Example 1 with CredentialModuleAuthentication
use of com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication in project midpoint by Evolveum.
the class PageEmailNonse method getMailNoncePolicy.
private NonceCredentialsPolicyType getMailNoncePolicy(PrismObject<UserType> user) {
SecurityPolicyType securityPolicy = resolveSecurityPolicy(user);
LOGGER.trace("Found security policy: {}", securityPolicy);
if (securityPolicy == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("No security policy, cannot process nonce credential");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageEmailNonse.class);
}
if (securityPolicy.getCredentials() == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("No credential for security policy, cannot process nonce credential");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageEmailNonse.class);
}
if (securityPolicy.getCredentials().getNonce() == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("No nonce credential for security policy, cannot process nonce credential");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageEmailNonse.class);
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof MidpointAuthentication)) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("Bad type of authentication, support only MidpointAuthentication, but is " + authentication != null ? authentication.getClass().getName() : null);
throw new RestartResponseException(PageEmailNonse.class);
}
ModuleAuthentication moduleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
if (!(moduleAuthentication instanceof CredentialModuleAuthentication) && !AuthenticationModuleNameConstants.MAIL_NONCE.equals(moduleAuthentication.getNameOfModuleType())) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("Bad type of module authentication, support only EmailNonceModuleAuthentication, but is " + moduleAuthentication != null ? moduleAuthentication.getClass().getName() : null);
throw new RestartResponseException(PageEmailNonse.class);
}
CredentialModuleAuthentication nonceAuth = (CredentialModuleAuthentication) moduleAuthentication;
String credentialName = nonceAuth.getCredentialName();
if (credentialName == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("EmailNonceModuleAuthentication " + nonceAuth.getNameOfModule() + " haven't define name of credential");
throw new RestartResponseException(PageEmailNonse.class);
}
NonceCredentialsPolicyType credentialByName = null;
for (NonceCredentialsPolicyType credential : securityPolicy.getCredentials().getNonce()) {
if (credentialName != null && credentialName.equals(credential.getName())) {
credentialByName = credential;
}
}
if (credentialByName == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("Couldn't find nonce credentials by name " + credentialName);
throw new RestartResponseException(PageEmailNonse.class);
}
return credentialByName;
}
Also used :
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
RestartResponseException(org.apache.wicket.RestartResponseException)
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 2 with CredentialModuleAuthentication
use of com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication in project midpoint by Evolveum.
the class SelfRegistrationDto method init.
private void init(SecurityPolicyType securityPolicy, SelfRegistrationPolicyType selfRegistration) throws SchemaException {
this.name = selfRegistration.getName();
this.defaultRoles = selfRegistration.getDefaultRole();
this.initialLifecycleState = selfRegistration.getInitialLifecycleState();
this.requiredLifecycleState = selfRegistration.getRequiredLifecycleState();
this.additionalAuthentication = selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence();
this.authenticationPolicy = securityPolicy.getAuthentication();
this.formRef = selfRegistration.getFormRef();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
CredentialModuleAuthentication mailModuleAuthentication = null;
if (authentication instanceof MidpointAuthentication) {
ModuleAuthentication moduleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
if (moduleAuthentication instanceof CredentialModuleAuthentication && AuthenticationModuleNameConstants.MAIL_NONCE.equals(moduleAuthentication.getNameOfModuleType())) {
mailModuleAuthentication = (CredentialModuleAuthentication) moduleAuthentication;
}
}
if (mailModuleAuthentication != null && mailModuleAuthentication.getCredentialName() != null) {
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(mailModuleAuthentication.getCredentialName(), securityPolicy);
} else {
AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil.getAuthenticationPolicy(selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence(), securityPolicy);
if (authPolicy instanceof MailAuthenticationPolicyType) {
this.mailAuthenticationPolicy = (MailAuthenticationPolicyType) authPolicy;
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(((MailAuthenticationPolicyType) authPolicy).getMailNonce(), securityPolicy);
} else if (authPolicy instanceof SmsAuthenticationPolicyType) {
this.smsAuthenticationPolicy = (SmsAuthenticationPolicyType) authPolicy;
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(((SmsAuthenticationPolicyType) authPolicy).getSmsNonce(), securityPolicy);
}
}
}
Also used :
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Aggregations
CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)2
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)2
Authentication (org.springframework.security.core.Authentication)2
RestartResponseException (org.apache.wicket.RestartResponseException)1
