Example 11 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class RemoteAuthenticationFilter method doRemoteFilter.
default void doRemoteFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
boolean sentRequest = false;
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
RemoteModuleAuthenticationImpl moduleAuthentication = (RemoteModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication != null && RequestState.SENDED.equals(moduleAuthentication.getRequestState())) {
sentRequest = true;
}
boolean requiresAuthentication = requiresAuth((HttpServletRequest) req, (HttpServletResponse) res);
if (!requiresAuthentication && sentRequest) {
AuthenticationServiceException exception = new AuthenticationServiceException(getErrorMessageKeyNotResponse());
unsuccessfulAuth((HttpServletRequest) req, (HttpServletResponse) res, exception);
} else {
if (moduleAuthentication != null && requiresAuthentication && sentRequest) {
moduleAuthentication.setRequestState(RequestState.RECEIVED);
}
doAuth(req, res, chain);
}
} else {
throw new AuthenticationServiceException("Unsupported type of Authentication");
}
}
Also used :
RemoteModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 12 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class RedirectForLoginPagesWithAuthenticationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication instanceof MidpointAuthentication && authentication.isAuthenticated() && AuthSequenceUtil.isLoginPage(request)) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
redirectStrategy.sendRedirect(request, response, mpAuthentication.getAuthenticationChannel().getPathAfterSuccessfulAuthentication());
} else {
filterChain.doFilter(request, response);
}
}
Also used :
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 13 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class OidcClientModuleAuthenticationImpl method clone.
@Override
public ModuleAuthenticationImpl clone() {
OidcClientModuleAuthenticationImpl module = new OidcClientModuleAuthenticationImpl();
module.setClientsRepository(this.getClientsRepository());
module.setProviders(this.getProviders());
Authentication actualAuth = SecurityContextHolder.getContext().getAuthentication();
Authentication newAuthentication = this.getAuthentication();
if (actualAuth instanceof MidpointAuthentication && ((MidpointAuthentication) actualAuth).getAuthentications() != null && !((MidpointAuthentication) actualAuth).getAuthentications().isEmpty()) {
ModuleAuthentication actualModule = ((MidpointAuthentication) actualAuth).getAuthentications().get(0);
if (actualModule instanceof OidcClientModuleAuthenticationImpl && actualModule.getAuthentication() instanceof OAuth2LoginAuthenticationToken) {
newAuthentication = actualModule.getAuthentication();
}
}
module.setAuthentication(newAuthentication);
super.clone(module);
return module;
}
Also used :
RemoteModuleAuthentication(com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
RemoteModuleAuthentication(com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)
Example 14 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class OidcLoginAuthenticationFilter method attemptAuthentication.
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
MultiValueMap<String, String> params = toMultiMap(request.getParameterMap());
if (!isAuthorizationResponse(params)) {
OAuth2Error oauth2Error = new OAuth2Error(INVALID_REQUEST_ERROR_CODE);
throw new OAuth2AuthenticationException(oauth2Error, "web.security.provider.invalid");
} else {
OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestRepository.removeAuthorizationRequest(request, response);
if (authorizationRequest == null) {
OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
throw new OAuth2AuthenticationException(oauth2Error, "web.security.provider.invalid");
} else {
String registrationId = authorizationRequest.getAttribute("registration_id");
ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
if (clientRegistration == null) {
OAuth2Error oauth2Error = new OAuth2Error(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE, "Client Registration not found with Id: " + registrationId, null);
throw new OAuth2AuthenticationException(oauth2Error, "web.security.provider.invalid");
} else {
String redirectUri = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(request)).replaceQuery(null).build().toUriString();
OAuth2AuthorizationResponse authorizationResponse = convert(params, redirectUri);
OAuth2LoginAuthenticationToken authenticationRequest = new OAuth2LoginAuthenticationToken(clientRegistration, new OAuth2AuthorizationExchange(authorizationRequest, authorizationResponse));
MidpointAuthentication authenticationResult = (MidpointAuthentication) this.getAuthenticationManager().authenticate(authenticationRequest);
Assert.notNull(authenticationResult, "authentication result cannot be null");
return authenticationResult;
}
}
}
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)
OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error)
OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)
OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)
Example 15 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class AbstractCredentialProvider method supports.
public boolean supports(Class<?> authenticationClass, Authentication authentication) {
if (!(authentication instanceof MidpointAuthentication)) {
return supports(authenticationClass);
}
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) getProcessingModule(mpAuthentication);
if (moduleAuthentication == null || moduleAuthentication.getAuthentication() == null) {
return false;
}
if (moduleAuthentication.getAuthentication() instanceof AnonymousAuthenticationToken) {
// hack for specific situation when user is anonymous, but accessDecisionManager resolve it
return true;
}
if (moduleAuthentication instanceof CredentialModuleAuthenticationImpl) {
Class<? extends CredentialPolicyType> moduleCredentialType = ((CredentialModuleAuthenticationImpl) moduleAuthentication).getCredentialType();
if (moduleCredentialType == null) {
return false;
}
if (!getTypeOfCredential().equals(moduleCredentialType)) {
return false;
}
}
return supports(moduleAuthentication.getAuthentication().getClass());
}
Also used :
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
CredentialModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.CredentialModuleAuthenticationImpl)
CredentialModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.CredentialModuleAuthenticationImpl)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Aggregations
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)59
Authentication (org.springframework.security.core.Authentication)41
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)30
ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)9
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)7
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)6
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)5
RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)4
HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)4
AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)3
LdapModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication)3
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3
Task (com.evolveum.midpoint.task.api.Task)3
AuthenticationException (org.springframework.security.core.AuthenticationException)3
OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)3
IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)2
CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2
MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2
OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)2
RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)2
