use of eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication in project CzechIdMng by bcvsolutions.
the class AbstractIntegrationTest method loginAsNoAdmin.
/**
* User will be logged as user with all authorities without APP_ADMIN
*
* Lookout: security context is mocked
*
* @param user
*/
public void loginAsNoAdmin(String user) {
Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
return !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
}).collect(Collectors.toList());
IdmIdentityDto identity = (IdmIdentityDto) lookupService.getDtoLookup(IdmIdentityDto.class).lookup(user);
SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(identity, null, authorities, "test"));
}
use of eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication in project CzechIdMng by bcvsolutions.
the class OAuthAuthenticationManager method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!(authentication instanceof IdmJwtAuthentication)) {
throw new IdmAuthenticationException("Unsupported granted authority " + authentication.getClass().getName());
}
//
IdmJwtAuthentication idmJwtAuthentication = verifyAuthentication(authentication);
// Set logged user to workflow engine
workflowIdentityService.setAuthenticatedUserId(idmJwtAuthentication.getCurrentUsername());
// set authentication
securityService.setAuthentication(idmJwtAuthentication);
//
return idmJwtAuthentication;
}
use of eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication in project CzechIdMng by bcvsolutions.
the class JwtAuthenticationMapper method fromDto.
/**
* Converts dto to authentication.
*
* @param token
* @return
*/
public IdmJwtAuthentication fromDto(IdmTokenDto token) {
Assert.notNull(token, "Token is required.");
//
List<GrantedAuthority> grantedAuthorities = getDtoAuthorities(token).stream().map(authority -> new DefaultGrantedAuthority(authority.getAuthority())).collect(Collectors.toList());
//
IdmJwtAuthentication authentication = new IdmJwtAuthentication(new IdmIdentityDto(token.getProperties().getUuid(PROPERTY_CURRENT_IDENTITY_ID), token.getProperties().getString(PROPERTY_CURRENT_USERNAME)), new IdmIdentityDto(token.getProperties().getUuid(PROPERTY_ORIGINAL_IDENTITY_ID), token.getProperties().getString(PROPERTY_ORIGINAL_USERNAME)), token.getExpiration(), token.getIssuedAt(), grantedAuthorities, token.getModuleId());
authentication.setId(token.getId());
//
return authentication;
}
use of eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication in project CzechIdMng by bcvsolutions.
the class DefaultJwtAuthenticationService method login.
/**
* Create login response with filled token and authorities.
*
* @param loginDto login request
* @param token cidmst token
* @return login response
*/
private LoginDto login(LoginDto loginDto, IdmTokenDto token) {
IdmJwtAuthentication authentication = jwtTokenMapper.fromDto(token);
//
oauthAuthenticationManager.authenticate(authentication);
//
LoginDto result = new LoginDto();
result.setUsername(loginDto.getUsername());
result.setSkipMustChange(loginDto.isSkipMustChange());
result.setPassword(loginDto.getPassword());
result.setAuthenticationModule(token.getModuleId());
IdmJwtAuthenticationDto authenticationDto = jwtTokenMapper.toDto(token);
result.setAuthentication(authenticationDto);
result.setToken(jwtTokenMapper.writeToken(authenticationDto));
result.setAuthorities(jwtTokenMapper.getDtoAuthorities(token));
//
return result;
}
use of eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication in project CzechIdMng by bcvsolutions.
the class JwtIdmAuthenticationFilter method authorize.
@Override
public boolean authorize(String token, HttpServletRequest request, HttpServletResponse response) {
IdmJwtAuthenticationDto claims = null;
try {
Optional<Jwt> jwt = HttpFilterUtils.parseToken(token);
if (!jwt.isPresent()) {
return false;
}
HttpFilterUtils.verifyToken(jwt.get(), jwtTokenMapper.getVerifier());
// authentication dto from request
claims = jwtTokenMapper.getClaims(jwt.get());
// we need to check expiration, before current (automatically prolonged) token is used by mapper
if (claims.getExpiration() != null && claims.getExpiration().isBefore(ZonedDateTime.now())) {
throw new ResultCodeException(CoreResultCode.AUTH_EXPIRED);
}
// resolve actual authentication from given authentication dto (token is loaded)
IdmJwtAuthentication authentication = jwtTokenMapper.fromDto(claims);
// set current authentication dto to context
ctx.setToken(jwtTokenMapper.toDto(authentication));
// try to authenticate
Authentication auth = authenticationManager.authenticate(authentication);
LOG.debug("User [{}] successfully logged in.", auth.getName());
return auth.isAuthenticated();
} catch (ResultCodeException ex) {
String statusEnum = ex.getError().getError().getStatusEnum();
if (CoreResultCode.TOKEN_NOT_FOUND.getCode().equals(statusEnum) || CoreResultCode.AUTHORITIES_CHANGED.getCode().equals(statusEnum) || CoreResultCode.AUTH_EXPIRED.getCode().equals(statusEnum)) {
LOG.warn("Invalid token, reason: [{}]", ex.getMessage());
ctx.setCodeEx(ex);
// only expired or authorities changed
ctx.setToken(claims);
} else {
// publish additional authentication requirement
throw ex;
}
} catch (AuthenticationException ex) {
LOG.warn("Invalid authentication, reason: [{}]", ex.getMessage());
ctx.setAuthEx(ex);
} catch (InvalidSignatureException | IOException | IllegalArgumentException ex) {
// client sent some rubbish, just log and ignore
LOG.warn("Invalid IdM auth token received.", ex);
}
return false;
}
Aggregations