Class AuthenticationException
- java.lang.Object
-
- java.lang.Throwable
-
- java.lang.Exception
-
- de.aristaflow.adept2.base.security.AuthenticationException
-
- All Implemented Interfaces:
Serializable
public class AuthenticationException extends Exception
AnAuthenticationExceptionis thrown when authenticating and the provided Agent user name and/or password are incorrect or the authentication fails due to an exception thrown by the used authentication framework. Usually no message is provided to prevent information on how to get the authentication and thus improve the chance to authenticate illegitimately.
Services encountering anAuthenticationExceptionshould check for whether this is possibly caused by an authentication attack and if so, they should take countermeasures, for instance waiting for several time before allowing the next authentication. However, only one service in the stack should take countermeasures, therefore this service should reset the flag for countermeasures.- Author:
- Patrick Schmidt, Ulrich Kreher
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected booleancountMeasReqWhether countermeasures should been taken for this authentication exception.protected booleanpossibleAttackWhether this authentication exception is caused by wrong authentication data and therefore countermeasures may be required to prevent authentication attacks.
-
Constructor Summary
Constructors Constructor Description AuthenticationException()Constructs a newAuthenticationExceptionwithnullas detail message and the authentication being a possible attack.AuthenticationException(boolean possibleAttack)Constructs a newAuthenticationExceptionwithnullas detail message.AuthenticationException(String msg, boolean possibleAttack)Creates a newAuthenticationExceptionhaving the designated message.AuthenticationException(String msg, Throwable cause)Creates a newAuthenticationExceptionhaving the designated message and cause and not being a possible attack.AuthenticationException(Throwable cause, boolean possibleAttack)Creates a newAuthenticationExceptionhaving the designated cause.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleancounterMeasuresRequired()Whether this authentication exception has been raised due to wrong authentication data and thus be due to an authentication attack and therefore counter measures (e.g. an increased wait time before the next authentication try) should be taken.voidcounterMeasuresTaken()Whether counter measures have been taken.booleanisPossibleAttack()Whether this authentication exception has been raised due to wrong authentication data and thus be due to an authentication attack.-
Methods inherited from class java.lang.Throwable
addSuppressed, fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, getSuppressed, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString
-
-
-
-
Field Detail
-
possibleAttack
protected final boolean possibleAttack
Whether this authentication exception is caused by wrong authentication data and therefore countermeasures may be required to prevent authentication attacks. To avoid duplicate countermeasures, services taking these should resetthe corresponding flag.
-
countMeasReq
protected boolean countMeasReq
Whether countermeasures should been taken for this authentication exception. If a service takes countermeasures it should reset this to prevent calling services from taking additional countermeasures.
-
-
Constructor Detail
-
AuthenticationException
public AuthenticationException()
Constructs a newAuthenticationExceptionwithnullas detail message and the authentication being a possible attack.
-
AuthenticationException
public AuthenticationException(boolean possibleAttack)
Constructs a newAuthenticationExceptionwithnullas detail message.- Parameters:
possibleAttack- Whether the exception is possibly an attack. This sets the corresponding flags.
-
AuthenticationException
public AuthenticationException(String msg, boolean possibleAttack)
Creates a newAuthenticationExceptionhaving the designated message.- Parameters:
msg- Information on the occurred exception.possibleAttack- Whether the exception is possibly an attack. This sets the corresponding flags.
-
AuthenticationException
public AuthenticationException(Throwable cause, boolean possibleAttack)
Creates a newAuthenticationExceptionhaving the designated cause. This is used for wrapping an exception stemming from JAAS or another used authentication framework.- Parameters:
possibleAttack- Whether the exception is possibly an attack. This sets the corresponding flags.cause- The cause for theAuthenticationException.
-
AuthenticationException
public AuthenticationException(String msg, Throwable cause)
Creates a newAuthenticationExceptionhaving the designated message and cause and not being a possible attack. This is used for wrapping an exception stemming from JAAS or another used authentication framework.- Parameters:
msg- Information on the occurred exception.cause- The cause for theAuthenticationException.
-
-
Method Detail
-
isPossibleAttack
public boolean isPossibleAttack()
Whether this authentication exception has been raised due to wrong authentication data and thus be due to an authentication attack.- Returns:
- Whether this authentication exception has been raised due to wrong authentication data and thus be due to an authentication attack.
-
counterMeasuresRequired
public boolean counterMeasuresRequired()
Whether this authentication exception has been raised due to wrong authentication data and thus be due to an authentication attack and therefore counter measures (e.g. an increased wait time before the next authentication try) should be taken.- Returns:
- Whether countermeasures should be taken to prevent authentication attacks.
-
counterMeasuresTaken
public void counterMeasuresTaken()
Whether counter measures have been taken. This prevents several counter measures from different services. Therefore this method should be called by the first service that has taken countermeasures.
-
-