Examples with MidpointAuthentication com.evolveum.midpoint.authentication.api.config.MidpointAuthentication used on opensource projects

Search in sources :

Example 16 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class OidcAuthorizationRequestRedirectFilter method unsuccessfulAuthentication.

protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
    String channel;
    Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
    if (actualAuthentication instanceof MidpointAuthentication && ((MidpointAuthentication) actualAuthentication).getAuthenticationChannel() != null) {
        channel = ((MidpointAuthentication) actualAuthentication).getAuthenticationChannel().getChannelId();
    } else {
        channel = SchemaConstants.CHANNEL_USER_URI;
    }
    auditProvider.auditLoginFailure("unknown user", null, ConnectionEnvironment.create(channel), "OIDC authentication module: " + failed.getMessage());
    this.failureHandler.onAuthenticationFailure(request, response, failed);
}
Also used : MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 17 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class OidcAuthorizationRequestRedirectFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication instanceof MidpointAuthentication) {
        MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
        OidcClientModuleAuthenticationImpl moduleAuthentication = (OidcClientModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
        try {
            OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request);
            if (authorizationRequest != null) {
                this.sendRedirectForAuthorization(request, response, authorizationRequest);
                moduleAuthentication.setRequestState(RequestState.SENDED);
                return;
            }
        } catch (Exception ex) {
            unsuccessfulAuthentication(request, response, new InternalAuthenticationServiceException("web.security.provider.invalid", ex));
            return;
        }
        try {
            filterChain.doFilter(request, response);
        } catch (IOException ex) {
            throw ex;
        } catch (Exception ex) {
            // Check to see if we need to handle ClientAuthorizationRequiredException
            Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(ex);
            ClientAuthorizationRequiredException authzEx = (ClientAuthorizationRequiredException) this.throwableAnalyzer.getFirstThrowableOfType(ClientAuthorizationRequiredException.class, causeChain);
            if (authzEx != null) {
                try {
                    OAuth2AuthorizationRequest authorizationRequest = this.authorizationRequestResolver.resolve(request, authzEx.getClientRegistrationId());
                    if (authorizationRequest == null) {
                        throw authzEx;
                    }
                    this.sendRedirectForAuthorization(request, response, authorizationRequest);
                    moduleAuthentication.setRequestState(RequestState.SENDED);
                    this.requestCache.saveRequest(request, response);
                } catch (Exception failed) {
                    unsuccessfulAuthentication(request, response, new InternalAuthenticationServiceException("web.security.provider.invalid", failed));
                }
                return;
            }
            if (ex instanceof ServletException) {
                throw (ServletException) ex;
            }
            if (ex instanceof RuntimeException) {
                throw (RuntimeException) ex;
            }
            throw new RuntimeException(ex);
        }
    } else {
        throw new AuthenticationServiceException("Unsupported type of Authentication");
    }
}
Also used : ServletException(javax.servlet.ServletException) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) OidcClientModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl) ClientAuthorizationRequiredException(org.springframework.security.oauth2.client.ClientAuthorizationRequiredException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) IOException(java.io.IOException) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) ServletException(javax.servlet.ServletException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) AuthenticationException(org.springframework.security.core.AuthenticationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) ClientAuthorizationRequiredException(org.springframework.security.oauth2.client.ClientAuthorizationRequiredException) IOException(java.io.IOException) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)

Example 18 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class OidcClientLogoutSuccessHandler method determineTargetUrl.

protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
    String targetUrl = null;
    if (authentication instanceof MidpointAuthentication) {
        MidpointAuthentication mPAuthentication = (MidpointAuthentication) authentication;
        ModuleAuthentication moduleAuthentication = mPAuthentication.getProcessingModuleAuthentication();
        if (moduleAuthentication instanceof OidcClientModuleAuthenticationImpl) {
            Authentication internalAuthentication = moduleAuthentication.getAuthentication();
            if (internalAuthentication instanceof PreAuthenticatedAuthenticationToken || internalAuthentication instanceof AnonymousAuthenticationToken) {
                Object details = internalAuthentication.getDetails();
                if (details instanceof OAuth2LoginAuthenticationToken && ((OAuth2LoginAuthenticationToken) details).getDetails() instanceof OidcUser) {
                    OAuth2LoginAuthenticationToken oidcAuthentication = (OAuth2LoginAuthenticationToken) details;
                    String registrationId = oidcAuthentication.getClientRegistration().getRegistrationId();
                    ClientRegistration clientRegistration = this.clientRegistrationRepository.findByRegistrationId(registrationId);
                    URI endSessionEndpoint = this.endSessionEndpoint(clientRegistration);
                    if (endSessionEndpoint != null) {
                        String idToken = this.idToken(oidcAuthentication);
                        String postLogoutRedirectUri = this.postLogoutRedirectUri(request);
                        targetUrl = this.endpointUri(endSessionEndpoint, idToken, postLogoutRedirectUri);
                    }
                }
            }
        }
    }
    return targetUrl != null ? targetUrl : super.determineTargetUrl(request, response);
}
Also used : ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) OidcClientModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) URI(java.net.URI) OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken) OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser)

