Examples with ModuleAuthentication com.evolveum.midpoint.authentication.api.config.ModuleAuthentication used on opensource projects

Search in sources :

Example 11 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class AuthSequenceUtil method doRemoteFilter.

public static void doRemoteFilter(ServletRequest req, ServletResponse res, FilterChain chain, RemoteAuthenticationFilter remoteFilter) throws IOException, ServletException {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    boolean sendedRequest = false;
    if (authentication instanceof MidpointAuthentication) {
        MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
        RemoteModuleAuthenticationImpl moduleAuthentication = (RemoteModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
        if (moduleAuthentication != null && RequestState.SENDED.equals(moduleAuthentication.getRequestState())) {
            sendedRequest = true;
        }
        boolean requiresAuthentication = remoteFilter.requiresAuth((HttpServletRequest) req, (HttpServletResponse) res);
        if (!requiresAuthentication && sendedRequest) {
            AuthenticationServiceException exception = new AuthenticationServiceException("web.security.flexAuth.oidc.not.response");
            remoteFilter.unsuccessfulAuth((HttpServletRequest) req, (HttpServletResponse) res, exception);
        } else {
            if (moduleAuthentication != null && requiresAuthentication && sendedRequest) {
                moduleAuthentication.setRequestState(RequestState.RECEIVED);
            }
            remoteFilter.doAuth(req, res, chain);
        }
    } else {
        throw new AuthenticationServiceException("Unsupported type of Authentication");
    }
}
Also used : RemoteModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl) Authentication(org.springframework.security.core.Authentication) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)

Example 12 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class AuthSequenceUtil method existLoginPageForActualAuthModule.

public static boolean existLoginPageForActualAuthModule() {
    ModuleAuthentication authModule = AuthUtil.getProcessingModuleIfExist();
    if (authModule == null) {
        return false;
    }
    String moduleType = authModule.getNameOfModuleType();
    return DescriptorLoaderImpl.existPageUrlByAuthName(moduleType);
}
Also used : HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)

Example 13 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class AbstractPageRemoteAuthenticationSelect method getProviders.

private List<IdentityProvider> getProviders() {
    List<IdentityProvider> providers = new ArrayList<>();
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication instanceof MidpointAuthentication) {
        MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
        ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
        if (moduleAuthentication instanceof RemoteModuleAuthentication) {
            providers = ((RemoteModuleAuthentication) moduleAuthentication).getProviders();
            if (providers.isEmpty()) {
                String key = getErrorKeyEmptyProviders();
                error(getString(key));
            }
            return providers;
        }
        String key = getErrorKeyUnsupportedType();
        error(getString(key));
        return providers;
    }
    String key = "web.security.flexAuth.unsupported.auth.type";
    error(getString(key));
    return providers;
}
Also used : ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) RemoteModuleAuthentication(com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) RemoteModuleAuthentication(com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication) Authentication(org.springframework.security.core.Authentication) RemoteModuleAuthentication(com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication) ArrayList(java.util.ArrayList) IdentityProvider(com.evolveum.midpoint.authentication.api.IdentityProvider) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 14 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class PageEmailNonse method getMailNoncePolicy.

private NonceCredentialsPolicyType getMailNoncePolicy(PrismObject<UserType> user) {
    SecurityPolicyType securityPolicy = resolveSecurityPolicy(user);
    LOGGER.trace("Found security policy: {}", securityPolicy);
    if (securityPolicy == null) {
        getSession().error(getString("PageForgotPassword.send.nonce.failed"));
        LOGGER.error("No security policy, cannot process nonce credential");
        // we do not want to provide any information to the attacker.
        throw new RestartResponseException(PageEmailNonse.class);
    }
    if (securityPolicy.getCredentials() == null) {
        getSession().error(getString("PageForgotPassword.send.nonce.failed"));
        LOGGER.error("No credential for security policy, cannot process nonce credential");
        // we do not want to provide any information to the attacker.
        throw new RestartResponseException(PageEmailNonse.class);
    }
    if (securityPolicy.getCredentials().getNonce() == null) {
        getSession().error(getString("PageForgotPassword.send.nonce.failed"));
        LOGGER.error("No nonce credential for security policy, cannot process nonce credential");
        // we do not want to provide any information to the attacker.
        throw new RestartResponseException(PageEmailNonse.class);
    }
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (!(authentication instanceof MidpointAuthentication)) {
        getSession().error(getString("PageForgotPassword.send.nonce.failed"));
        LOGGER.error("Bad type of authentication, support only MidpointAuthentication, but is " + authentication != null ? authentication.getClass().getName() : null);
        throw new RestartResponseException(PageEmailNonse.class);
    }
    ModuleAuthentication moduleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
    if (!(moduleAuthentication instanceof CredentialModuleAuthentication) && !AuthenticationModuleNameConstants.MAIL_NONCE.equals(moduleAuthentication.getNameOfModuleType())) {
        getSession().error(getString("PageForgotPassword.send.nonce.failed"));
        LOGGER.error("Bad type of module authentication, support only EmailNonceModuleAuthentication, but is " + moduleAuthentication != null ? moduleAuthentication.getClass().getName() : null);
        throw new RestartResponseException(PageEmailNonse.class);
    }
    CredentialModuleAuthentication nonceAuth = (CredentialModuleAuthentication) moduleAuthentication;
    String credentialName = nonceAuth.getCredentialName();
    if (credentialName == null) {
        getSession().error(getString("PageForgotPassword.send.nonce.failed"));
        LOGGER.error("EmailNonceModuleAuthentication " + nonceAuth.getNameOfModule() + " haven't define name of credential");
        throw new RestartResponseException(PageEmailNonse.class);
    }
    NonceCredentialsPolicyType credentialByName = null;
    for (NonceCredentialsPolicyType credential : securityPolicy.getCredentials().getNonce()) {
        if (credentialName != null && credentialName.equals(credential.getName())) {
            credentialByName = credential;
        }
    }
    if (credentialByName == null) {
        getSession().error(getString("PageForgotPassword.send.nonce.failed"));
        LOGGER.error("Couldn't find nonce credentials by name " + credentialName);
        throw new RestartResponseException(PageEmailNonse.class);
    }
    return credentialByName;
}
Also used : CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication) CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) RestartResponseException(org.apache.wicket.RestartResponseException) CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 15 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class PageResetPasswordConfirmation method init.

