Example 1 with HttpModuleAuthentication
use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.
the class HttpSecurityQuestionModuleFactory method createEmptyModuleAuthentication.
@Override
protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, ModuleWebSecurityConfiguration configuration) {
HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(AuthenticationModuleNameConstants.SECURITY_QUESTIONS);
moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
moduleAuthentication.setCredentialName(((AbstractCredentialAuthenticationModuleType) moduleType).getCredentialName());
moduleAuthentication.setCredentialType(supportedClass());
moduleAuthentication.setNameOfModule(configuration.getNameOfModule());
moduleAuthentication.setRealm(((HttpSecQAuthenticationModuleType) moduleType).getRealm());
return moduleAuthentication;
}
Also used :
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
Example 2 with HttpModuleAuthentication
use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.
the class OidcResourceServerProvider method internalAuthentication.
@Override
protected Authentication internalAuthentication(Authentication authentication, List requireAssignment, AuthenticationChannel channel, Class focusType) throws AuthenticationException {
Authentication token;
if (authentication instanceof BearerTokenAuthenticationToken) {
BearerTokenAuthenticationToken oidcAuthenticationToken = (BearerTokenAuthenticationToken) authentication;
JwtAuthenticationToken jwtAuthentication;
try {
jwtAuthentication = (JwtAuthenticationToken) oidcProvider.authenticate(oidcAuthenticationToken);
} catch (AuthenticationException e) {
getAuditProvider().auditLoginFailure(null, null, createConnectEnvironment(getChannel()), e.getMessage());
throw e;
}
HttpModuleAuthentication oidcModule = (HttpModuleAuthentication) AuthUtil.getProcessingModule();
try {
String username = jwtAuthentication.getName();
if (StringUtils.isEmpty(username)) {
LOGGER.error("Username from jwt token don't contains value");
throw new AuthenticationServiceException("web.security.provider.invalid");
}
token = getPreAuthenticationToken(username, focusType, requireAssignment, channel);
} catch (AuthenticationException e) {
oidcModule.setAuthentication(oidcAuthenticationToken);
LOGGER.info("Authentication with oidc module failed: {}", e.getMessage());
throw e;
}
} else {
LOGGER.error("Unsupported authentication {}", authentication);
throw new AuthenticationServiceException("web.security.provider.unavailable");
}
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
return token;
}
Also used :
JwtAuthenticationToken(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)
AuthenticationException(org.springframework.security.core.AuthenticationException)
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
Authentication(org.springframework.security.core.Authentication)
BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 3 with HttpModuleAuthentication
use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.
the class MidpointHttpAuthorizationEvaluator method decide.
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
super.decide(authentication, object, configAttributes);
if (authentication instanceof MidpointAuthentication) {
for (ModuleAuthentication moduleAuthentication : ((MidpointAuthentication) authentication).getAuthentications()) {
if (AuthenticationModuleState.SUCCESSFULLY.equals(moduleAuthentication.getState()) && moduleAuthentication instanceof HttpModuleAuthentication && ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid() != null) {
String oid = ((HttpModuleAuthentication) moduleAuthentication).getProxyUserOid();
Task task = taskManager.createTaskInstance(OPERATION_REST_SERVICE);
task.setChannel(SchemaConstants.CHANNEL_REST_URI);
List<String> requiredActions = new ArrayList<>();
PrismObject<? extends FocusType> authorizedUser = searchUser(oid, task);
try {
if (authorizedUser == null) {
throw new SystemException("Couldn't get proxy user");
}
task.setOwner(authorizedUser);
requiredActions.add(AuthorizationConstants.AUTZ_REST_PROXY_URL);
MidPointPrincipal actualPrincipal = getPrincipalFromAuthentication(authentication, object, configAttributes);
decideInternal(actualPrincipal, requiredActions, authentication, object, task, AuthorizationParameters.Builder.buildObject(authorizedUser));
MidPointPrincipal principal = securityContextManager.getUserProfileService().getPrincipal(authorizedUser);
((MidpointAuthentication) authentication).setPrincipal(principal);
((MidpointAuthentication) authentication).setAuthorities(principal.getAuthorities());
} catch (SystemException | SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) {
LOGGER.error("Error while processing authorization: {}", e.getMessage(), e);
LOGGER.trace("DECIDE: authentication={}, object={}, requiredActions={}: ERROR {}", authentication, object, requiredActions, e.getMessage());
throw new SystemException("Error while processing authorization: " + e.getMessage(), e);
}
}
}
}
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
ArrayList(java.util.ArrayList)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
Example 4 with HttpModuleAuthentication
use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.
the class AuthSequenceUtil method resolveProxyUserOidHeader.
public static void resolveProxyUserOidHeader(HttpServletRequest request) {
String proxyUserOid = request.getHeader(PROXY_USER_OID_HEADER);
Authentication actualAuth = SecurityContextHolder.getContext().getAuthentication();
if (proxyUserOid != null && actualAuth instanceof MidpointAuthentication) {
ModuleAuthentication moduleAuth = ((MidpointAuthentication) actualAuth).getProcessingModuleAuthentication();
if (moduleAuth instanceof HttpModuleAuthentication) {
((HttpModuleAuthentication) moduleAuth).setProxyUserOid(proxyUserOid);
}
}
}
Also used :
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
Authentication(org.springframework.security.core.Authentication)
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
Example 5 with HttpModuleAuthentication
use of com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication in project midpoint by Evolveum.
the class HttpBasicModuleFactory method createEmptyModuleAuthentication.
@Override
protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, ModuleWebSecurityConfiguration configuration) {
HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(AuthenticationModuleNameConstants.HTTP_BASIC);
moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
moduleAuthentication.setCredentialName(((AbstractPasswordAuthenticationModuleType) moduleType).getCredentialName());
moduleAuthentication.setCredentialType(supportedClass());
moduleAuthentication.setNameOfModule(configuration.getNameOfModule());
moduleAuthentication.setRealm(((HttpBasicAuthenticationModuleType) moduleType).getRealm());
return moduleAuthentication;
}
Also used :
HttpModuleAuthentication(com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)
Aggregations
HttpModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication)5
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)2
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)2
Authentication (org.springframework.security.core.Authentication)2
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1
Task (com.evolveum.midpoint.task.api.Task)1
ArrayList (java.util.ArrayList)1
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1
AuthenticationException (org.springframework.security.core.AuthenticationException)1
BearerTokenAuthenticationToken (org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken)1
JwtAuthenticationToken (org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)1
