Examples with MidpointAuthentication com.evolveum.midpoint.authentication.api.config.MidpointAuthentication used on opensource projects

Search in sources :

Example 6 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class MidpointAuthFilter method createMpAuthentication.

private void createMpAuthentication(HttpServletRequest httpRequest, AuthenticationWrapper authWrapper) {
    MidpointAuthentication mpAuthentication = new MidpointAuthentication(authWrapper.sequence);
    mpAuthentication.setAuthModules(authWrapper.authModules);
    mpAuthentication.setSessionId(httpRequest.getSession(false) != null ? httpRequest.getSession(false).getId() : RandomStringUtils.random(30, true, true).toUpperCase());
    mpAuthentication.addAuthentications(authWrapper.authModules.get(0).getBaseModuleAuthentication());
    SecurityContextHolder.getContext().setAuthentication(null);
    SecurityContextHolder.getContext().setAuthentication(mpAuthentication);
}
Also used : MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 7 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class AuditedAccessDeniedHandler method auditEvent.

private void auditEvent(HttpServletRequest request, Authentication authentication, AccessDeniedException accessDeniedException) {
    // Eventually we should get this from the caller
    OperationResult result = new OperationResult(OP_AUDIT_EVENT);
    MidPointPrincipal principal = AuthUtil.getPrincipalUser(authentication);
    PrismObject<? extends FocusType> user = principal != null ? principal.getFocus().asPrismObject() : null;
    String channel = SchemaConstants.CHANNEL_USER_URI;
    if (authentication instanceof MidpointAuthentication && ((MidpointAuthentication) authentication).getAuthenticationChannel() != null) {
        channel = ((MidpointAuthentication) authentication).getAuthenticationChannel().getChannelId();
    }
    Task task = taskManager.createTaskInstance();
    task.setOwner(user);
    task.setChannel(channel);
    AuditEventRecord record = new AuditEventRecord(AuditEventType.CREATE_SESSION, AuditEventStage.REQUEST);
    record.setInitiator(user);
    record.setParameter(AuthSequenceUtil.getName(user));
    record.setChannel(channel);
    record.setTimestamp(System.currentTimeMillis());
    record.setOutcome(OperationResultStatus.FATAL_ERROR);
    // probably not needed, as audit service would take care of it; but it doesn't hurt so let's keep it here
    record.setHostIdentifier(request.getLocalName());
    record.setRemoteHostAddress(request.getLocalAddr());
    record.setNodeIdentifier(taskManager.getNodeId());
    record.setSessionIdentifier(request.getRequestedSessionId());
    record.setMessage(accessDeniedException.getMessage());
    auditService.audit(record, task, result);
}
Also used : Task(com.evolveum.midpoint.task.api.Task) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 8 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class MidPointAuthenticationSuccessHandler method onAuthenticationSuccess.

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
    String urlSuffix = AuthConstants.DEFAULT_PATH_AFTER_LOGIN;
    String authenticatedChannel = null;
    if (authentication instanceof MidpointAuthentication) {
        MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
        ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
        moduleAuthentication.setState(AuthenticationModuleState.SUCCESSFULLY);
        if (mpAuthentication.getAuthenticationChannel() != null) {
            authenticatedChannel = mpAuthentication.getAuthenticationChannel().getChannelId();
            if (mpAuthentication.isAuthenticated()) {
                urlSuffix = mpAuthentication.getAuthenticationChannel().getPathAfterSuccessfulAuthentication();
                mpAuthentication.getAuthenticationChannel().postSuccessAuthenticationProcessing();
                if (mpAuthentication.getAuthenticationChannel().isPostAuthenticationEnabled()) {
                    getRedirectStrategy().sendRedirect(request, response, urlSuffix);
                    return;
                }
            } else {
                urlSuffix = mpAuthentication.getAuthenticationChannel().getPathDuringProccessing();
            }
        }
    }
    SavedRequest savedRequest = requestCache.getRequest(request, response);
    if (savedRequest != null && savedRequest.getRedirectUrl().contains(ModuleWebSecurityConfigurationImpl.DEFAULT_PREFIX_OF_MODULE_WITH_SLASH + "/")) {
        String target = savedRequest.getRedirectUrl().substring(0, savedRequest.getRedirectUrl().indexOf(ModuleWebSecurityConfigurationImpl.DEFAULT_PREFIX_OF_MODULE_WITH_SLASH + "/")) + urlSuffix;
        getRedirectStrategy().sendRedirect(request, response, target);
        return;
    }
    if (savedRequest != null && authenticatedChannel != null) {
        int startIndex = savedRequest.getRedirectUrl().indexOf(request.getContextPath()) + request.getContextPath().length();
        int endIndex = savedRequest.getRedirectUrl().length() - 1;
        String channelSavedRequest = null;
        if ((startIndex < endIndex)) {
            String localePath = savedRequest.getRedirectUrl().substring(startIndex, endIndex);
            channelSavedRequest = AuthSequenceUtil.searchChannelByPath(localePath);
        }
        if (channelSavedRequest == null) {
            channelSavedRequest = SecurityPolicyUtil.DEFAULT_CHANNEL;
        }
        if (!(channelSavedRequest.equals(authenticatedChannel))) {
            getRedirectStrategy().sendRedirect(request, response, urlSuffix);
            return;
        }
    } else {
        setDefaultTargetUrl(urlSuffix);
    }
    super.onAuthenticationSuccess(request, response, authentication);
}
Also used : ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest)

Example 9 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class MidpointAuthenticationFailureHandler method onAuthenticationFailure.

@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    String urlSuffix = AuthConstants.DEFAULT_PATH_AFTER_LOGIN;
    if (authentication instanceof MidpointAuthentication) {
        MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
        if (mpAuthentication.isAuthenticated()) {
            getRedirectStrategy().sendRedirect(request, response, urlSuffix);
            return;
        }
        ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
        if (mpAuthentication.getAuthenticationChannel() != null) {
            if (mpAuthentication.isLast(moduleAuthentication) && mpAuthentication.getAuthenticationChannel().isDefault()) {
                urlSuffix = getPathAfterUnsuccessfulAuthentication(mpAuthentication.getAuthenticationChannel());
            } else {
                urlSuffix = mpAuthentication.getAuthenticationChannel().getPathDuringProccessing();
            }
        }
        moduleAuthentication.setState(AuthenticationModuleState.FAILURE);
    }
    saveException(request, exception);
    SavedRequest savedRequest = getRequestCache().getRequest(request, response);
    if (savedRequest == null || StringUtils.isBlank(savedRequest.getRedirectUrl()) || ((DefaultSavedRequest) savedRequest).getServletPath().startsWith(ModuleWebSecurityConfiguration.DEFAULT_PREFIX_OF_MODULE_WITH_SLASH)) {
        getRedirectStrategy().sendRedirect(request, response, urlSuffix);
        return;
    }
    getRedirectStrategy().sendRedirect(request, response, savedRequest.getRedirectUrl());
}
Also used : ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) DefaultSavedRequest(org.springframework.security.web.savedrequest.DefaultSavedRequest) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest) DefaultSavedRequest(org.springframework.security.web.savedrequest.DefaultSavedRequest)

Example 10 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class MidpointRequestHeaderAuthenticationFilter method requiresAuthentication.

private boolean requiresAuthentication() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication instanceof MidpointAuthentication) {
        MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
        ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
        if (moduleAuthentication != null && moduleAuthentication.getAuthentication() == null) {
            return true;
        }
    }
    return false;
}
Also used : ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Aggregations

MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)59 Authentication (org.springframework.security.core.Authentication)41 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)30 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)9 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)7 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)6 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)5 RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)4 HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)4 AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)3 LdapModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication)3 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3 Task (com.evolveum.midpoint.task.api.Task)3 AuthenticationException (org.springframework.security.core.AuthenticationException)3 OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)3 IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)2 CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2 MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2 OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)2 RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial