Example 1 with RedirectingAuthFilter
use of com.bakdata.conquery.models.auth.web.RedirectingAuthFilter in project conquery by bakdata.
the class JwtPkceVerifyingRealmFactory method createRealm.
public ConqueryAuthenticationRealm createRealm(ManagerNode manager) {
List<TokenVerifier.Predicate<AccessToken>> additionalVerifiers = new ArrayList<>();
for (String additionalTokenCheck : additionalTokenChecks) {
additionalVerifiers.add(ScriptedTokenChecker.create(additionalTokenCheck));
}
idpConfigurationSupplier = getIdpOptionsSupplier(manager.getClient());
authCookieCreator = manager.getConfig().getAuthentication()::createAuthCookie;
// Add login schema for admin end
final RedirectingAuthFilter redirectingAuthFilter = manager.getAuthController().getRedirectingAuthFilter();
redirectingAuthFilter.getAuthAttemptCheckers().add(this::checkAndRedeemAuthzCode);
redirectingAuthFilter.getAuthAttemptCheckers().add(this::checkAndRedeemRefreshToken);
redirectingAuthFilter.getLoginInitiators().add(this::initiateLogin);
return new JwtPkceVerifyingRealm(idpConfigurationSupplier, client, additionalVerifiers, alternativeIdClaims, manager.getStorage(), tokenLeeway);
}
Also used :
JwtPkceVerifyingRealm(com.bakdata.conquery.models.auth.oidc.JwtPkceVerifyingRealm)
RedirectingAuthFilter(com.bakdata.conquery.models.auth.web.RedirectingAuthFilter)
Example 2 with RedirectingAuthFilter
use of com.bakdata.conquery.models.auth.web.RedirectingAuthFilter in project conquery by bakdata.
the class LocalAuthenticationConfig method createRealm.
@Override
public ConqueryAuthenticationRealm createRealm(ManagerNode manager) {
// Token extractor is not needed because this realm depends on the ConqueryTokenRealm
manager.getAuthController().getAuthenticationFilter().registerTokenExtractor(JWTokenHandler::extractToken);
LocalAuthenticationRealm realm = new LocalAuthenticationRealm(manager.getValidator(), Jackson.copyMapperAndInjectables(Jackson.BINARY_MAPPER), manager.getAuthController().getConqueryTokenRealm(), storeName, directory, passwordStoreConfig, jwtDuration);
UserAuthenticationManagementProcessor processor = new UserAuthenticationManagementProcessor(realm, manager.getStorage());
// Register resources for users to exchange username and password for an access token
registerAdminUnprotectedAuthenticationResources(manager.getUnprotectedAuthAdmin(), realm);
registerApiUnprotectedAuthenticationResources(manager.getUnprotectedAuthApi(), realm);
registerAuthenticationAdminResources(manager.getAdmin().getJerseyConfig(), processor);
// Add login schema for admin end
final RedirectingAuthFilter redirectingAuthFilter = manager.getAuthController().getRedirectingAuthFilter();
redirectingAuthFilter.getLoginInitiators().add(loginProvider(manager.getUnprotectedAuthAdmin()));
return realm;
}
Also used :
JWTokenHandler(com.bakdata.conquery.models.auth.basic.JWTokenHandler)
LocalAuthenticationRealm(com.bakdata.conquery.models.auth.basic.LocalAuthenticationRealm)
UserAuthenticationManagementProcessor(com.bakdata.conquery.models.auth.basic.UserAuthenticationManagementProcessor)
RedirectingAuthFilter(com.bakdata.conquery.models.auth.web.RedirectingAuthFilter)
Aggregations
RedirectingAuthFilter (com.bakdata.conquery.models.auth.web.RedirectingAuthFilter)2
JWTokenHandler (com.bakdata.conquery.models.auth.basic.JWTokenHandler)1
LocalAuthenticationRealm (com.bakdata.conquery.models.auth.basic.LocalAuthenticationRealm)1
UserAuthenticationManagementProcessor (com.bakdata.conquery.models.auth.basic.UserAuthenticationManagementProcessor)1
JwtPkceVerifyingRealm (com.bakdata.conquery.models.auth.oidc.JwtPkceVerifyingRealm)1