private void init(final PageParameters pageParameters) {
    PageParameters params = pageParameters;
    if (params == null) {
        params = getPageParameters();
    }
    OperationResult result = new OperationResult(OPERATION_FINISH_REGISTRATION);
    if (params == null) {
        LOGGER.error("Confirmation link is not valid. No credentials provided in it");
        String msg = createStringResource("PageSelfRegistration.invalid.registration.link").getString();
        getSession().error(createStringResource(msg));
        result.recordFatalError(msg);
        initLayout(result);
        return;
    }
    StringValue userNameValue = params.get(SchemaConstants.USER_ID);
    Validate.notEmpty(userNameValue.toString());
    StringValue tokenValue = params.get(SchemaConstants.TOKEN);
    Validate.notEmpty(tokenValue.toString());
    UsernamePasswordAuthenticationToken token = authenticateUser(userNameValue.toString(), tokenValue.toString(), result);
    if (token == null) {
        initLayout(result);
        return;
    } else {
        // SecurityContextHolder.getContext().setAuthentication(token);
        MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
        Collection<Authorization> authz = principal.getAuthorities();
        if (authz != null) {
            for (Authorization authzI : authz) {
                authzI.getAction().removeIf(action -> action.contains(AuthorizationConstants.NS_AUTHORIZATION_UI));
            }
        }
        AuthorizationType authorizationType = new AuthorizationType();
        authorizationType.getAction().add(AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL);
        Authorization selfServiceCredentialsAuthz = new Authorization(authorizationType);
        authz.add(selfServiceCredentialsAuthz);
        AuthenticationSequenceType sequence = SecurityPolicyUtil.createPasswordResetSequence();
        Map<Class<?>, Object> sharedObjects = new HashMap<>();
        AuthenticationModulesType modules = new AuthenticationModulesType();
        LoginFormAuthenticationModuleType loginForm = new LoginFormAuthenticationModuleType();
        loginForm.name(SecurityPolicyUtil.DEFAULT_MODULE_NAME);
        modules.loginForm(loginForm);
        AuthModule authModule = null;
        AuthenticationChannel channel = null;
        try {
            channel = channelFactory.createAuthChannel(sequence.getChannel());
            authModule = moduleFactory.createModuleFilter(loginForm, sequence.getChannel().getUrlSuffix(), null, sharedObjects, modules, null, channel);
        } catch (Exception e) {
            LOGGER.error("Couldn't build filter for module moduleFactory", e);
        }
        MidpointAuthentication mpAuthentication = new MidpointAuthentication(sequence);
        List<AuthModule> authModules = new ArrayList<>();
        authModules.add(authModule);
        mpAuthentication.setAuthModules(authModules);
        mpAuthentication.setSessionId(Session.get().getId());
        ModuleAuthentication moduleAuthentication = authModule.getBaseModuleAuthentication();
        moduleAuthentication.setAuthentication(token);
        moduleAuthentication.setState(AuthenticationModuleState.SUCCESSFULLY);
        mpAuthentication.addAuthentications(moduleAuthentication);
        mpAuthentication.setPrincipal(principal);
        mpAuthentication.setAuthorities(token.getAuthorities());
        mpAuthentication.setAuthenticationChannel(channel);
        SecurityContextHolder.getContext().setAuthentication(mpAuthentication);
        setResponsePage(PageResetPassword.class);
    }
    initLayout(result);
}
Also used : OperationResult(com.evolveum.midpoint.schema.result.OperationResult) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) PageParameters(org.apache.wicket.request.mapper.parameter.PageParameters) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) AuthenticationException(org.springframework.security.core.AuthenticationException) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) StringValue(org.apache.wicket.util.string.StringValue)

Aggregations

ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)32 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)29 Authentication (org.springframework.security.core.Authentication)21 HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)6 RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)5 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)4 IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)3 CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2 MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)2 ArrayList (java.util.ArrayList)2 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2 OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)2 Saml2AuthenticationToken (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)2 PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)2 AuthenticationModuleState (com.evolveum.midpoint.authentication.api.AuthenticationModuleState)1 MidpointAnonymousAuthenticationFilter (com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter)1 OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)1 RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)1 Saml2ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial