", kre);
throw new ShiroException("Unexpected error while loading KapuaServices!", kre);
}

//
Expand All @@ -98,7 +98,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
} catch (AuthenticationException ae) {
throw ae;
} catch (Exception e) {
throw new ShiroException("Error while find user!", e);
throw new ShiroException("Unexpected error while looking for the user!", e);
}

//
Expand All @@ -124,7 +124,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
} catch (AuthenticationException ae) {
throw ae;
} catch (Exception e) {
throw new ShiroException("Error while find credentials!", e);
throw new ShiroException("Unexpected error while looking for the credentials!", e);
}

//
Expand Down Expand Up @@ -164,8 +164,8 @@ protected void assertCredentialsMatch(AuthenticationToken authcToken, Authentica
hasMfa = true;
}
} catch (KapuaException e) {
LOG.warn("Error while finding User. Error: {}", e.getMessage());
throw new ShiroException("Error while finding user!", e);
LOG.warn("Unexpected error while looking for the User. Error: {}", e.getMessage());
throw new ShiroException("Unexpected error while looking for the user!", e);
}

try {
Expand Down Expand Up @@ -218,7 +218,7 @@ protected void assertCredentialsMatch(AuthenticationToken authcToken, Authentica
credentialService.update(failedCredential);
});
} catch (KapuaException kex) {
throw new ShiroException("Error while updating lockout policy", kex);
throw new ShiroException("Unexpected error while updating the lockout policy", kex);
}
throw authenticationEx;
}
Expand Down

0 comments on commit c5498bf

Please sign in to comment.