Example 1 with SecurityQuestionDefinitionType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.
the class MidpointRestSecurityQuestionsAuthenticator method createAuthenticationContext.
@Override
protected SecurityQuestionsAuthenticationContext createAuthenticationContext(AuthorizationPolicy policy, ContainerRequestContext requestCtx) {
JsonFactory f = new JsonFactory();
ObjectMapper mapper = new ObjectMapper(f);
JsonNode node = null;
try {
node = mapper.readTree(policy.getAuthorization());
} catch (IOException e) {
RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
return null;
}
JsonNode userNameNode = node.findPath("user");
if (userNameNode instanceof MissingNode) {
RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
return null;
}
String userName = userNameNode.asText();
policy.setUserName(userName);
JsonNode answerNode = node.findPath("answer");
if (answerNode instanceof MissingNode) {
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
SearchResultList<PrismObject<UserType>> users = null;
try {
users = searchUser(userName);
} finally {
SecurityContextHolder.getContext().setAuthentication(null);
}
if (users.size() != 1) {
requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
return null;
}
PrismObject<UserType> user = users.get(0);
PrismContainer<SecurityQuestionAnswerType> questionAnswerContainer = user.findContainer(SchemaConstants.PATH_SECURITY_QUESTIONS_QUESTION_ANSWER);
if (questionAnswerContainer == null || questionAnswerContainer.isEmpty()) {
requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
return null;
}
String questionChallenge = "";
List<SecurityQuestionDefinitionType> questions = null;
try {
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
questions = getQuestions(user);
} finally {
SecurityContextHolder.getContext().setAuthentication(null);
}
Collection<SecurityQuestionAnswerType> questionAnswers = questionAnswerContainer.getRealValues();
Iterator<SecurityQuestionAnswerType> questionAnswerIterator = questionAnswers.iterator();
while (questionAnswerIterator.hasNext()) {
SecurityQuestionAnswerType questionAnswer = questionAnswerIterator.next();
SecurityQuestionDefinitionType question = questions.stream().filter(q -> q.getIdentifier().equals(questionAnswer.getQuestionIdentifier())).findFirst().get();
String challenge = QUESTION.replace(Q_ID, question.getIdentifier());
questionChallenge += challenge.replace(Q_TXT, question.getQuestionText());
if (questionAnswerIterator.hasNext()) {
questionChallenge += ",";
}
}
String userChallenge = USER_CHALLENGE.replace("username", userName);
String challenge = "{" + userChallenge + ", \"answer\" : [" + questionChallenge + "]}";
RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, challenge);
return null;
}
ArrayNode answers = (ArrayNode) answerNode;
Iterator<JsonNode> answersList = answers.elements();
Map<String, String> questionAnswers = new HashMap<>();
while (answersList.hasNext()) {
JsonNode answer = answersList.next();
String questionId = answer.findPath("qid").asText();
String questionAnswer = answer.findPath("qans").asText();
questionAnswers.put(questionId, questionAnswer);
}
return new SecurityQuestionsAuthenticationContext(userName, questionAnswers);
}
Also used :
SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)
HashMap(java.util.HashMap)
JsonFactory(com.fasterxml.jackson.core.JsonFactory)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
MissingNode(com.fasterxml.jackson.databind.node.MissingNode)
IOException(java.io.IOException)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
SecurityQuestionsAuthenticationContext(com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)
ArrayNode(com.fasterxml.jackson.databind.node.ArrayNode)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Example 2 with SecurityQuestionDefinitionType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.
the class PageMyPasswordQuestions method checkIfQuestionisValid.
private SecurityQuestionAnswerDTO checkIfQuestionisValid(SecurityQuestionAnswerDTO questionIdentifier, List<SecurityQuestionDefinitionType> securityQuestionList) {
for (Iterator iterator = securityQuestionList.iterator(); iterator.hasNext(); ) {
SecurityQuestionDefinitionType securityQuestionDefinitionType = (SecurityQuestionDefinitionType) iterator.next();
LOGGER.debug("List For" + securityQuestionDefinitionType.getIdentifier().trim());
if (securityQuestionDefinitionType.getIdentifier().trim().equalsIgnoreCase((questionIdentifier.getPwdQuestion().trim()))) {
questionIdentifier.setQuestionItself(securityQuestionDefinitionType.getQuestionText());
LOGGER.info(": TRUE QUESTION");
return questionIdentifier;
} else {
return null;
}
}
return null;
}
Also used :
SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)
Iterator(java.util.Iterator)
Example 3 with SecurityQuestionDefinitionType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.
the class PageSecurityQuestions method initLayout.
public void initLayout() {
Form mainForm = new Form(ID_MAIN_FORM);
pqPanels = new ArrayList<MyPasswordQuestionsPanel>();
PrismObject<SecurityPolicyType> securityPolicy = getSecurityPolicy();
LOGGER.trace("Found security policy: {}", securityPolicy);
if (securityPolicy == null) {
LOGGER.error("No security policy, cannot process security questions");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageError.class);
}
questionNumber = securityPolicy.asObjectable().getCredentials() != null && securityPolicy.asObjectable().getCredentials().getSecurityQuestions() != null ? securityPolicy.asObjectable().getCredentials().getSecurityQuestions().getQuestionNumber() : 0;
policyQuestionList = securityPolicy.asObjectable().getCredentials() != null && securityPolicy.asObjectable().getCredentials().getSecurityQuestions() != null ? securityPolicy.asObjectable().getCredentials().getSecurityQuestions().getQuestion() : new ArrayList<SecurityQuestionDefinitionType>();
List<SecurityQuestionAnswerDTO> userQuestionList = model.getObject().getSecurityAnswers();
if (userQuestionList == null) {
getSession().error(getString("pageForgetPassword.message.ContactAdminQuestionsNotSet"));
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(null);
throw new RestartResponseException(PageForgotPassword.class);
}
if (questionNumber <= userQuestionList.size()) {
// Questions
for (Iterator iterator = policyQuestionList.iterator(); iterator.hasNext(); ) {
SecurityQuestionDefinitionType securityQuestionDefinitionType = (SecurityQuestionDefinitionType) iterator.next();
// user's question List loop to match the questions
for (int userQuestint = 0; userQuestint < userQuestionList.size(); userQuestint++) {
// if the question is in the policy check
int panelNumber = 0;
if (userQuestionList.get(userQuestint).getPwdQuestion().equalsIgnoreCase(securityQuestionDefinitionType.getIdentifier())) {
SecurityQuestionAnswerDTO a = new SecurityQuestionAnswerDTO(userQuestionList.get(userQuestint).getPwdQuestion(), "", userQuestionList.get(userQuestint).getQuestionItself());
a = checkIfQuestionisValid(a, policyQuestionList);
MyPasswordQuestionsPanel panel = new MyPasswordQuestionsPanel(ID_PASSWORD_QUESTIONS_PANEL + panelNumber, a);
pqPanels.add(panel);
panelNumber++;
// This is the Question!
}
}
}
}
add(mainForm);
mainForm.add(getPanels(pqPanels));
initButtons(mainForm);
}
Also used :
SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)
Form(org.apache.wicket.markup.html.form.Form)
ArrayList(java.util.ArrayList)
SecurityPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType)
RestartResponseException(org.apache.wicket.RestartResponseException)
SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)
SecurityContext(org.springframework.security.core.context.SecurityContext)
Iterator(java.util.Iterator)
MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)
Example 4 with SecurityQuestionDefinitionType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.
the class PageMyPasswordQuestions method executePasswordQuestionsAndAnswers.
/**
* method for get existing questions and answer from user credentials
* @author oguzhan
* @param userQuestionList
* @param policyQuestionList
* @param panelNumber
*/
public void executePasswordQuestionsAndAnswers(List<SecurityQuestionAnswerDTO> userQuestionList, List<SecurityQuestionDefinitionType> policyQuestionList, int panelNumber) {
int userQuest = 0;
LOGGER.debug("executePasswordQuestionsAndAnswers");
for (Iterator iterator = policyQuestionList.iterator(); iterator.hasNext(); ) {
/* Loop for finding the Existing Questions
* and Answers according to Policy*/
SecurityQuestionDefinitionType securityQuestionDefinitionType = (SecurityQuestionDefinitionType) iterator.next();
//user's question List loop to match the questions
for (int i = userQuest; i < userQuestionList.size(); i++) {
if (userQuestionList.get(i).getPwdQuestion().trim().compareTo(securityQuestionDefinitionType.getIdentifier().trim()) == 0) {
SecurityQuestionAnswerDTO a = new SecurityQuestionAnswerDTO(userQuestionList.get(i).getPwdQuestion(), userQuestionList.get(i).getPwdAnswer(), userQuestionList.get(i).getQuestionItself());
a = checkIfQuestionisValidSingle(a, securityQuestionDefinitionType);
MyPasswordQuestionsPanel panel = new MyPasswordQuestionsPanel(ID_PASSWORD_QUESTIONS_PANEL + panelNumber, a);
pqPanels.add(panel);
panelNumber++;
userQuest++;
break;
} else if (userQuestionList.get(i).getPwdQuestion().trim().compareTo(securityQuestionDefinitionType.getIdentifier().trim()) != 0) {
SecurityQuestionAnswerDTO a = new SecurityQuestionAnswerDTO(policyQuestionList.get(panelNumber).getIdentifier(), "", policyQuestionList.get(panelNumber).getQuestionText());
a.setQuestionItself(securityQuestionDefinitionType.getQuestionText());
userQuestionList.get(i).setPwdQuestion(securityQuestionDefinitionType.getIdentifier().trim());
MyPasswordQuestionsPanel panel = new MyPasswordQuestionsPanel(ID_PASSWORD_QUESTIONS_PANEL + panelNumber, a);
pqPanels.add(panel);
panelNumber++;
userQuest++;
break;
}
}
}
}
Also used :
SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)
SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)
Iterator(java.util.Iterator)
MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)
Example 5 with SecurityQuestionDefinitionType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.
the class PageMyPasswordQuestions method initLayout.
public void initLayout() {
Form mainForm = new Form(ID_MAIN_FORM);
//question panel list
pqPanels = new ArrayList<MyPasswordQuestionsPanel>();
OperationResult result = new OperationResult(OPERATION_LOAD_QUESTION_POLICY);
try {
Task task = getPageBase().createSimpleTask(OPERATION_LOAD_QUESTION_POLICY);
OperationResult subResult = result.createSubresult(OPERATION_LOAD_QUESTION_POLICY);
try {
//PrismObject<SystemConfigurationType> config = getPageBase().getModelService().getObject(
// SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), null,
//task, result);
CredentialsPolicyType credPolicy = getModelInteractionService().getCredentialsPolicy(null, null, result);
//Global Policy set question numbers
if (credPolicy != null && credPolicy.getSecurityQuestions() != null) {
questionNumber = credPolicy.getSecurityQuestions().getQuestionNumber();
// Actual Policy Question List
policyQuestionList = credPolicy.getSecurityQuestions().getQuestion();
} else {
questionNumber = 0;
policyQuestionList = new ArrayList<SecurityQuestionDefinitionType>();
}
} catch (Exception ex) {
ex.printStackTrace();
/* List<SecurityQuestionAnswerDTO> userQuestionList= model.getObject().getSecurityAnswers();
int panelNumber=0;
PrismObject<UserType> user = null;
Collection options = SelectorOptions.createCollection(UserType.F_CREDENTIALS,
GetOperationOptions.createRetrieve(RetrieveOption.INCLUDE));
Task taskTwo = createSimpleTask("LOAD USER WRAPPER");
user = getModelService().getObject(UserType.class, SecurityUtils.getPrincipalUser().getOid(), options, taskTwo, result);
OperationResult parentResult = new OperationResult(OPERATION_LOAD_QUESTION_POLICY);
questionNumber = getModelInteractionService().getCredentialsPolicy(user, parentResult).getSecurityQuestions().getQuestionNumber();
policyQuestionList=getModelInteractionService().getCredentialsPolicy(user, parentResult).getSecurityQuestions().getQuestion();
if(userQuestionList==null){
executeAddingQuestions(questionNumber, 0, policyQuestionList);
LOGGER.info(getModelInteractionService().getCredentialsPolicy(user, parentResult).getSecurityQuestions().getQuestionNumber().toString());
}else{
for(int userQuestint=0;userQuestint<userQuestionList.size();userQuestint++){
SecurityQuestionAnswerDTO answerDTO= checkIfQuestionisValid(userQuestionList.get(userQuestint), policyQuestionList);
if (userQuestionList.get(userQuestint)!=null){
LOGGER.debug("Questitself"+userQuestionList.get(userQuestint).getQuestionItself());
MyPasswordQuestionsPanel panel=new MyPasswordQuestionsPanel(ID_PASSWORD_QUESTIONS_PANEL+ panelNumber,userQuestionList.get(userQuestint));
pqPanels.add(panel);
panelNumber++;
}
}
//TODO same questions check should be implemented
}
add(mainForm);
mainForm.add(getPanels(pqPanels));
initButtons(mainForm);
return;
*/
}
/*User's Pre-Set Question List*/
List<SecurityQuestionAnswerDTO> userQuestionList = model.getObject().getSecurityAnswers();
//Case that policy have more than users's number of numbers
if ((userQuestionList == null) || (questionNumber > userQuestionList.size())) {
if (userQuestionList == null) {
executeAddingQuestions(questionNumber, 0, policyQuestionList);
//TODO same questions check should be implemented
} else {
executePasswordQuestionsAndAnswers(userQuestionList, policyQuestionList, userQuestionList.size());
//QUESTION NUMBER BIGGER THAN QUESTION LIST
//rest of the questions
int difference = questionNumber - userQuestionList.size();
executeAddingQuestions(difference, userQuestionList.size(), policyQuestionList);
}
} else if (questionNumber == userQuestionList.size()) {
//QUESTION NUMBER EQUALS TO QUESTION LIST
executePasswordQuestionsAndAnswers(userQuestionList, policyQuestionList, 0);
//TODO PART2: Case that policy have smaller than users's number of numbers
} else if (questionNumber < userQuestionList.size()) {
//QUESTION NUMBER SMALLER THAN QUESTION LIST
executePasswordQuestionsAndAnswers(userQuestionList, policyQuestionList, 0);
//this part will be using at remove operation in the future
/* int diff = userQuestionList.size()-questionNumber;
for(Iterator iterator = userQuestionList.iterator(); iterator.hasNext();){
SecurityQuestionAnswerDTO element = (SecurityQuestionAnswerDTO)iterator.next();
for(int i=0; i<diff;i++){
if(element == userQuestionList.get(questionNumber+i)){
try{
//LOGGER.info("REMOVE");
iterator.remove();
} catch (UnsupportedOperationException uoe) {
LOGGER.info(uoe.getStackTrace().toString());
}
}
}
}*/
}
} catch (Exception ex) {
result.recordFatalError("Couldn't load system configuration.", ex);
}
add(mainForm);
mainForm.add(getPanels(pqPanels));
initButtons(mainForm);
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)
Form(org.apache.wicket.markup.html.form.Form)
SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)
MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
CredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType)
RestartResponseException(org.apache.wicket.RestartResponseException)
EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException)
Aggregations
SecurityQuestionDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)5
MyPasswordQuestionsPanel (com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)3
SecurityQuestionAnswerDTO (com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)3
Iterator (java.util.Iterator)3
RestartResponseException (org.apache.wicket.RestartResponseException)2
Form (org.apache.wicket.markup.html.form.Form)2
SecurityQuestionsAuthenticationContext (com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)1
PrismObject (com.evolveum.midpoint.prism.PrismObject)1
EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)1
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1
Task (com.evolveum.midpoint.task.api.Task)1
CredentialsPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType)1
SecurityPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType)1
SecurityQuestionAnswerType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)1
UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)1
JsonFactory (com.fasterxml.jackson.core.JsonFactory)1
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
ArrayNode (com.fasterxml.jackson.databind.node.ArrayNode)1
MissingNode (com.fasterxml.jackson.databind.node.MissingNode)1