Example 19 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class MidPointLdapAuthenticationProvider method doAuthentication.

protected DirContextOperations doAuthentication(DirContextOperations originalDirContextOperations) {
    if (originalDirContextOperations instanceof DirContextAdapter) {
        Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
        if (actualAuthentication instanceof MidpointAuthentication) {
            MidpointAuthentication mpAuthentication = (MidpointAuthentication) actualAuthentication;
            ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) getProcessingModule(mpAuthentication);
            if (moduleAuthentication instanceof LdapModuleAuthentication) {
                // HACK because of NP in DirContextAdapter(DirContextAdapter master)
                if (!originalDirContextOperations.isUpdateMode()) {
                    ((DirContextAdapter) originalDirContextOperations).setUpdateMode(true);
                    ((DirContextAdapter) originalDirContextOperations).setUpdateMode(false);
                }
                LdapDirContextAdapter mpDirContextAdapter = new LdapDirContextAdapter((DirContextAdapter) originalDirContextOperations);
                mpDirContextAdapter.setNamingAttr(((LdapModuleAuthentication) moduleAuthentication).getNamingAttribute());
                if (moduleAuthentication.getFocusType() != null) {
                    Class<FocusType> focusType = PrismContext.get().getSchemaRegistry().determineCompileTimeClass(moduleAuthentication.getFocusType());
                    mpDirContextAdapter.setFocusType(focusType);
                }
                return mpDirContextAdapter;
            }
        }
    }
    return originalDirContextOperations;
}
Also used : LdapDirContextAdapter(com.evolveum.midpoint.authentication.impl.ldap.LdapDirContextAdapter) ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl) LdapModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) LdapDirContextAdapter(com.evolveum.midpoint.authentication.impl.ldap.LdapDirContextAdapter) DirContextAdapter(org.springframework.ldap.core.DirContextAdapter) LdapModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 20 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class MidPointLdapAuthenticationProvider method createSuccessfulAuthentication.

protected void createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication, Authentication authNCtx) {
    Object principal = authNCtx.getPrincipal();
    if (!(principal instanceof MidPointPrincipal)) {
        recordPasswordAuthenticationFailure(authentication.getName(), "not contains required assignment");
        throw new BadCredentialsException("LdapAuthentication.incorrect.value");
    }
    MidPointPrincipal midPointPrincipal = (MidPointPrincipal) principal;
    FocusType focusType = midPointPrincipal.getFocus();
    Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
    if (actualAuthentication instanceof MidpointAuthentication) {
        MidpointAuthentication mpAuthentication = (MidpointAuthentication) actualAuthentication;
        List<ObjectReferenceType> requireAssignment = mpAuthentication.getSequence().getRequireAssignmentTarget();
        if (!AuthenticationEvaluatorUtil.checkRequiredAssignment(focusType.getAssignment(), requireAssignment)) {
            recordPasswordAuthenticationFailure(midPointPrincipal.getUsername(), "not contains required assignment");
            throw new InternalAuthenticationServiceException("web.security.flexAuth.invalid.required.assignment");
        }
    }
    recordPasswordAuthenticationSuccess(midPointPrincipal);
}
Also used : LdapModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Aggregations

MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)59 Authentication (org.springframework.security.core.Authentication)41 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)30 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)9 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)7 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)6 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)5 RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)4 HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)4 AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)3 LdapModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication)3 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3 Task (com.evolveum.midpoint.task.api.Task)3 AuthenticationException (org.springframework.security.core.AuthenticationException)3 OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)3 IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)2 CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2 MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2 OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)2 RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial