Examples with MidpointAuthentication com.evolveum.midpoint.authentication.api.config.MidpointAuthentication used on opensource projects

Search in sources :

Example 36 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class MailNonceProvider method getNoncePolicy.

private NonceCredentialsPolicyType getNoncePolicy(String username) {
    if (StringUtils.isBlank(username)) {
        throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
    }
    if (illegalAuthentication()) {
        return null;
    }
    UserType user = AuthSequenceUtil.searchUserPrivileged(username, securityContextManager, manager, modelService, prismContext);
    if (user == null) {
        throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
    }
    SecurityPolicyType securityPolicy = AuthSequenceUtil.resolveSecurityPolicy(user.asPrismObject(), securityContextManager, manager, modelInteractionService);
    if (illegalPolicy(securityPolicy)) {
        return null;
    }
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    ModuleAuthentication moduleAuth = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
    String nameOfCredential = ((MailNonceModuleAuthenticationImpl) moduleAuth).getCredentialName();
    for (NonceCredentialsPolicyType noncePolicy : securityPolicy.getCredentials().getNonce()) {
        if (noncePolicy != null && nameOfCredential.equals(noncePolicy.getName())) {
            return noncePolicy;
        }
    }
    LOGGER.debug("Couldn't find nonce credential by name " + nameOfCredential);
    return null;
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) MailNonceModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 37 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class MidpointHttpAuthorizationEvaluator method decide.

@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
    super.decide(authentication, object, configAttributes);
    if (authentication instanceof MidpointAuthentication) {
        for (ModuleAuthentication moduleAuthentication : ((MidpointAuthentication) authentication).getAuthentications()) {
            if (AuthenticationModuleState.SUCCESSFULLY.equals(moduleAuthentication.getState()) && moduleAuthentication instanceof HttpModuleAuthentication && ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid() != null) {
                String oid = ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid();
                Task task = taskManager.createTaskInstance(OPERATION_REST_SERVICE);
                task.setChannel(SchemaConstants.CHANNEL_REST_URI);
                List<String> requiredActions = new ArrayList<>();
                PrismObject<? extends FocusType> authorizedUser = searchUser(oid, task);
                try {
                    if (authorizedUser == null) {
                        throw new SystemException("Couldn't get proxy user");
                    }
                    task.setOwner(authorizedUser);
                    requiredActions.add(AuthorizationConstants.AUTZ_REST_PROXY_URL);
                    MidPointPrincipal actualPrincipal = getPrincipalFromAuthentication(authentication, object, configAttributes);
                    decideInternal(actualPrincipal, requiredActions, authentication, object, task, AuthorizationParameters.Builder.buildObject(authorizedUser));
                    MidPointPrincipal principal = securityContextManager.getUserProfileService().getPrincipal(authorizedUser);
                    ((MidpointAuthentication) authentication).setPrincipal(principal);
                    ((MidpointAuthentication) authentication).setAuthorities(principal.getAuthorities());
                } catch (SystemException | SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) {
                    LOGGER.error("Error while processing authorization: {}", e.getMessage(), e);
                    LOGGER.trace("DECIDE: authentication={}, object={}, requiredActions={}: ERROR {}", authentication, object, requiredActions, e.getMessage());
                    throw new SystemException("Error while processing authorization: " + e.getMessage(), e);
                }
            }
        }
    }
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ArrayList(java.util.ArrayList) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)

Example 38 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class AuditedLogoutHandler method auditEvent.

protected void auditEvent(HttpServletRequest request, Authentication authentication) {
    // Eventually we should get this from the caller
    OperationResult result = new OperationResult(OP_AUDIT_EVENT);
    MidPointPrincipal principal = AuthUtil.getPrincipalUser(authentication);
    PrismObject<? extends FocusType> user = principal != null ? principal.getFocus().asPrismObject() : null;
    String channel = SchemaConstants.CHANNEL_USER_URI;
    String sessionId = request.getRequestedSessionId();
    if (authentication instanceof MidpointAuthentication && ((MidpointAuthentication) authentication).getAuthenticationChannel() != null) {
        channel = ((MidpointAuthentication) authentication).getAuthenticationChannel().getChannelId();
        if (((MidpointAuthentication) authentication).getSessionId() != null) {
            sessionId = ((MidpointAuthentication) authentication).getSessionId();
        }
    }
    SystemConfigurationType system = null;
    try {
        system = systemObjectCache.getSystemConfiguration(result).asObjectable();
    } catch (SchemaException e) {
        LOGGER.error("Couldn't get system configuration from cache", e);
    }
    if (!SecurityUtil.isAuditedLoginAndLogout(system, channel)) {
        return;
    }
    Task task = taskManager.createTaskInstance();
    task.setOwner(user);
    task.setChannel(channel);
    AuditEventRecord record = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST);
    record.setInitiator(user);
    record.setParameter(AuthSequenceUtil.getName(user));
    record.setChannel(channel);
    record.setTimestamp(System.currentTimeMillis());
    record.setOutcome(OperationResultStatus.SUCCESS);
    // probably not needed, as audit service would take care of it; but it doesn't hurt so let's keep it here
    record.setHostIdentifier(request.getLocalName());
    record.setRemoteHostAddress(request.getLocalAddr());
    record.setNodeIdentifier(taskManager.getNodeId());
    record.setSessionIdentifier(sessionId);
    auditService.audit(record, task, result);
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) Task(com.evolveum.midpoint.task.api.Task) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) SystemConfigurationType(com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) AuditEventRecord(com.evolveum.midpoint.audit.api.AuditEventRecord) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 39 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class RemoteModuleWebSecurityConfigurer method createAnonymousFilter.

@Override
protected AnonymousAuthenticationFilter createAnonymousFilter() {
    AnonymousAuthenticationFilter filter = new MidpointAnonymousAuthenticationFilter(authRegistry, authChannelRegistry, PrismContext.get(), UUID.randomUUID().toString(), "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")) {

        @Override
        protected void processAuthentication(ServletRequest req) {
            if (SecurityContextHolder.getContext().getAuthentication() instanceof MidpointAuthentication) {
                MidpointAuthentication mpAuthentication = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
                ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
                if (moduleAuthentication != null && (moduleAuthentication.getAuthentication() == null || getAuthTokenClass().isAssignableFrom(moduleAuthentication.getAuthentication().getClass()))) {
                    Authentication authentication = createBasicAuthentication((HttpServletRequest) req);
                    moduleAuthentication.setAuthentication(authentication);
                    mpAuthentication.setPrincipal(authentication.getPrincipal());
                }
            }
        }
    };
    filter.setAuthenticationDetailsSource(new RemoteAuthenticationDetailsSource(getAuthTokenClass()));
    return filter;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl) MidpointAnonymousAuthenticationFilter(com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MidpointAnonymousAuthenticationFilter(com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 40 with MidpointAuthentication

use of com.evolveum.midpoint.authentication.api.config.MidpointAuthentication in project midpoint by Evolveum.

the class MidpointHttpServletRequest method getPathInfo.

@Override
public String getPathInfo() {
    if (needChangePath()) {
        MidpointAuthentication mpAuth = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
        String path = AuthSequenceUtil.searchPathByChannel(mpAuth.getAuthenticationChannel().getChannelId());
        StringBuilder sb = new StringBuilder();
        if (StringUtils.isNotEmpty(path) && path.contains("/")) {
            String[] partOfPath = path.split("/");
            for (int i = 1; i < partOfPath.length; i++) {
                sb.append("/").append(partOfPath[i]);
            }
            String requestPath = getRequestURI().substring(getContextPath().length());
            int startIndex = requestPath.indexOf(mpAuth.getAuthenticationChannel().getUrlSuffix() + "/") + mpAuth.getAuthenticationChannel().getUrlSuffix().length();
            String pathInfo = requestPath.substring(startIndex);
            sb.append(pathInfo);
            return sb.toString();
        }
    }
    return super.getPathInfo();
}
Also used : MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Aggregations

MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)59 Authentication (org.springframework.security.core.Authentication)41 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)30 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)9 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)7 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)6 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)5 RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)4 HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)4 AuditEventRecord (com.evolveum.midpoint.audit.api.AuditEventRecord)3 LdapModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication)3 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3 Task (com.evolveum.midpoint.task.api.Task)3 AuthenticationException (org.springframework.security.core.AuthenticationException)3 OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)3 IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)2 CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2 MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2 OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)2 RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial