Example 26 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class AbstractPageRemoteAuthenticationSelect method getProviders.
private List<IdentityProvider> getProviders() {
List<IdentityProvider> providers = new ArrayList<>();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication instanceof RemoteModuleAuthentication) {
providers = ((RemoteModuleAuthentication) moduleAuthentication).getProviders();
if (providers.isEmpty()) {
String key = getErrorKeyEmptyProviders();
error(getString(key));
}
return providers;
}
String key = getErrorKeyUnsupportedType();
error(getString(key));
return providers;
}
String key = "web.security.flexAuth.unsupported.auth.type";
error(getString(key));
return providers;
}
Also used :
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
RemoteModuleAuthentication(com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
RemoteModuleAuthentication(com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)
Authentication(org.springframework.security.core.Authentication)
RemoteModuleAuthentication(com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)
ArrayList(java.util.ArrayList)
IdentityProvider(com.evolveum.midpoint.authentication.api.IdentityProvider)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 27 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class AbstractPageLogin method getSequenceName.
private String getSequenceName() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
AuthenticationSequenceType sequence = mpAuthentication.getSequence();
if (sequence != null && sequence.getChannel() != null && !Boolean.TRUE.equals(sequence.getChannel().isDefault()) && SecurityPolicyUtil.DEFAULT_CHANNEL.equals(sequence.getChannel().getChannelId())) {
return sequence.getDisplayName() != null ? sequence.getDisplayName() : sequence.getName();
}
}
return null;
}
Also used :
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
AuthenticationSequenceType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 28 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class PageEmailNonse method getMailNoncePolicy.
private NonceCredentialsPolicyType getMailNoncePolicy(PrismObject<UserType> user) {
SecurityPolicyType securityPolicy = resolveSecurityPolicy(user);
LOGGER.trace("Found security policy: {}", securityPolicy);
if (securityPolicy == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("No security policy, cannot process nonce credential");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageEmailNonse.class);
}
if (securityPolicy.getCredentials() == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("No credential for security policy, cannot process nonce credential");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageEmailNonse.class);
}
if (securityPolicy.getCredentials().getNonce() == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("No nonce credential for security policy, cannot process nonce credential");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageEmailNonse.class);
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof MidpointAuthentication)) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("Bad type of authentication, support only MidpointAuthentication, but is " + authentication != null ? authentication.getClass().getName() : null);
throw new RestartResponseException(PageEmailNonse.class);
}
ModuleAuthentication moduleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
if (!(moduleAuthentication instanceof CredentialModuleAuthentication) && !AuthenticationModuleNameConstants.MAIL_NONCE.equals(moduleAuthentication.getNameOfModuleType())) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("Bad type of module authentication, support only EmailNonceModuleAuthentication, but is " + moduleAuthentication != null ? moduleAuthentication.getClass().getName() : null);
throw new RestartResponseException(PageEmailNonse.class);
}
CredentialModuleAuthentication nonceAuth = (CredentialModuleAuthentication) moduleAuthentication;
String credentialName = nonceAuth.getCredentialName();
if (credentialName == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("EmailNonceModuleAuthentication " + nonceAuth.getNameOfModule() + " haven't define name of credential");
throw new RestartResponseException(PageEmailNonse.class);
}
NonceCredentialsPolicyType credentialByName = null;
for (NonceCredentialsPolicyType credential : securityPolicy.getCredentials().getNonce()) {
if (credentialName != null && credentialName.equals(credential.getName())) {
credentialByName = credential;
}
}
if (credentialByName == null) {
getSession().error(getString("PageForgotPassword.send.nonce.failed"));
LOGGER.error("Couldn't find nonce credentials by name " + credentialName);
throw new RestartResponseException(PageEmailNonse.class);
}
return credentialByName;
}
Also used :
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
RestartResponseException(org.apache.wicket.RestartResponseException)
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 29 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class PageResetPasswordConfirmation method init.
private void init(final PageParameters pageParameters) {
PageParameters params = pageParameters;
if (params == null) {
params = getPageParameters();
}
OperationResult result = new OperationResult(OPERATION_FINISH_REGISTRATION);
if (params == null) {
LOGGER.error("Confirmation link is not valid. No credentials provided in it");
String msg = createStringResource("PageSelfRegistration.invalid.registration.link").getString();
getSession().error(createStringResource(msg));
result.recordFatalError(msg);
initLayout(result);
return;
}
StringValue userNameValue = params.get(SchemaConstants.USER_ID);
Validate.notEmpty(userNameValue.toString());
StringValue tokenValue = params.get(SchemaConstants.TOKEN);
Validate.notEmpty(tokenValue.toString());
UsernamePasswordAuthenticationToken token = authenticateUser(userNameValue.toString(), tokenValue.toString(), result);
if (token == null) {
initLayout(result);
return;
} else {
// SecurityContextHolder.getContext().setAuthentication(token);
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
Collection<Authorization> authz = principal.getAuthorities();
if (authz != null) {
for (Authorization authzI : authz) {
authzI.getAction().removeIf(action -> action.contains(AuthorizationConstants.NS_AUTHORIZATION_UI));
}
}
AuthorizationType authorizationType = new AuthorizationType();
authorizationType.getAction().add(AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL);
Authorization selfServiceCredentialsAuthz = new Authorization(authorizationType);
authz.add(selfServiceCredentialsAuthz);
AuthenticationSequenceType sequence = SecurityPolicyUtil.createPasswordResetSequence();
Map<Class<?>, Object> sharedObjects = new HashMap<>();
AuthenticationModulesType modules = new AuthenticationModulesType();
LoginFormAuthenticationModuleType loginForm = new LoginFormAuthenticationModuleType();
loginForm.name(SecurityPolicyUtil.DEFAULT_MODULE_NAME);
modules.loginForm(loginForm);
AuthModule authModule = null;
AuthenticationChannel channel = null;
try {
channel = channelFactory.createAuthChannel(sequence.getChannel());
authModule = moduleFactory.createModuleFilter(loginForm, sequence.getChannel().getUrlSuffix(), null, sharedObjects, modules, null, channel);
} catch (Exception e) {
LOGGER.error("Couldn't build filter for module moduleFactory", e);
}
MidpointAuthentication mpAuthentication = new MidpointAuthentication(sequence);
List<AuthModule> authModules = new ArrayList<>();
authModules.add(authModule);
mpAuthentication.setAuthModules(authModules);
mpAuthentication.setSessionId(Session.get().getId());
ModuleAuthentication moduleAuthentication = authModule.getBaseModuleAuthentication();
moduleAuthentication.setAuthentication(token);
moduleAuthentication.setState(AuthenticationModuleState.SUCCESSFULLY);
mpAuthentication.addAuthentications(moduleAuthentication);
mpAuthentication.setPrincipal(principal);
mpAuthentication.setAuthorities(token.getAuthorities());
mpAuthentication.setAuthenticationChannel(channel);
SecurityContextHolder.getContext().setAuthentication(mpAuthentication);
setResponsePage(PageResetPassword.class);
}
initLayout(result);
}
Also used :
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
PageParameters(org.apache.wicket.request.mapper.parameter.PageParameters)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
AuthenticationException(org.springframework.security.core.AuthenticationException)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
StringValue(org.apache.wicket.util.string.StringValue)
Example 30 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class PageSecurityQuestions method getUrlProcessingLogin.
private String getUrlProcessingLogin() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication != null && AuthenticationModuleNameConstants.SECURITY_QUESTIONS_FORM.equals(moduleAuthentication.getNameOfModuleType())) {
String prefix = moduleAuthentication.getPrefix();
return AuthUtil.stripSlashes(prefix) + "/spring_security_login";
}
}
String key = "web.security.flexAuth.unsupported.auth.type";
error(getString(key));
return "/midpoint/spring_security_login";
}
Also used :
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Aggregations
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)59
Authentication (org.springframework.security.core.Authentication)41
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)30
ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)9
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)7
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)6
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)5
RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)4
HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)4
AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)3
LdapModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication)3
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3
Task (com.evolveum.midpoint.task.api.Task)3
AuthenticationException (org.springframework.security.core.AuthenticationException)3
OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)3
IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)2
CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2
MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2
OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)2
RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)2
