Example 31 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class SelfRegistrationDto method init.
private void init(SecurityPolicyType securityPolicy, SelfRegistrationPolicyType selfRegistration) throws SchemaException {
this.name = selfRegistration.getName();
this.defaultRoles = selfRegistration.getDefaultRole();
this.initialLifecycleState = selfRegistration.getInitialLifecycleState();
this.requiredLifecycleState = selfRegistration.getRequiredLifecycleState();
this.additionalAuthentication = selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence();
this.authenticationPolicy = securityPolicy.getAuthentication();
this.formRef = selfRegistration.getFormRef();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
CredentialModuleAuthentication mailModuleAuthentication = null;
if (authentication instanceof MidpointAuthentication) {
ModuleAuthentication moduleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
if (moduleAuthentication instanceof CredentialModuleAuthentication && AuthenticationModuleNameConstants.MAIL_NONCE.equals(moduleAuthentication.getNameOfModuleType())) {
mailModuleAuthentication = (CredentialModuleAuthentication) moduleAuthentication;
}
}
if (mailModuleAuthentication != null && mailModuleAuthentication.getCredentialName() != null) {
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(mailModuleAuthentication.getCredentialName(), securityPolicy);
} else {
AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil.getAuthenticationPolicy(selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence(), securityPolicy);
if (authPolicy instanceof MailAuthenticationPolicyType) {
this.mailAuthenticationPolicy = (MailAuthenticationPolicyType) authPolicy;
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(((MailAuthenticationPolicyType) authPolicy).getMailNonce(), securityPolicy);
} else if (authPolicy instanceof SmsAuthenticationPolicyType) {
this.smsAuthenticationPolicy = (SmsAuthenticationPolicyType) authPolicy;
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(((SmsAuthenticationPolicyType) authPolicy).getSmsNonce(), securityPolicy);
}
}
}
Also used :
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 32 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class MidpointAuthFilter method doFilterInternal.
private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (isPermitAllPage(httpRequest)) {
chain.doFilter(request, response);
return;
}
MidpointAuthentication mpAuthentication = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
AuthenticationWrapper authWrapper = defineAuthenticationWrapper();
if (AuthSequenceUtil.isIgnoredLocalPath(authWrapper.authenticationsPolicy, httpRequest)) {
chain.doFilter(request, response);
return;
}
initializeAuthenticationSequence(mpAuthentication, httpRequest, authWrapper);
if (authWrapper.sequence == null) {
IllegalArgumentException ex = new IllegalArgumentException(getMessageSequenceIsNull(httpRequest, authWrapper));
LOGGER.error(ex.getMessage(), ex);
((HttpServletResponse) response).sendRedirect(httpRequest.getContextPath());
return;
}
setLogoutPath(request, response);
authWrapper.authenticationChannel = AuthSequenceUtil.buildAuthChannel(authChannelRegistry, authWrapper.sequence);
try {
initAuthenticationModule(mpAuthentication, authWrapper, httpRequest);
if (isRequestAuthenticated(mpAuthentication, authWrapper)) {
processingOfAuthenticatedRequest(mpAuthentication, httpRequest, response, chain);
return;
}
if (wasNotFoundAuthModule(authWrapper)) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug(UrlUtils.buildRequestUrl(httpRequest) + "has no authentication module");
}
throw new AuthenticationServiceException("Couldn't find authentication module for sequence " + authWrapper.sequence.getName());
}
resolveErrorWithMoreModules(mpAuthentication, httpRequest);
int indexOfProcessingModule;
if (needCreateNewAuthenticationToken(mpAuthentication, httpRequest)) {
indexOfProcessingModule = initNewAuthenticationToken(authWrapper, httpRequest);
mpAuthentication = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
} else {
indexOfProcessingModule = getIndexOfActualProcessingModule(mpAuthentication, httpRequest);
}
setAuthenticationChanel(mpAuthentication, authWrapper);
runFilters(authWrapper, indexOfProcessingModule, chain, httpRequest, response);
} finally {
removingFiltersAfterProcessing(mpAuthentication, httpRequest);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
Example 33 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class MidpointAuthFilter method restartAuthFlow.
private int restartAuthFlow(HttpServletRequest httpRequest, AuthenticationWrapper authWrapper) {
createMpAuthentication(httpRequest, authWrapper);
MidpointAuthentication mpAuthentication = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
return mpAuthentication.resolveParallelModules(httpRequest, 0);
}
Also used :
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Example 34 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class MidpointSaml2WebSsoAuthenticationRequestFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
super.doFilterInternal(request, response, filterChain);
RequestMatcher.MatchResult matcher = this.redirectMatcher.matcher(request);
if (!matcher.isMatch()) {
return;
}
Saml2AuthenticationRequestContext context = this.authenticationRequestContextResolver.resolve(request);
if (context == null) {
return;
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
Saml2ModuleAuthenticationImpl moduleAuthentication = (Saml2ModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
moduleAuthentication.setRequestState(RequestState.SENDED);
}
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
Saml2ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Saml2AuthenticationRequestContext(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext)
Example 35 with MidpointAuthentication
use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.
the class MailNonceProvider method illegalAuthentication.
private boolean illegalAuthentication() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof MidpointAuthentication)) {
LOGGER.debug("Actual authentication isn't MidpointAuthentication");
return true;
}
ModuleAuthentication moduleAuth = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
if (!(moduleAuth instanceof MailNonceModuleAuthenticationImpl)) {
LOGGER.debug("Actual processing authentication module isn't MailNonceModuleAuthentication");
return true;
}
String nameOfCredential = ((MailNonceModuleAuthenticationImpl) moduleAuth).getCredentialName();
if (nameOfCredential == null) {
LOGGER.debug("Name of credential in processing module is null");
return true;
}
return false;
}
Also used :
MailNonceModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Authentication(org.springframework.security.core.Authentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Aggregations
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)59
Authentication (org.springframework.security.core.Authentication)41
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)30
ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)9
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)7
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)6
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)5
RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)4
HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)4
AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)3
LdapModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication)3
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3
Task (com.evolveum.midpoint.task.api.Task)3
AuthenticationException (org.springframework.security.core.AuthenticationException)3
OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)3
IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)2
CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2
MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2
OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)2
RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)2
