Example 1 with SecurityQuestionsAuthenticationContext
use of com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext in project midpoint by Evolveum.
the class MidpointRestSecurityQuestionsAuthenticator method createAuthenticationContext.
@Override
protected SecurityQuestionsAuthenticationContext createAuthenticationContext(AuthorizationPolicy policy, ContainerRequestContext requestCtx) {
JsonFactory f = new JsonFactory();
ObjectMapper mapper = new ObjectMapper(f);
JsonNode node = null;
try {
node = mapper.readTree(policy.getAuthorization());
} catch (IOException e) {
RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
return null;
}
JsonNode userNameNode = node.findPath("user");
if (userNameNode instanceof MissingNode) {
RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
return null;
}
String userName = userNameNode.asText();
policy.setUserName(userName);
JsonNode answerNode = node.findPath("answer");
if (answerNode instanceof MissingNode) {
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
SearchResultList<PrismObject<UserType>> users = null;
try {
users = searchUser(userName);
} finally {
SecurityContextHolder.getContext().setAuthentication(null);
}
if (users.size() != 1) {
requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
return null;
}
PrismObject<UserType> user = users.get(0);
PrismContainer<SecurityQuestionAnswerType> questionAnswerContainer = user.findContainer(SchemaConstants.PATH_SECURITY_QUESTIONS_QUESTION_ANSWER);
if (questionAnswerContainer == null || questionAnswerContainer.isEmpty()) {
requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
return null;
}
String questionChallenge = "";
List<SecurityQuestionDefinitionType> questions = null;
try {
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
questions = getQuestions(user);
} finally {
SecurityContextHolder.getContext().setAuthentication(null);
}
Collection<SecurityQuestionAnswerType> questionAnswers = questionAnswerContainer.getRealValues();
Iterator<SecurityQuestionAnswerType> questionAnswerIterator = questionAnswers.iterator();
while (questionAnswerIterator.hasNext()) {
SecurityQuestionAnswerType questionAnswer = questionAnswerIterator.next();
SecurityQuestionDefinitionType question = questions.stream().filter(q -> q.getIdentifier().equals(questionAnswer.getQuestionIdentifier())).findFirst().get();
String challenge = QUESTION.replace(Q_ID, question.getIdentifier());
questionChallenge += challenge.replace(Q_TXT, question.getQuestionText());
if (questionAnswerIterator.hasNext()) {
questionChallenge += ",";
}
}
String userChallenge = USER_CHALLENGE.replace("username", userName);
String challenge = "{" + userChallenge + ", \"answer\" : [" + questionChallenge + "]}";
RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, challenge);
return null;
}
ArrayNode answers = (ArrayNode) answerNode;
Iterator<JsonNode> answersList = answers.elements();
Map<String, String> questionAnswers = new HashMap<>();
while (answersList.hasNext()) {
JsonNode answer = answersList.next();
String questionId = answer.findPath("qid").asText();
String questionAnswer = answer.findPath("qans").asText();
questionAnswers.put(questionId, questionAnswer);
}
return new SecurityQuestionsAuthenticationContext(userName, questionAnswers);
}
Also used :
SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)
HashMap(java.util.HashMap)
JsonFactory(com.fasterxml.jackson.core.JsonFactory)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
MissingNode(com.fasterxml.jackson.databind.node.MissingNode)
IOException(java.io.IOException)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
SecurityQuestionsAuthenticationContext(com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)
ArrayNode(com.fasterxml.jackson.databind.node.ArrayNode)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Example 2 with SecurityQuestionsAuthenticationContext
use of com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext in project midpoint by Evolveum.
the class SecurityQuestionProvider method internalAuthentication.
@Override
protected Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> requireAssignment, AuthenticationChannel channel, Class<? extends FocusType> focusType) throws AuthenticationException {
if (authentication.isAuthenticated() && authentication.getPrincipal() instanceof GuiProfiledPrincipal) {
return authentication;
}
String enteredUsername = (String) authentication.getPrincipal();
LOGGER.trace("Authenticating username '{}'", enteredUsername);
ConnectionEnvironment connEnv = createEnvironment(channel);
try {
Authentication token;
if (authentication instanceof SecurityQuestionsAuthenticationToken) {
Map<String, String> answers = (Map<String, String>) authentication.getCredentials();
SecurityQuestionsAuthenticationContext authContext = new SecurityQuestionsAuthenticationContext(enteredUsername, focusType, answers, requireAssignment);
if (channel != null) {
authContext.setSupportActivationByChannel(channel.isSupportActivationByChannel());
}
token = getEvaluator().authenticate(connEnv, authContext);
} else {
LOGGER.error("Unsupported authentication {}", authentication);
throw new AuthenticationServiceException("web.security.provider.unavailable");
}
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
return token;
} catch (AuthenticationException e) {
LOGGER.info("Authentication failed for {}: {}", enteredUsername, e.getMessage());
throw e;
}
}
Also used :
SecurityQuestionsAuthenticationToken(com.evolveum.midpoint.authentication.impl.module.authentication.token.SecurityQuestionsAuthenticationToken)
SecurityQuestionsAuthenticationContext(com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)
GuiProfiledPrincipal(com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal)
AuthenticationException(org.springframework.security.core.AuthenticationException)
Authentication(org.springframework.security.core.Authentication)
Map(java.util.Map)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Aggregations
SecurityQuestionsAuthenticationContext (com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)2
SecurityQuestionsAuthenticationToken (com.evolveum.midpoint.authentication.impl.module.authentication.token.SecurityQuestionsAuthenticationToken)1
GuiProfiledPrincipal (com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal)1
PrismObject (com.evolveum.midpoint.prism.PrismObject)1
ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)1
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1
SecurityQuestionAnswerType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)1
SecurityQuestionDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)1
UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)1
JsonFactory (com.fasterxml.jackson.core.JsonFactory)1
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
ArrayNode (com.fasterxml.jackson.databind.node.ArrayNode)1
MissingNode (com.fasterxml.jackson.databind.node.MissingNode)1
IOException (java.io.IOException)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)1
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1
Authentication (org.springframework.security.core.Authentication)1
