use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.
the class PageSecurityQuestions method getUrlProcessingLogin.
private String getUrlProcessingLogin() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication != null && AuthenticationModuleNameConstants.SECURITY_QUESTIONS_FORM.equals(moduleAuthentication.getNameOfModuleType())) {
String prefix = moduleAuthentication.getPrefix();
return AuthUtil.stripSlashes(prefix) + "/spring_security_login";
}
}
String key = "web.security.flexAuth.unsupported.auth.type";
error(getString(key));
return "/midpoint/spring_security_login";
}
use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.
the class SelfRegistrationDto method init.
private void init(SecurityPolicyType securityPolicy, SelfRegistrationPolicyType selfRegistration) throws SchemaException {
this.name = selfRegistration.getName();
this.defaultRoles = selfRegistration.getDefaultRole();
this.initialLifecycleState = selfRegistration.getInitialLifecycleState();
this.requiredLifecycleState = selfRegistration.getRequiredLifecycleState();
this.additionalAuthentication = selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence();
this.authenticationPolicy = securityPolicy.getAuthentication();
this.formRef = selfRegistration.getFormRef();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
CredentialModuleAuthentication mailModuleAuthentication = null;
if (authentication instanceof MidpointAuthentication) {
ModuleAuthentication moduleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
if (moduleAuthentication instanceof CredentialModuleAuthentication && AuthenticationModuleNameConstants.MAIL_NONCE.equals(moduleAuthentication.getNameOfModuleType())) {
mailModuleAuthentication = (CredentialModuleAuthentication) moduleAuthentication;
}
}
if (mailModuleAuthentication != null && mailModuleAuthentication.getCredentialName() != null) {
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(mailModuleAuthentication.getCredentialName(), securityPolicy);
} else {
AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil.getAuthenticationPolicy(selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence(), securityPolicy);
if (authPolicy instanceof MailAuthenticationPolicyType) {
this.mailAuthenticationPolicy = (MailAuthenticationPolicyType) authPolicy;
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(((MailAuthenticationPolicyType) authPolicy).getMailNonce(), securityPolicy);
} else if (authPolicy instanceof SmsAuthenticationPolicyType) {
this.smsAuthenticationPolicy = (SmsAuthenticationPolicyType) authPolicy;
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(((SmsAuthenticationPolicyType) authPolicy).getSmsNonce(), securityPolicy);
}
}
}
use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.
the class MailNonceProvider method illegalAuthentication.
private boolean illegalAuthentication() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof MidpointAuthentication)) {
LOGGER.debug("Actual authentication isn't MidpointAuthentication");
return true;
}
ModuleAuthentication moduleAuth = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
if (!(moduleAuth instanceof MailNonceModuleAuthenticationImpl)) {
LOGGER.debug("Actual processing authentication module isn't MailNonceModuleAuthentication");
return true;
}
String nameOfCredential = ((MailNonceModuleAuthenticationImpl) moduleAuth).getCredentialName();
if (nameOfCredential == null) {
LOGGER.debug("Name of credential in processing module is null");
return true;
}
return false;
}
use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.
the class MailNonceProvider method getNoncePolicy.
private NonceCredentialsPolicyType getNoncePolicy(String username) {
if (StringUtils.isBlank(username)) {
throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
}
if (illegalAuthentication()) {
return null;
}
UserType user = AuthSequenceUtil.searchUserPrivileged(username, securityContextManager, manager, modelService, prismContext);
if (user == null) {
throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
}
SecurityPolicyType securityPolicy = AuthSequenceUtil.resolveSecurityPolicy(user.asPrismObject(), securityContextManager, manager, modelInteractionService);
if (illegalPolicy(securityPolicy)) {
return null;
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
ModuleAuthentication moduleAuth = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
String nameOfCredential = ((MailNonceModuleAuthenticationImpl) moduleAuth).getCredentialName();
for (NonceCredentialsPolicyType noncePolicy : securityPolicy.getCredentials().getNonce()) {
if (noncePolicy != null && nameOfCredential.equals(noncePolicy.getName())) {
return noncePolicy;
}
}
LOGGER.debug("Couldn't find nonce credential by name " + nameOfCredential);
return null;
}
use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.
the class MidpointHttpAuthorizationEvaluator method decide.
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
super.decide(authentication, object, configAttributes);
if (authentication instanceof MidpointAuthentication) {
for (ModuleAuthentication moduleAuthentication : ((MidpointAuthentication) authentication).getAuthentications()) {
if (AuthenticationModuleState.SUCCESSFULLY.equals(moduleAuthentication.getState()) && moduleAuthentication instanceof HttpModuleAuthentication && ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid() != null) {
String oid = ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid();
Task task = taskManager.createTaskInstance(OPERATION_REST_SERVICE);
task.setChannel(SchemaConstants.CHANNEL_REST_URI);
List<String> requiredActions = new ArrayList<>();
PrismObject<? extends FocusType> authorizedUser = searchUser(oid, task);
try {
if (authorizedUser == null) {
throw new SystemException("Couldn't get proxy user");
}
task.setOwner(authorizedUser);
requiredActions.add(AuthorizationConstants.AUTZ_REST_PROXY_URL);
MidPointPrincipal actualPrincipal = getPrincipalFromAuthentication(authentication, object, configAttributes);
decideInternal(actualPrincipal, requiredActions, authentication, object, task, AuthorizationParameters.Builder.buildObject(authorizedUser));
MidPointPrincipal principal = securityContextManager.getUserProfileService().getPrincipal(authorizedUser);
((MidpointAuthentication) authentication).setPrincipal(principal);
((MidpointAuthentication) authentication).setAuthorities(principal.getAuthorities());
} catch (SystemException | SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) {
LOGGER.error("Error while processing authorization: {}", e.getMessage(), e);
LOGGER.trace("DECIDE: authentication={}, object={}, requiredActions={}: ERROR {}", authentication, object, requiredActions, e.getMessage());
throw new SystemException("Error while processing authorization: " + e.getMessage(), e);
}
}
}
}
}
Aggregations