List of usage examples for java.lang SecurityException getMessage
public String getMessage()
From source file:org.apache.directory.fortress.core.AdminMgrConsole.java
void assignUser() { try {/*from ww w .j a v a 2 s.c o m*/ ReaderUtil.clearScreen(); System.out.println("Enter userId"); String userId = ReaderUtil.readLn(); UserRole uRole = new UserRole(); uRole.setUserId(userId); System.out.println("Enter role name"); String roleNm = ReaderUtil.readLn(); uRole.setName(roleNm); am.assignUser(uRole); System.out.println("userId [" + userId + "] name [" + roleNm + "]"); System.out.println("has been assigned"); System.out.println("ENTER to continue"); } catch (SecurityException e) { LOG.error("assignUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e); } ReaderUtil.readChar(); }
From source file:com.cws.esolutions.security.processors.impl.AccountChangeProcessorImpl.java
/** * @see com.cws.esolutions.security.processors.interfaces.IAccountChangeProcessor#changeUserPassword(com.cws.esolutions.security.processors.dto.AccountChangeRequest) *///from www . j a va 2s . c om public AccountChangeResponse changeUserPassword(final AccountChangeRequest request) throws AccountChangeException { final String methodName = IAccountChangeProcessor.CNAME + "#changeUserPassword(final AccountChangeRequest request) throws AccountChangeException"; if (DEBUG) { DEBUGGER.debug(methodName); DEBUGGER.debug("AccountChangeRequest: {}", request); } // List<String> authList = null; String currentPassword = null; AccountChangeResponse response = new AccountChangeResponse(); final Calendar calendar = Calendar.getInstance(); final RequestHostInfo reqInfo = request.getHostInfo(); final UserAccount requestor = request.getRequestor(); final UserAccount userAccount = request.getUserAccount(); final AuthenticationData reqSecurity = request.getUserSecurity(); final String newUserSalt = RandomStringUtils.randomAlphanumeric(secConfig.getSaltLength()); calendar.add(Calendar.DATE, secConfig.getPasswordExpiration()); if (DEBUG) { DEBUGGER.debug("Calendar: {}", calendar); DEBUGGER.debug("RequestHostInfo: {}", reqInfo); DEBUGGER.debug("UserAccount: {}", requestor); DEBUGGER.debug("UserAccount: {}", userAccount); } // ok, first things first. if this is an administrative reset, make sure the requesting user // is authorized to perform the action. if (!(StringUtils.equals(userAccount.getGuid(), requestor.getGuid()))) { // requesting user is not the same as the user being reset. no authorization here, // no one is allowed to change user security but the owning user response.setRequestStatus(SecurityRequestStatus.UNAUTHORIZED); return response; } try { // otherwise, keep going // make sure the new password isnt the same as the existing if (StringUtils.equals(reqSecurity.getNewPassword(), reqSecurity.getPassword())) { throw new AccountChangeException("The new password MUST differ from the existing password."); } else if ((reqSecurity.getNewPassword().length() < secConfig.getPasswordMinLength()) // less than minimum || (reqSecurity.getNewPassword().length() > secConfig.getPasswordMaxLength())) // greater than maximum { // password doesnt meet requirements, is either too short or too long throw new AccountChangeException( "The chosen password does not meet the configured length requirements."); } else { if (!