Created
February 12, 2015 21:23
-
-
Save trepidity/46588043c554f89a81f9 to your computer and use it in GitHub Desktop.
NetIQ Access Manager Authentication Class using reCaptcha
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.novell.nam.authentication; | |
/* | |
* Copyright (c) 2015 Jared Jennings <jared@jaredjennings.org>. All Rights Reserved. | |
* don't forget to set the class property recaptcha_private_key | |
*/ | |
import java.util.*; | |
import javax.servlet.http.*; | |
import org.eclipse.higgins.sts.api.*; | |
import com.novell.nidp.*; | |
import com.novell.nidp.authentication.*; | |
import com.novell.nidp.authentication.local.*; | |
import com.novell.nidp.common.authority.*; | |
import net.tanesha.recaptcha.ReCaptchaImpl; | |
import net.tanesha.recaptcha.ReCaptchaResponse; | |
public class reCaptchaCustomAuthentication extends LocalAuthenticationClass implements STSAuthenticationClass | |
{ | |
/** | |
* Constructor for form based authentication | |
* | |
* @param props Properties associated with the implementing class | |
* @param uStores List of ordered user stores to authenticate against | |
*/ | |
public reCaptchaCustomAuthentication(Properties props, ArrayList<UserAuthority> uStores) | |
{ | |
super(props,uStores); | |
} | |
/** | |
* Get the authentication type this class implements | |
* | |
* @return returns the authentication type represented by this class | |
*/ | |
public String getType() | |
{ | |
return AuthnConstants.PASSWORD; | |
} | |
public void initializeRequest(HttpServletRequest request, | |
HttpServletResponse response, | |
NIDPSession session, | |
NIDPSessionData data, | |
boolean following, | |
String url) | |
{ | |
super.initializeRequest(request, response, session, data, following, url); | |
} | |
/** | |
* Perform form based authentication. This method gets called on each response | |
* during authentication process | |
* | |
* @return returns the status of the authentication process which is | |
* one of AUTHENTICATED, NOT_AUTHENTICATED, CANCELLED, HANDLED_REQUEST, | |
* PWD_EXPIRING, PWD_EXPIRED | |
*/ | |
protected int doAuthenticate() | |
{ | |
// If this is the first time the class is called following another method | |
// we want to display the form that will get the credentials. This method | |
// prevents a previous form from providing data to the next form if any | |
// parameter names end up being the same | |
if (!isFirstCallAfterPrevMethod()) | |
{ | |
// This wasnt first time method was called, so see if data can be processed | |
int status = handlePostedData(); | |
if (status != NOT_AUTHENTICATED) | |
return status; | |
} | |
String jsp = getProperty(AuthnConstants.PROPERTY_JSP); | |
if (jsp == null || jsp.length() == 0) | |
jsp = NIDPConstants.JSP_LOGIN; | |
m_PageToShow = new PageToShow(jsp); | |
m_PageToShow.addAttribute(NIDPConstants.ATTR_URL, (getReturnURL() != null ? getReturnURL() : m_Request.getRequestURL().toString())); | |
if (getAuthnRequest() != null && getAuthnRequest().getTarget() != null) | |
m_PageToShow.addAttribute("target", getAuthnRequest().getTarget()); | |
return SHOW_JSP; | |
} | |
/** | |
* Get and process the data that is posted from the form | |
* | |
* @return returns the status of the authentication process which is | |
* one of AUTHENTICATED, NOT_AUTHENTICATED, CANCELLED, HANDLED_REQUEST, | |
* PWD_EXPIRING, PWD_EXPIRED | |
*/ | |
private int handlePostedData() | |
{ | |
// Look for a name and password | |
String id = m_Request.getParameter(NIDPConstants.PARM_USERID); | |
String password = m_Request.getParameter(NIDPConstants.PARM_PASSWORD); | |
// validate the captcha before we attempt to find a user in the directory. This hopefully will cut down on scripts and other attacks. | |
ValidateCaptcha (); | |
// Check to see if admin has setup for a custom query | |
String ldapQuery = checkForQuery(); | |
try | |
{ | |
// using admin defined attributes for query | |
if (ldapQuery != null) | |
{ | |
if (authenticateWithQuery(ldapQuery,password)) | |
return AUTHENTICATED; | |
} | |
// If using default of name and password | |
else | |
{ | |
if (id == null || id.length() == 0) | |
return NOT_AUTHENTICATED; | |
if (authenticateWithPassword(id,password)) | |
return AUTHENTICATED; | |
} | |
} | |
catch (PasswordExpiringException pe) | |
{ | |
return PWD_EXPIRING; | |
} | |
catch (PasswordExpiredException pe) | |
{ | |
return PWD_EXPIRED; | |
} | |
m_Request.setAttribute(NIDPConstants.ATTR_LOGIN_ERROR, getUserErrorMsg()); | |
return NOT_AUTHENTICATED; | |
} | |
public NIDPPrincipal handleSTSAuthentication(ISecurityInformation securityInformation) | |
{ | |
IUsernameToken usernameToken = | |
(IUsernameToken)securityInformation.getFirst(IUsernameToken.class); | |
if (null != usernameToken) | |
{ | |
try | |
{ | |
if (authenticateWithPassword(usernameToken.getUsername(),usernameToken.getPassword())) | |
return getPrincipal(); | |
} | |
catch (PasswordExpiringException pe) | |
{ | |
return getPrincipal(); | |
} | |
catch (PasswordExpiredException pe) {} | |
} | |
return null; | |
} | |
/** | |
* Validates that the user provided Captcha answer is valid. | |
* Returns true if it is. | |
* @author jjennings <Sept 28, 2012> | |
* @return boolean | |
*/ | |
private boolean ValidateCaptcha () | |
{ | |
String remoteAddr = m_Request.getRemoteAddr (); | |
ReCaptchaImpl reCaptcha = new ReCaptchaImpl (); | |
reCaptcha.setPrivateKey (getProperty("recaptcha_private_key")); | |
String challenge = m_Request.getParameter ("recaptcha_challenge_field"); | |
String uresponse = m_Request.getParameter ("recaptcha_response_field"); | |
ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer (remoteAddr, challenge, uresponse); | |
if (reCaptchaResponse.isValid ()) { | |
return true; | |
} else { | |
return false; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment