Example 1 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class PageLogin method getUrlProcessingLogin.
private String getUrlProcessingLogin() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication != null && (AuthenticationModuleNameConstants.LOGIN_FORM.equals(moduleAuthentication.getNameOfModuleType()) || AuthenticationModuleNameConstants.LDAP.equals(moduleAuthentication.getNameOfModuleType()))) {
String prefix = moduleAuthentication.getPrefix();
return AuthUtil.stripSlashes(prefix) + "/spring_security_login";
}
}
return "./spring_security_login";
}
Also used :
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 2 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class HttpSecurityQuestionsAuthenticationEntryPoint method commence.
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
try {
if (authentication instanceof MidpointAuthentication) {
if (request.getHeader(AUTHENTICATION_HEADER) != null && request.getHeader(AUTHENTICATION_HEADER).toLowerCase().startsWith(AuthenticationModuleNameConstants.SECURITY_QUESTIONS.toLowerCase())) {
String header = request.getHeader(AUTHENTICATION_HEADER);
if (header.equalsIgnoreCase(AuthenticationModuleNameConstants.SECURITY_QUESTIONS)) {
createSecurityQuestionAbortMessage(response, DEFAULT_JSON);
} else {
byte[] jsonByte = Base64Utility.decode(header.substring(AuthenticationModuleNameConstants.SECURITY_QUESTIONS.length() + 1));
String json = new String(jsonByte);
JSONObject jsonObject = new JSONObject(json);
if (jsonObject.keySet().size() == 1 && jsonObject.keySet().contains(HttpSecurityQuestionsAuthenticationFilter.J_USER)) {
String username = jsonObject.getString(HttpSecurityQuestionsAuthenticationFilter.J_USER);
SearchResultList<PrismObject<UserType>> users = searchUser(username);
if (users == null || users.size() != 1) {
super.commence(request, response, authException);
return;
}
PrismObject<UserType> user = users.get(0);
JSONArray answers = generateAnswer(user);
if (answers == null) {
super.commence(request, response, authException);
return;
}
jsonObject.putOpt(HttpSecurityQuestionsAuthenticationFilter.J_ANSWER, answers);
createSecurityQuestionAbortMessage(response, jsonObject.toString());
} else {
super.commence(request, response, authException);
return;
}
}
} else {
super.commence(request, response, authException);
return;
}
}
} catch (Exception e) {
LOGGER.error(e.getMessage(), e);
super.commence(request, response, authException);
return;
}
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
Also used :
PrismObject(com.evolveum.midpoint.prism.PrismObject)
JSONObject(com.github.openjson.JSONObject)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
JSONArray(com.github.openjson.JSONArray)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
AuthenticationException(org.springframework.security.core.AuthenticationException)
IOException(java.io.IOException)
Example 3 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class OidcLoginAuthenticationFilter method attemptAuthentication.
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
MultiValueMap<String, String> params = toMultiMap(request.getParameterMap());
if (!isAuthorizationResponse(params)) {
OAuth2Error oauth2Error = new OAuth2Error(INVALID_REQUEST_ERROR_CODE);
throw new OAuth2AuthenticationException(oauth2Error, "web.security.provider.invalid");
} else {
OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.removeAuthorizationRequest(request, response);
if (authorizationRequest == null) {
OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
throw new OAuth2AuthenticationException(oauth2Error, "web.security.provider.invalid");
} else {
String registrationId = authorizationRequest.getAttribute("registration_id");
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
if (clientRegistration == null) {
OAuth2Error oauth2Error = new OAuth2Error(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE, "Client Registration not found with Id: " + registrationId, null);
throw new OAuth2AuthenticationException(oauth2Error, "web.security.provider.invalid");
} else {
String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null).build().toUriString();
OAuth2AuthorizationResponse authorizationResponse = convert(params, redirectUri);
OAuth2LoginAuthenticationToken authenticationRequest = new OAuth2LoginAuthenticationToken(clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
MidpointAuthentication authenticationResult = (MidpointAuthentication) this.getAuthenticationManager().authenticate(authenticationRequest);
Assert.notNull(authenticationResult, "authentication result cannot be null");
return authenticationResult;
}
}
}
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)
OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error)
OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)
OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)
Example 4 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class AbstractCredentialProvider method supports.
public boolean supports(Class<?> authenticationClass, Authentication authentication) {
if (!(authentication instanceof MidpointAuthentication)) {
return supports(authenticationClass);
}
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) getProcessingModule(mpAuthentication);
if (moduleAuthentication == null || moduleAuthentication.getAuthentication() == null) {
return false;
}
if (moduleAuthentication.getAuthentication() instanceof AnonymousAuthenticationToken) {
// hack for specific situation when user is anonymous, but accessDecisionManager resolve it
return true;
}
if (moduleAuthentication instanceof CredentialModuleAuthenticationImpl) {
Class<? extends CredentialPolicyType> moduleCredentialType = ((CredentialModuleAuthenticationImpl) moduleAuthentication).getCredentialType();
if (moduleCredentialType == null) {
return false;
}
if (!getTypeOfCredential().equals(moduleCredentialType)) {
return false;
}
}
return supports(moduleAuthentication.getAuthentication().getClass());
}
Also used :
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
CredentialModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.CredentialModuleAuthenticationImpl)
CredentialModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.CredentialModuleAuthenticationImpl)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 5 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class MidPointAbstractAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication originalAuthentication) throws AuthenticationException {
AuthenticationRequirements authRequirements = new AuthenticationRequirements();
try {
Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
Authentication processingAuthentication = originalAuthentication;
if (isAnonymous(originalAuthentication)) {
// hack for specific situation when user is anonymous, but accessDecisionManager resolve it
return originalAuthentication;
}
processingAuthentication = initAuthRequirements(processingAuthentication, originalAuthentication, actualAuthentication, authRequirements);
Authentication token = internalAuthentication(processingAuthentication, authRequirements.requireAssignment, authRequirements.channel, authRequirements.focusType);
if (actualAuthentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) actualAuthentication;
ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) getProcessingModule(mpAuthentication);
if (token.getPrincipal() instanceof MidPointPrincipal) {
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
token = createNewAuthenticationToken(token, mpAuthentication.getAuthenticationChannel().resolveAuthorities(principal.getAuthorities()));
} else {
token = createNewAuthenticationToken(token, token.getAuthorities());
}
writeAuthentication(processingAuthentication, mpAuthentication, moduleAuthentication, token);
return mpAuthentication;
}
return token;
} catch (RuntimeException | Error e) {
// Make sure to explicitly log all runtime errors here. Spring security is doing very poor job and does not log this properly.
LOGGER.error("Authentication (runtime) error: {}", e.getMessage(), e);
throw e;
}
}
Also used :
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Aggregations
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)59
Authentication (org.springframework.security.core.Authentication)41
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)30
ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)9
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)7
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)6
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)5
RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)4
HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)4
AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)3
LdapModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication)3
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3
Task (com.evolveum.midpoint.task.api.Task)3
AuthenticationException (org.springframework.security.core.AuthenticationException)3
OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)3
IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)2
CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2
MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2
OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)2
RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)2
