Search in sources :

Example 16 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class PageSecurityQuestions method getUrlProcessingLogin.

private String getUrlProcessingLogin() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication instanceof MidpointAuthentication) {
        MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
        ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
        if (moduleAuthentication != null && AuthenticationModuleNameConstants.SECURITY_QUESTIONS_FORM.equals(moduleAuthentication.getNameOfModuleType())) {
            String prefix = moduleAuthentication.getPrefix();
            return AuthUtil.stripSlashes(prefix) + "/spring_security_login";
        }
    }
    String key = "web.security.flexAuth.unsupported.auth.type";
    error(getString(key));
    return "/midpoint/spring_security_login";
}
Also used : ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 17 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class SelfRegistrationDto method init.

private void init(SecurityPolicyType securityPolicy, SelfRegistrationPolicyType selfRegistration) throws SchemaException {
    this.name = selfRegistration.getName();
    this.defaultRoles = selfRegistration.getDefaultRole();
    this.initialLifecycleState = selfRegistration.getInitialLifecycleState();
    this.requiredLifecycleState = selfRegistration.getRequiredLifecycleState();
    this.additionalAuthentication = selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence();
    this.authenticationPolicy = securityPolicy.getAuthentication();
    this.formRef = selfRegistration.getFormRef();
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    CredentialModuleAuthentication mailModuleAuthentication = null;
    if (authentication instanceof MidpointAuthentication) {
        ModuleAuthentication moduleAuthentication = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
        if (moduleAuthentication instanceof CredentialModuleAuthentication && AuthenticationModuleNameConstants.MAIL_NONCE.equals(moduleAuthentication.getNameOfModuleType())) {
            mailModuleAuthentication = (CredentialModuleAuthentication) moduleAuthentication;
        }
    }
    if (mailModuleAuthentication != null && mailModuleAuthentication.getCredentialName() != null) {
        noncePolicy = SecurityPolicyUtil.getCredentialPolicy(mailModuleAuthentication.getCredentialName(), securityPolicy);
    } else {
        AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil.getAuthenticationPolicy(selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence(), securityPolicy);
        if (authPolicy instanceof MailAuthenticationPolicyType) {
            this.mailAuthenticationPolicy = (MailAuthenticationPolicyType) authPolicy;
            noncePolicy = SecurityPolicyUtil.getCredentialPolicy(((MailAuthenticationPolicyType) authPolicy).getMailNonce(), securityPolicy);
        } else if (authPolicy instanceof SmsAuthenticationPolicyType) {
            this.smsAuthenticationPolicy = (SmsAuthenticationPolicyType) authPolicy;
            noncePolicy = SecurityPolicyUtil.getCredentialPolicy(((SmsAuthenticationPolicyType) authPolicy).getSmsNonce(), securityPolicy);
        }
    }
}
Also used : CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) CredentialModuleAuthentication(com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 18 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class MailNonceProvider method illegalAuthentication.

private boolean illegalAuthentication() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (!(authentication instanceof MidpointAuthentication)) {
        LOGGER.debug("Actual authentication isn't MidpointAuthentication");
        return true;
    }
    ModuleAuthentication moduleAuth = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
    if (!(moduleAuth instanceof MailNonceModuleAuthenticationImpl)) {
        LOGGER.debug("Actual processing authentication module isn't MailNonceModuleAuthentication");
        return true;
    }
    String nameOfCredential = ((MailNonceModuleAuthenticationImpl) moduleAuth).getCredentialName();
    if (nameOfCredential == null) {
        LOGGER.debug("Name of credential in processing module is null");
        return true;
    }
    return false;
}
Also used : MailNonceModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 19 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class MailNonceProvider method getNoncePolicy.

private NonceCredentialsPolicyType getNoncePolicy(String username) {
    if (StringUtils.isBlank(username)) {
        throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
    }
    if (illegalAuthentication()) {
        return null;
    }
    UserType user = AuthSequenceUtil.searchUserPrivileged(username, securityContextManager, manager, modelService, prismContext);
    if (user == null) {
        throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
    }
    SecurityPolicyType securityPolicy = AuthSequenceUtil.resolveSecurityPolicy(user.asPrismObject(), securityContextManager, manager, modelInteractionService);
    if (illegalPolicy(securityPolicy)) {
        return null;
    }
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    ModuleAuthentication moduleAuth = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
    String nameOfCredential = ((MailNonceModuleAuthenticationImpl) moduleAuth).getCredentialName();
    for (NonceCredentialsPolicyType noncePolicy : securityPolicy.getCredentials().getNonce()) {
        if (noncePolicy != null && nameOfCredential.equals(noncePolicy.getName())) {
            return noncePolicy;
        }
    }
    LOGGER.debug("Couldn't find nonce credential by name " + nameOfCredential);
    return null;
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) MailNonceModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)

Example 20 with ModuleAuthentication

use of com.evolveum.midpoint.authentication.api.config.ModuleAuthentication in project midpoint by Evolveum.

the class MidpointHttpAuthorizationEvaluator method decide.

@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
    super.decide(authentication, object, configAttributes);
    if (authentication instanceof MidpointAuthentication) {
        for (ModuleAuthentication moduleAuthentication : ((MidpointAuthentication) authentication).getAuthentications()) {
            if (AuthenticationModuleState.SUCCESSFULLY.equals(moduleAuthentication.getState()) && moduleAuthentication instanceof HttpModuleAuthentication && ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid() != null) {
                String oid = ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid();
                Task task = taskManager.createTaskInstance(OPERATION_REST_SERVICE);
                task.setChannel(SchemaConstants.CHANNEL_REST_URI);
                List<String> requiredActions = new ArrayList<>();
                PrismObject<? extends FocusType> authorizedUser = searchUser(oid, task);
                try {
                    if (authorizedUser == null) {
                        throw new SystemException("Couldn't get proxy user");
                    }
                    task.setOwner(authorizedUser);
                    requiredActions.add(AuthorizationConstants.AUTZ_REST_PROXY_URL);
                    MidPointPrincipal actualPrincipal = getPrincipalFromAuthentication(authentication, object, configAttributes);
                    decideInternal(actualPrincipal, requiredActions, authentication, object, task, AuthorizationParameters.Builder.buildObject(authorizedUser));
                    MidPointPrincipal principal = securityContextManager.getUserProfileService().getPrincipal(authorizedUser);
                    ((MidpointAuthentication) authentication).setPrincipal(principal);
                    ((MidpointAuthentication) authentication).setAuthorities(principal.getAuthorities());
                } catch (SystemException | SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) {
                    LOGGER.error("Error while processing authorization: {}", e.getMessage(), e);
                    LOGGER.trace("DECIDE: authentication={}, object={}, requiredActions={}: ERROR {}", authentication, object, requiredActions, e.getMessage());
                    throw new SystemException("Error while processing authorization: " + e.getMessage(), e);
                }
            }
        }
    }
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ArrayList(java.util.ArrayList) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)

Aggregations

ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)32 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)29 Authentication (org.springframework.security.core.Authentication)21 HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)6 RemoteModuleAuthentication (com.evolveum.midpoint.authentication.api.config.RemoteModuleAuthentication)5 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)4 IdentityProvider (com.evolveum.midpoint.authentication.api.IdentityProvider)3 CredentialModuleAuthentication (com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication)2 MailNonceModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.MailNonceModuleAuthenticationImpl)2 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)2 ArrayList (java.util.ArrayList)2 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2 OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)2 Saml2AuthenticationToken (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)2 PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)2 AuthenticationModuleState (com.evolveum.midpoint.authentication.api.AuthenticationModuleState)1 MidpointAnonymousAuthenticationFilter (com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter)1 OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)1 RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)1 Saml2ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)1