@Override public void authenticate(AuthenticationFlowContext context) { if (!isConfigured(context.getSession(), context.getRealm(), context.getUser())) { if (context.getExecution().isOptional()) { context.attempted(); } else if (context.getExecution().isRequired()) { context.getEvent().error(Errors.INVALID_USER_CREDENTIALS); Response challengeResponse = errorResponse( Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials"); context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse); } return; } String otp = retrieveOTP(context); if (otp == null) { if (context.getUser() != null) { context.getEvent().user(context.getUser()); } context.getEvent().error(Errors.INVALID_USER_CREDENTIALS); Response challengeResponse = errorResponse( Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials"); context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse); return; } boolean valid = context .getSession() .userCredentialManager() .isValid( context.getRealm(), context.getUser(), UserCredentialModel.otp(context.getRealm().getOTPPolicy().getType(), otp)); if (!valid) { context.getEvent().user(context.getUser()); context.getEvent().error(Errors.INVALID_USER_CREDENTIALS); Response challengeResponse = errorResponse( Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant", "Invalid user credentials"); context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse); return; } context.success(); }
public KeystoneAccess createToken(KeystoneAuthCredentials credentials) throws KeystoneServerException, KeystoneConnectionException, KeystoneUnauthorizedException { Client client = Client.create(clientConfig); WebResource resource = client.resource(getTokensUrl()); try { return resource .type(MediaType.APPLICATION_JSON) .accept(MediaType.APPLICATION_JSON) .post(KeystoneAccess.class, credentials); } catch (UniformInterfaceException e) { if (e.getResponse().getStatus() == Response.Status.BAD_REQUEST.getStatusCode()) { String err = "Keystone v2 login credentials invalid " + credentials.toString(); log.warn(err); throw new KeystoneUnauthorizedException(err, e); } else if (e.getResponse().getStatus() == Response.Status.UNAUTHORIZED.getStatusCode()) { String err = "Keystone v2 login credentials not found " + credentials.toString(); log.warn(err, credentials); throw new KeystoneUnauthorizedException(err, e); } else { throw new KeystoneServerException("Keystone server error", e, e.getResponse().getStatus()); } } catch (ClientHandlerException e) { throw new KeystoneConnectionException( "Could not connect to Keystone server. Uri=" + resource.getURI(), e); } }
@PUT @Path("device/{deviceId}/policy") public Response updatePolicy( @PathParam("deviceId") String deviceId, @QueryParam("protocol") String protocol, @FormParam("policy") String policy) { String protocolString = protocol.toUpperCase(); if (log.isDebugEnabled()) { log.debug( "Sending request to update-policy of device [" + deviceId + "] via " + protocolString); } try { if (!APIUtil.getDeviceAccessAuthorizationService() .isUserAuthorized( new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_MANAGE_POLICIES_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } PrivateKey serverPrivateKey = VirtualFirealarmSecurityManager.getServerPrivateKey(); String actualMessage = VirtualFireAlarmConstants.POLICY_CONTEXT + ":" + policy; String encryptedMsg = VirtualFireAlarmServiceUtils.prepareSecurePayLoad(actualMessage, serverPrivateKey); Map<String, String> dynamicProperties = new HashMap<>(); switch (protocolString) { case XMPP_PROTOCOL: dynamicProperties.put( VirtualFireAlarmConstants.JID_PROPERTY_KEY, deviceId + "@" + XmppConfig.getInstance().getServerName()); dynamicProperties.put(VirtualFireAlarmConstants.SUBJECT_PROPERTY_KEY, "POLICTY-REQUEST"); dynamicProperties.put( VirtualFireAlarmConstants.MESSAGE_TYPE_PROPERTY_KEY, VirtualFireAlarmConstants.CHAT_PROPERTY_KEY); APIUtil.getOutputEventAdapterService() .publish( VirtualFireAlarmConstants.XMPP_ADAPTER_NAME, dynamicProperties, encryptedMsg); break; default: String publishTopic = APIUtil.getTenantDomainOftheUser() + "/" + VirtualFireAlarmConstants.DEVICE_TYPE + "/" + deviceId; dynamicProperties.put(VirtualFireAlarmConstants.ADAPTER_TOPIC_PROPERTY, publishTopic); APIUtil.getOutputEventAdapterService() .publish( VirtualFireAlarmConstants.MQTT_ADAPTER_NAME, dynamicProperties, encryptedMsg); break; } return Response.ok().build(); } catch (DeviceAccessAuthorizationException e) { log.error(e.getErrorMessage(), e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } catch (VirtualFireAlarmException e) { log.error(e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } }
@Test public void testErrorChangeUserInfo() { final JSONObject jsonObject = new JSONObject(); jsonObject.put("login", faker.name().firstName()); jsonObject.put("password", faker.name().lastName()); jsonObject.put("email", faker.internet().emailAddress()); jsonObject.put("imgData", ""); final Response json = target("user") .path("1") .request(MediaType.APPLICATION_JSON) .post(Entity.json(jsonObject.toString())); assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), json.getStatus()); }
/** * Authenticates a user session. * * @param req The HTTP request. * @param creds The credentials with which to authenticate. * @return The authenticated user or null if authentication fails. * @throws WebApplicationException If the user is not authenticated. */ @POST @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) @Description("Authenticates a user session.") @Path("/login") public PrincipalUserDto login(@Context HttpServletRequest req, final CredentialsDto creds) { try { PrincipalUserDto result = null; PrincipalUser user = authService.getUser(creds.getUsername(), creds.getPassword()); if (user != null) { result = PrincipalUserDto.transformToDto(user); } else { throw new WebApplicationException( Response.Status.UNAUTHORIZED.getReasonPhrase(), Response.Status.UNAUTHORIZED); } req.getSession(true).setAttribute(AuthFilter.USER_ATTRIBUTE_NAME, result); return result; } catch (Exception ex) { throw new WebApplicationException( Response.Status.UNAUTHORIZED.getReasonPhrase(), Response.Status.UNAUTHORIZED); } }
@Path("device/stats/{deviceId}") @GET @Consumes("application/json") @Produces("application/json") public Response getVirtualFirealarmStats( @PathParam("deviceId") String deviceId, @QueryParam("from") long from, @QueryParam("to") long to) { String fromDate = String.valueOf(from); String toDate = String.valueOf(to); String query = "deviceId:" + deviceId + " AND deviceType:" + VirtualFireAlarmConstants.DEVICE_TYPE + " AND time : [" + fromDate + " TO " + toDate + "]"; String sensorTableName = VirtualFireAlarmConstants.TEMPERATURE_EVENT_TABLE; try { if (!APIUtil.getDeviceAccessAuthorizationService() .isUserAuthorized( new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_STATS_MONITOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } List<SortByField> sortByFields = new ArrayList<>(); SortByField sortByField = new SortByField("time", SORT.ASC, false); sortByFields.add(sortByField); List<SensorRecord> sensorRecords = APIUtil.getAllEventsForDevice(sensorTableName, query, sortByFields); return Response.status(Response.Status.OK.getStatusCode()).entity(sensorRecords).build(); } catch (AnalyticsException e) { String errorMsg = "Error on retrieving stats on table " + sensorTableName + " with query " + query; log.error(errorMsg); return Response.status(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()) .entity(errorMsg) .build(); } catch (DeviceAccessAuthorizationException e) { log.error(e.getErrorMessage(), e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } }
@SuppressWarnings("unchecked") @Test public void testGetAllHidden() { // invalid request Response response = service.getAllHidden(null); assertNotNull(response); assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus()); // invalid request response = service.getAllHidden(new RequestBean<Object>(null, null)); assertNotNull(response); assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus()); // invalid request response = service.getAllHidden(new RequestBean<Object>(new CredentialsBean(), null)); assertNotNull(response); assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus()); // valid request but unauthorized response = service.getAllHidden( new RequestBean<Object>(new CredentialsBean("admin", "password"), null)); assertNotNull(response); assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), response.getStatus()); // valid request response = service.getAllHidden( new RequestBean<Object>(new CredentialsBean("manager", "password"), null)); assertNotNull(response); assertEquals(Response.Status.OK.getStatusCode(), response.getStatus()); List<MenuItemBean> menuItems = (ArrayList<MenuItemBean>) response.getEntity(); assertNotNull(menuItems); assertEquals(1, menuItems.size()); }
@Test public void testErrorCheckAuth() { final Response json = target("session").request(MediaType.APPLICATION_JSON).get(); assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), json.getStatus()); }
@Test public void testErrorGetUserById() { final Response json = target("user").path("1000").request(MediaType.APPLICATION_JSON).get(); assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), json.getStatus()); }
public String requestString( int timeout, String url, String method, Object body, Pair<String, ?>... parameters) throws IOException, ServerException, ForbiddenException, NotFoundException, UnauthorizedException, ConflictException { final String authToken = getAuthenticationToken(); if ((parameters != null && parameters.length > 0) || authToken != null) { final UriBuilder ub = UriBuilder.fromUri(url); // remove sensitive information from url. ub.replaceQueryParam("token", null); if (parameters != null && parameters.length > 0) { for (Pair<String, ?> parameter : parameters) { String name = URLEncoder.encode(parameter.first, "UTF-8"); String value = parameter.second == null ? null : URLEncoder.encode(String.valueOf(parameter.second), "UTF-8"); ub.replaceQueryParam(name, value); } } url = ub.build().toString(); } final HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection(); conn.setConnectTimeout(timeout > 0 ? timeout : 60000); conn.setReadTimeout(timeout > 0 ? timeout : 60000); try { conn.setRequestMethod(method); // drop a hint for server side that we want to receive application/json conn.addRequestProperty(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON); if (authToken != null) { conn.setRequestProperty(HttpHeaders.AUTHORIZATION, authToken); } if (body != null) { conn.addRequestProperty(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON); conn.setDoOutput(true); if (HttpMethod.DELETE.equals( method)) { // to avoid jdk bug described here // http://bugs.java.com/view_bug.do?bug_id=7157360 conn.setRequestMethod(HttpMethod.POST); conn.setRequestProperty("X-HTTP-Method-Override", HttpMethod.DELETE); } try (OutputStream output = conn.getOutputStream()) { output.write(DtoFactory.getInstance().toJson(body).getBytes()); } } final int responseCode = conn.getResponseCode(); if ((responseCode / 100) != 2) { InputStream in = conn.getErrorStream(); if (in == null) { in = conn.getInputStream(); } final String str; try (Reader reader = new InputStreamReader(in)) { str = CharStreams.toString(reader); } final String contentType = conn.getContentType(); if (contentType != null && contentType.startsWith(MediaType.APPLICATION_JSON)) { final ServiceError serviceError = DtoFactory.getInstance().createDtoFromJson(str, ServiceError.class); if (serviceError.getMessage() != null) { if (responseCode == Response.Status.FORBIDDEN.getStatusCode()) { throw new ForbiddenException(serviceError); } else if (responseCode == Response.Status.NOT_FOUND.getStatusCode()) { throw new NotFoundException(serviceError); } else if (responseCode == Response.Status.UNAUTHORIZED.getStatusCode()) { throw new UnauthorizedException(serviceError); } else if (responseCode == Response.Status.CONFLICT.getStatusCode()) { throw new ConflictException(serviceError); } else if (responseCode == Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()) { throw new ServerException(serviceError); } throw new ServerException(serviceError); } } // Can't parse content as json or content has format other we expect for error. throw new IOException( String.format( "Failed access: %s, method: %s, response code: %d, message: %s", UriBuilder.fromUri(url).replaceQuery("token").build(), method, responseCode, str)); } final String contentType = conn.getContentType(); if (!(contentType == null || contentType.startsWith(MediaType.APPLICATION_JSON))) { throw new IOException(conn.getResponseMessage()); } try (Reader reader = new InputStreamReader(conn.getInputStream())) { return CharStreams.toString(reader); } } finally { conn.disconnect(); } }
@POST @Path("device/{deviceId}/buzz") public Response switchBuzzer( @PathParam("deviceId") String deviceId, @FormParam("state") String state) { if (state == null || state.isEmpty()) { log.error("State is not defined for the buzzer operation"); return Response.status(Response.Status.BAD_REQUEST).build(); } String switchToState = state.toUpperCase(); if (!switchToState.equals(VirtualFireAlarmConstants.STATE_ON) && !switchToState.equals(VirtualFireAlarmConstants.STATE_OFF)) { log.error("The requested state change shoud be either - 'ON' or 'OFF'"); return Response.status(Response.Status.BAD_REQUEST).build(); } try { if (!APIUtil.getDeviceAccessAuthorizationService() .isUserAuthorized( new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE), DeviceGroupConstants.Permissions.DEFAULT_OPERATOR_PERMISSIONS)) { return Response.status(Response.Status.UNAUTHORIZED.getStatusCode()).build(); } String resource = VirtualFireAlarmConstants.BULB_CONTEXT.replace("/", ""); PrivateKey serverPrivateKey = VirtualFirealarmSecurityManager.getServerPrivateKey(); String actualMessage = resource + ":" + switchToState; String encryptedMsg = VirtualFireAlarmServiceUtils.prepareSecurePayLoad(actualMessage, serverPrivateKey); String publishTopic = APIUtil.getTenantDomainOftheUser() + "/" + VirtualFireAlarmConstants.DEVICE_TYPE + "/" + deviceId; Operation commandOp = new CommandOperation(); commandOp.setCode("buzz"); commandOp.setType(Operation.Type.COMMAND); commandOp.setEnabled(true); commandOp.setPayLoad(encryptedMsg); Properties props = new Properties(); props.setProperty(VirtualFireAlarmConstants.MQTT_ADAPTER_TOPIC_PROPERTY_NAME, publishTopic); props.setProperty( VirtualFireAlarmConstants.CLIENT_JID_PROPERTY_KEY, deviceId + "@" + XmppConfig.getInstance().getServerName()); props.setProperty(VirtualFireAlarmConstants.SUBJECT_PROPERTY_KEY, "CONTROL-REQUEST"); props.setProperty( VirtualFireAlarmConstants.MESSAGE_TYPE_PROPERTY_KEY, VirtualFireAlarmConstants.CHAT_PROPERTY_KEY); commandOp.setProperties(props); List<DeviceIdentifier> deviceIdentifiers = new ArrayList<>(); deviceIdentifiers.add(new DeviceIdentifier(deviceId, VirtualFireAlarmConstants.DEVICE_TYPE)); APIUtil.getDeviceManagementService() .addOperation(VirtualFireAlarmConstants.DEVICE_TYPE, commandOp, deviceIdentifiers); return Response.ok().build(); } catch (DeviceAccessAuthorizationException e) { log.error(e.getErrorMessage(), e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } catch (VirtualFireAlarmException e) { String errorMsg = "Preparing Secure payload failed for device - [" + deviceId + "]"; log.error(errorMsg); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } catch (OperationManagementException e) { String msg = "Error occurred while executing command operation upon ringing the buzzer"; log.error(msg, e); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } }