Search in sources :

Example 1 with HttpModuleAuthentication

use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.

the class HttpSecurityQuestionModuleFactory method createEmptyModuleAuthentication.

@Override
protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, ModuleWebSecurityConfiguration configuration) {
    HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(AuthenticationModuleNameConstants.SECURITY_QUESTIONS);
    moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
    moduleAuthentication.setCredentialName(((AbstractCredentialAuthenticationModuleType) moduleType).getCredentialName());
    moduleAuthentication.setCredentialType(supportedClass());
    moduleAuthentication.setNameOfModule(configuration.getNameOfModule());
    moduleAuthentication.setRealm(((HttpSecQAuthenticationModuleType) moduleType).getRealm());
    return moduleAuthentication;
}
Also used : HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)

Example 2 with HttpModuleAuthentication

use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.

the class OidcResourceServerProvider method internalAuthentication.

@Override
protected Authentication internalAuthentication(Authentication authentication, List requireAssignment, AuthenticationChannel channel, Class focusType) throws AuthenticationException {
    Authentication token;
    if (authentication instanceof BearerTokenAuthenticationToken) {
        BearerTokenAuthenticationToken oidcAuthenticationToken = (BearerTokenAuthenticationToken) authentication;
        JwtAuthenticationToken jwtAuthentication;
        try {
            jwtAuthentication = (JwtAuthenticationToken) oidcProvider.authenticate(oidcAuthenticationToken);
        } catch (AuthenticationException e) {
            getAuditProvider().auditLoginFailure(null, null, createConnectEnvironment(getChannel()), e.getMessage());
            throw e;
        }
        HttpModuleAuthentication oidcModule = (HttpModuleAuthentication) AuthUtil.getProcessingModule();
        try {
            String username = jwtAuthentication.getName();
            if (StringUtils.isEmpty(username)) {
                LOGGER.error("Username from jwt token don't contains value");
                throw new AuthenticationServiceException("web.security.provider.invalid");
            }
            token = getPreAuthenticationToken(username, focusType, requireAssignment, channel);
        } catch (AuthenticationException e) {
            oidcModule.setAuthentication(oidcAuthenticationToken);
            LOGGER.info("Authentication with oidc module failed: {}", e.getMessage());
            throw e;
        }
    } else {
        LOGGER.error("Unsupported authentication {}", authentication);
        throw new AuthenticationServiceException("web.security.provider.unavailable");
    }
    MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
    LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
    return token;
}
Also used : JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken) AuthenticationException(org.springframework.security.core.AuthenticationException) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) Authentication(org.springframework.security.core.Authentication) BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 3 with HttpModuleAuthentication

use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.

the class MidpointHttpAuthorizationEvaluator method decide.

@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
    super.decide(authentication, object, configAttributes);
    if (authentication instanceof MidpointAuthentication) {
        for (ModuleAuthentication moduleAuthentication : ((MidpointAuthentication) authentication).getAuthentications()) {
            if (AuthenticationModuleState.SUCCESSFULLY.equals(moduleAuthentication.getState()) && moduleAuthentication instanceof HttpModuleAuthentication && ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid() != null) {
                String oid = ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid();
                Task task = taskManager.createTaskInstance(OPERATION_REST_SERVICE);
                task.setChannel(SchemaConstants.CHANNEL_REST_URI);
                List<String> requiredActions = new ArrayList<>();
                PrismObject<? extends FocusType> authorizedUser = searchUser(oid, task);
                try {
                    if (authorizedUser == null) {
                        throw new SystemException("Couldn't get proxy user");
                    }
                    task.setOwner(authorizedUser);
                    requiredActions.add(AuthorizationConstants.AUTZ_REST_PROXY_URL);
                    MidPointPrincipal actualPrincipal = getPrincipalFromAuthentication(authentication, object, configAttributes);
                    decideInternal(actualPrincipal, requiredActions, authentication, object, task, AuthorizationParameters.Builder.buildObject(authorizedUser));
                    MidPointPrincipal principal = securityContextManager.getUserProfileService().getPrincipal(authorizedUser);
                    ((MidpointAuthentication) authentication).setPrincipal(principal);
                    ((MidpointAuthentication) authentication).setAuthorities(principal.getAuthorities());
                } catch (SystemException | SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) {
                    LOGGER.error("Error while processing authorization: {}", e.getMessage(), e);
                    LOGGER.trace("DECIDE: authentication={}, object={}, requiredActions={}: ERROR {}", authentication, object, requiredActions, e.getMessage());
                    throw new SystemException("Error while processing authorization: " + e.getMessage(), e);
                }
            }
        }
    }
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ArrayList(java.util.ArrayList) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)

Example 4 with HttpModuleAuthentication

use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.

the class AuthSequenceUtil method resolveProxyUserOidHeader.

public static void resolveProxyUserOidHeader(HttpServletRequest request) {
    String proxyUserOid = request.getHeader(PROXY_USER_OID_HEADER);
    Authentication actualAuth = SecurityContextHolder.getContext().getAuthentication();
    if (proxyUserOid != null && actualAuth instanceof MidpointAuthentication) {
        ModuleAuthentication moduleAuth = ((MidpointAuthentication) actualAuth).getProcessingModuleAuthentication();
        if (moduleAuth instanceof HttpModuleAuthentication) {
            ((HttpModuleAuthentication) moduleAuth).setProxyUserOid(proxyUserOid);
        }
    }
}
Also used : HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) Authentication(org.springframework.security.core.Authentication) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)

Example 5 with HttpModuleAuthentication

use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.

the class HttpBasicModuleFactory method createEmptyModuleAuthentication.

@Override
protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, ModuleWebSecurityConfiguration configuration) {
    HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(AuthenticationModuleNameConstants.HTTP_BASIC);
    moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
    moduleAuthentication.setCredentialName(((AbstractPasswordAuthenticationModuleType) moduleType).getCredentialName());
    moduleAuthentication.setCredentialType(supportedClass());
    moduleAuthentication.setNameOfModule(configuration.getNameOfModule());
    moduleAuthentication.setRealm(((HttpBasicAuthenticationModuleType) moduleType).getRealm());
    return moduleAuthentication;
}
Also used : HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)

Aggregations

HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)5 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)2 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)2 Authentication (org.springframework.security.core.Authentication)2 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1 Task (com.evolveum.midpoint.task.api.Task)1 ArrayList (java.util.ArrayList)1 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 BearerTokenAuthenticationToken (org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)1 JwtAuthenticationToken (org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)1