(request.isReset())) { // ok, authenticate first String userSalt = userSec.getUserSalt(userAccount.getGuid(), SaltType.LOGON.name()); if (StringUtils.isNotEmpty(userSalt)) { // we aren't getting the data back here because we don't need it. if the request // fails we'll get an exception and not process further. this might not be the // best flow control, but it does exactly what we need where we need it. authenticator.performLogon(userAccount.getUsername(), PasswordUtils.encryptText(reqSecurity.getPassword(), userSalt, secBean.getConfigData().getSecurityConfig().getAuthAlgorithm(), secBean.getConfigData().getSecurityConfig().getIterations(), secBean.getConfigData().getSystemConfig().getEncoding())); } } if (StringUtils.isNotEmpty(newUserSalt)) { // get rollback information in case something breaks... // we already have the existing expiry and password, all we really need to get here is the salt. String existingSalt = userSec.getUserSalt(userAccount.getGuid(), SaltType.LOGON.name()); if (StringUtils.isNotEmpty(existingSalt)) { // good, move forward // put the new salt in the database boolean isComplete = userSec.addOrUpdateSalt(userAccount.getGuid(), newUserSalt, SaltType.LOGON.name()); if (DEBUG) { DEBUGGER.debug("isComplete: {}", isComplete); } if (isComplete) { // make the modification in the user repository userManager.modifyUserPassword(userAccount.getGuid(), PasswordUtils.encryptText(reqSecurity.getNewPassword(), newUserSalt, secConfig.getAuthAlgorithm(), secConfig.getIterations(), secBean.getConfigData().getSystemConfig().getEncoding())); if (DEBUG) { DEBUGGER.debug("isComplete: {}", isComplete); } if (isComplete) { if ((userAccount.getStatus() == LoginStatus.EXPIRED) || (userAccount.getStatus() == LoginStatus.RESET)) { // update the account userAccount.setStatus(LoginStatus.SUCCESS); } response.setUserAccount(userAccount); response.setRequestStatus(SecurityRequestStatus.SUCCESS); } else { if (!(request.isReset())) { // something failed. we're going to undo what we did in the user // repository, because we couldnt update the salt value. if we don't // undo it then the user will never be able to login without admin // intervention boolean isBackedOut = userManager.modifyUserPassword(userAccount.getUsername(), currentPassword); if (!(isBackedOut)) { throw new AccountChangeException( "Failed to modify the user account and unable to revert to existing state."); } } response.setRequestStatus(SecurityRequestStatus.FAILURE); } } else { response.setRequestStatus(SecurityRequestStatus.FAILURE); } } else { throw new AccountChangeException( "Unable to obtain existing salt value from datastore. Cannot continue."); } } else { throw new AccountChangeException("Unable to generate new salt for provided user account."); } } } catch (SQLException sqx) { ERROR_RECORDER.error(sqx.getMessage(), sqx); throw new AccountChangeException(sqx.getMessage(), sqx); } catch (UserManagementException umx) { ERROR_RECORDER.error(umx.getMessage(), umx); throw new AccountChangeException(umx.getMessage(), umx); } catch (AuthenticatorException ax) { ERROR_RECORDER.error(ax.getMessage(), ax); throw new AccountChangeException(ax.getMessage(), ax); } catch (SecurityException sx) { ERROR_RECORDER.error(sx.getMessage(), sx); throw new AccountChangeException(sx.getMessage(), sx); } finally { // audit try { AuditEntry auditEntry = new AuditEntry(); auditEntry.setHostInfo(reqInfo); auditEntry.setAuditType(AuditType.CHANGEPASS); auditEntry.setUserAccount(requestor); auditEntry.setAuthorized(Boolean.TRUE); auditEntry.setApplicationId(request.getApplicationId()); auditEntry.setApplicationName(request.getApplicationName()); if (DEBUG) { DEBUGGER.debug("AuditEntry: {}", auditEntry); } AuditRequest auditRequest = new AuditRequest(); auditRequest.setAuditEntry(auditEntry); if (DEBUG) { DEBUGGER.debug("AuditRequest: {}", auditRequest); } auditor.auditRequest(auditRequest); } catch (AuditServiceException asx) { ERROR_RECORDER.error(asx.getMessage(), asx); } } return response; }
From source file:org.apache.directory.fortress.core.AdminMgrConsole.java
void updateRole() { Role re = new Role(); try {/*from ww w . java 2s . c om*/ ReaderUtil.clearScreen(); System.out.println("Enter role name:"); re.setName(ReaderUtil.readLn()); System.out.println("Enter Role's description field"); re.setDescription(ReaderUtil.readLn()); Role re2 = am.updateRole(re); System.out.println("name [" + re2.getName() + "]"); System.out.println("internalId [" + re2.getId() + "]"); System.out.println("name description [" + re2.getDescription() + "]"); System.out.println("has been updated"); System.out.println("ENTER to continue"); } catch (SecurityException e) { LOG.error("updateRole caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e); } ReaderUtil.readChar(); }
From source file:org.apache.directory.fortress.core.AdminMgrConsole.java
void deassignUser() { try {//from w w w. ja v a 2 s .c o m ReaderUtil.clearScreen(); System.out.println("Enter userId"); String userId = ReaderUtil.readLn(); UserRole uRole = new UserRole(); uRole.setUserId(userId); System.out.println("Enter role name"); String roleNm = ReaderUtil.readLn(); uRole.setName(roleNm); am.deassignUser(uRole); System.out.println("userId [" + userId + "] name [" + roleNm + "]"); System.out.println("has been deassigned"); System.out.println("ENTER to continue"); } catch (SecurityException e) { LOG.error("deassignUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e); } ReaderUtil.readChar(); }
From source file:org.apache.directory.fortress.core.AdminMgrConsole.java
void resetPassword() { try {/* w w w. jav a 2s.c o m*/ ReaderUtil.clearScreen(); System.out.println("Enter userId"); String userId = ReaderUtil.readLn(); User user = new User(); user.setUserId(userId); System.out.println("Enter new password"); String newPw = ReaderUtil.readLn(); am.resetPassword(user, newPw.toCharArray()); System.out.println("userId [" + userId + "]"); System.out.println("password has been reset"); System.out.println("ENTER to continue"); } catch (SecurityException e) { LOG.error("resetPassword caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e); } ReaderUtil.readChar(); }
From source file:org.apache.directory.fortress.core.AdminMgrConsole.java
/** * Description of the Method/*from ww w. ja v a 2 s .co m*/ */ protected void forceDeleteUser() { try { ReaderUtil.clearScreen(); System.out.println("Enter userId"); String userId = ReaderUtil.readLn(); User user = new User(); user.setUserId(userId); am.deleteUser(user); System.out.println("userId [" + userId + "]"); System.out.println("has been force deleted"); System.out.println("ENTER to continue"); } catch (SecurityException e) { LOG.error("forceDeleteUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e); } ReaderUtil.readChar(); }
From source file:org.apache.directory.fortress.core.AdminMgrConsole.java
/** * Description of the Method/*from w w w . jav a 2 s .com*/ */ void deletePermission() { try { ReaderUtil.clearScreen(); System.out.println("Enter object name"); String name = ReaderUtil.readLn(); //System.out.println("Enter object id (or enter for NULL)"); //String object = ReaderUtil.readLn(); PermObj pObj = new PermObj(); pObj.setObjName(name); am.deletePermObj(pObj); System.out.println("perm object deleted: [" + name + "]"); System.out.println("ENTER to continue"); } catch (SecurityException e) { LOG.error("deletePermission caught SecurityException rc=" + e.getErrorId() + " msg=" + e.getMessage(), e); } ReaderUtil.readChar(); }
From source file:org.apache.directory.fortress.core.AdminMgrConsole.java
/** * Description of the Method/*from w w w .ja va 2s . co m*/ */ protected void deleteUser() { try { ReaderUtil.clearScreen(); System.out.println("Enter userId"); String userId = ReaderUtil.readLn(); User user = new User(); user.setUserId(userId); System.out.println("Is Force Delete? Y/N"); String flag = ReaderUtil.readLn(); if (flag.equalsIgnoreCase("Y")) { am.deleteUser(user); System.out.println("userId [" + userId + "]"); System.out.println("has been deleted"); } else { am.disableUser(user); System.out.println("userId [" + userId + "]"); System.out.println("has been disabled but not deleted"); } System.out.println("ENTER to continue"); } catch (SecurityException e) { LOG.error("deleteUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e); } ReaderUtil.readChar(); }
From source file:org.apache.directory.fortress.core.AdminMgrConsole.java
void changePassword() { try {/*from w w w. j a va 2s. co m*/ ReaderUtil.clearScreen(); System.out.println("Enter userId"); String userId = ReaderUtil.readLn(); System.out.println("Enter old password"); String oldPw = ReaderUtil.readLn(); User user = new User(); user.setUserId(userId); user.setPassword(oldPw.toCharArray()); System.out.println("Enter new password"); String newPw = ReaderUtil.readLn(); am.changePassword(user, newPw.toCharArray()); System.out.println("userId [" + userId + "]"); System.out.println("password has been changed"); System.out.println("ENTER to continue"); } catch (SecurityException e) { LOG.error("changePassword caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e); } ReaderUtil.readChar(); }
From source file:com.cws.esolutions.security.processors.impl.AccountChangeProcessorImpl.java
/** * @see com.cws.esolutions.security.processors.interfaces.IAccountChangeProcessor#changeUserSecurity(com.cws.esolutions.security.processors.dto.AccountChangeRequest) */// ww w. ja v a 2s . co m public AccountChangeResponse changeUserSecurity(final AccountChangeRequest request) throws AccountChangeException { final String methodName = IAccountChangeProcessor.CNAME + "#changeUserSecurity(final AccountChangeRequest request) throws AccountChangeException"; if (DEBUG) { DEBUGGER.debug(methodName); DEBUGGER.debug("AccountChangeRequest: {}", request); } AccountChangeResponse response = new AccountChangeResponse(); final Calendar calendar = Calendar.getInstance(); final RequestHostInfo reqInfo = request.getHostInfo(); final UserAccount requestor = request.getRequestor(); final UserAccount userAccount = request.getUserAccount(); final AuthenticationData reqSecurity = request.getUserSecurity(); if (DEBUG) { DEBUGGER.debug("Calendar: {}", calendar); DEBUGGER.debug("RequestHostInfo: {}", reqInfo); DEBUGGER.debug("UserAccount: {}", requestor); DEBUGGER.debug("UserAccount: {}", userAccount); } // ok, first things first. if this is an administrative reset, make sure the requesting user // is authorized to perform the action. if (!(StringUtils.equals(userAccount.getGuid(), requestor.getGuid()))) { // requesting user is not the same as the user being reset. no authorization here, // no one is allowed to change user security but the owning user response.setRequestStatus(SecurityRequestStatus.UNAUTHORIZED); return response; } try { // otherwise, keep going // make sure the two questions and answers arent the same if ((StringUtils.equals(reqSecurity.getSecQuestionOne(), reqSecurity.getSecQuestionTwo()))) { throw new AccountChangeException("The security questions must be different."); } else if ((StringUtils.equals(reqSecurity.getSecAnswerOne(), reqSecurity.getSecAnswerTwo()))) { throw new AccountChangeException("The security answers must be different."); } else { // ok, authenticate first String userSalt = userSec.getUserSalt(userAccount.getGuid(), SaltType.LOGON.name()); if (StringUtils.isNotEmpty(userSalt)) { // we aren't getting the data back here because we don't need it. if the request // fails we'll get an exception and not process further. this might not be the // best flow control, but it does exactly what we need where we need it. authenticator.performLogon(userAccount.getUsername(), PasswordUtils.encryptText(reqSecurity.getPassword(), userSalt, secBean.getConfigData().getSecurityConfig().getAuthAlgorithm(), secBean.getConfigData().getSecurityConfig().getIterations(), secBean.getConfigData().getSystemConfig().getEncoding())); // ok, thats out of the way. lets keep moving. String newUserSalt = RandomStringUtils.randomAlphanumeric(secConfig.getSaltLength()); if (StringUtils.isNotEmpty(newUserSalt)) { // get rollback information in case something breaks... // we already have the existing expiry and password, all we really need to get here is the salt. String existingSalt = userSec.getUserSalt(userAccount.getGuid(), SaltType.RESET.name()); if (StringUtils.isNotEmpty(existingSalt)) { // make the backout List<String> currentSec = authenticator.obtainSecurityData(userAccount.getUsername(), userAccount.getGuid()); // good, move forward // make the modification in the user repository boolean isComplete = userManager.modifyUserSecurity(userAccount.getUsername(), new ArrayList<String>(Arrays.asList(reqSecurity.getSecQuestionOne(), reqSecurity.getSecQuestionTwo(), PasswordUtils.encryptText(reqSecurity.getSecAnswerOne(), newUserSalt, secConfig.getAuthAlgorithm(), secConfig.getIterations(), secBean.getConfigData().getSystemConfig().getEncoding()), PasswordUtils.encryptText(reqSecurity.getSecAnswerTwo(), newUserSalt, secConfig.getAuthAlgorithm(), secConfig.getIterations(), secBean.getConfigData().getSystemConfig().getEncoding())))); if (DEBUG) { DEBUGGER.debug("isComplete: {}", isComplete); } if (isComplete) { // now update the salt isComplete = userSec.addOrUpdateSalt(userAccount.getGuid(), newUserSalt, SaltType.RESET.name()); if (isComplete) { response.setRequestStatus(SecurityRequestStatus.SUCCESS); } else { // something failed. we're going to undo what we did in the user // repository, because we couldnt update the salt value. if we don't // undo it then the user will never be able to login without admin // intervention boolean isReverted = userManager.modifyUserSecurity(userAccount.getUsername(), new ArrayList<String>(Arrays.asList(currentSec.get(0), currentSec.get(1), currentSec.get(2), currentSec.get(3)))); if (DEBUG) { DEBUGGER.debug("isReverted: {}", isReverted); } boolean backoutSalt = userSec.addOrUpdateSalt(userAccount.getGuid(), existingSalt, SaltType.RESET.name()); if (DEBUG) { DEBUGGER.debug("backoutSalt: {}", backoutSalt); } if (!(isReverted) && (!(backoutSalt))) { throw new AccountChangeException( "Failed to modify the user account and unable to revert to existing state."); } response.setRequestStatus(SecurityRequestStatus.FAILURE); } } else { response.setRequestStatus(SecurityRequestStatus.FAILURE); } } else { ERROR_RECORDER.error("Unable to generate new salt for provided user account."); response.setRequestStatus(SecurityRequestStatus.FAILURE); } } else { ERROR_RECORDER .error("Unable to obtain existing salt value from datastore. Cannot continue."); response.setRequestStatus(SecurityRequestStatus.FAILURE); } } else { ERROR_RECORDER.error("Unable to obtain configured user salt. Cannot continue"); response.setRequestStatus(SecurityRequestStatus.FAILURE); } } } catch (SQLException sqx) { ERROR_RECORDER.error(sqx.getMessage(), sqx); throw new AccountChangeException(sqx.getMessage(), sqx); } catch (UserManagementException umx) { ERROR_RECORDER.error(umx.getMessage(), umx); throw new AccountChangeException(umx.getMessage(), umx); } catch (AuthenticatorException ax) { ERROR_RECORDER.error(ax.getMessage(), ax); throw new AccountChangeException(ax.getMessage(), ax); } catch (SecurityException sx) { ERROR_RECORDER.error(sx.getMessage(), sx); throw new AccountChangeException(sx.getMessage(), sx); } finally { // audit try { AuditEntry auditEntry = new AuditEntry(); auditEntry.setHostInfo(reqInfo); auditEntry.setAuditType(AuditType.ADDSECURITY); auditEntry.setUserAccount(requestor); auditEntry.setAuthorized(Boolean.TRUE); auditEntry.setApplicationId(request.getApplicationId()); auditEntry.setApplicationName(request.getApplicationName()); if (DEBUG) { DEBUGGER.debug("AuditEntry: {}", auditEntry); } AuditRequest auditRequest = new AuditRequest(); auditRequest.setAuditEntry(auditEntry); if (DEBUG) { DEBUGGER.debug("AuditRequest: {}", auditRequest); } auditor.auditRequest(auditRequest); } catch (AuditServiceException asx) { ERROR_RECORDER.error(asx.getMessage(), asx); } } return response; }