Example 21 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class MidPointAbstractAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication originalAuthentication) throws AuthenticationException {
AuthenticationRequirements authRequirements = new AuthenticationRequirements();
try {
Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
Authentication processingAuthentication = originalAuthentication;
if (isAnonymous(originalAuthentication)) {
// hack for specific situation when user is anonymous, but accessDecisionManager resolve it
return originalAuthentication;
}
processingAuthentication = initAuthRequirements(processingAuthentication, originalAuthentication, actualAuthentication, authRequirements);
Authentication token = internalAuthentication(processingAuthentication, authRequirements.requireAssignment, authRequirements.channel, authRequirements.focusType);
if (actualAuthentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) actualAuthentication;
ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) getProcessingModule(mpAuthentication);
if (token.getPrincipal() instanceof MidPointPrincipal) {
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
token = createNewAuthenticationToken(token, mpAuthentication.getAuthenticationChannel().resolveAuthorities(principal.getAuthorities()));
} else {
token = createNewAuthenticationToken(token, token.getAuthorities());
}
writeAuthentication(processingAuthentication, mpAuthentication, moduleAuthentication, token);
return mpAuthentication;
}
return token;
} catch (RuntimeException | Error e) {
// Make sure to explicitly log all runtime errors here. Spring security is doing very poor job and does not log this properly.
LOGGER.error("Authentication (runtime) error: {}", e.getMessage(), e);
throw e;
}
}
Also used :
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 22 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class MidPointAbstractAuthenticationProvider method createEnvironment.
protected ConnectionEnvironment createEnvironment(AuthenticationChannel channel) {
if (channel != null) {
ConnectionEnvironment connEnv = ConnectionEnvironment.create(channel.getChannelId());
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof MidpointAuthentication) {
connEnv.setSessionIdOverride(((MidpointAuthentication) authentication).getSessionId());
}
return connEnv;
} else {
return ConnectionEnvironment.create(SchemaConstants.CHANNEL_USER_URI);
}
}
Also used :
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
Example 23 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class MidPointAbstractAuthenticationProvider method isAnonymous.
private boolean isAnonymous(Authentication originalAuthentication) {
if (originalAuthentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) originalAuthentication;
ModuleAuthentication moduleAuthentication = getProcessingModule(mpAuthentication);
return moduleAuthentication.getAuthentication() instanceof AnonymousAuthenticationToken;
}
return false;
}
Also used :
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 24 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class AuthSequenceUtil method doRemoteFilter.
public static void doRemoteFilter(ServletRequest req, ServletResponse res, FilterChain chain, RemoteAuthenticationFilter remoteFilter) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
boolean sendedRequest = false;
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
RemoteModuleAuthenticationImpl moduleAuthentication = (RemoteModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication != null && RequestState.SENDED.equals(moduleAuthentication.getRequestState())) {
sendedRequest = true;
}
boolean requiresAuthentication = remoteFilter.requiresAuth((HttpServletRequest) req, (HttpServletResponse) res);
if (!requiresAuthentication && sendedRequest) {
AuthenticationServiceException exception = new AuthenticationServiceException("web.security.flexAuth.oidc.not.response");
remoteFilter.unsuccessfulAuth((HttpServletRequest) req, (HttpServletResponse) res, exception);
} else {
if (moduleAuthentication != null && requiresAuthentication && sendedRequest) {
moduleAuthentication.setRequestState(RequestState.RECEIVED);
}
remoteFilter.doAuth(req, res, chain);
}
} else {
throw new AuthenticationServiceException("Unsupported type of Authentication");
}
}
Also used :
RemoteModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)
Authentication(org.springframework.security.core.Authentication)
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 25 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class MidpointHttpServletRequest method getServletPath.
@Override
public String getServletPath() {
if (needChangePath()) {
MidpointAuthentication mpAuth = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
String path = AuthSequenceUtil.searchPathByChannel(mpAuth.getAuthenticationChannel().getChannelId());
if (StringUtils.isNotEmpty(path) && path.contains("/")) {
return "/" + path.split("/")[0];
}
return "/" + path;
}
return super.getServletPath();
}
Also used :
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Aggregations
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)59
Authentication (org.springframework.security.core.Authentication)41
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)30
ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)9
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)7
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)6
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)5
RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)4
HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)4
AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)3
LdapModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication)3
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3
Task (com.evolveum.midpoint.task.api.Task)3
AuthenticationException (org.springframework.security.core.AuthenticationException)3
OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)3
IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)2
CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2
MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2
OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)2
RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)2
