Example 1 with ModuleAuthenticationImpl
use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.
the class OidcClientModuleFactory method createModuleFilter.
@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
if (!(moduleType instanceof OidcAuthenticationModuleType)) {
LOGGER.error("This factory support only OidcAuthenticationModuleType, but modelType is " + moduleType);
return null;
}
if (((OidcAuthenticationModuleType) moduleType).getClient().isEmpty()) {
LOGGER.error("Client configuration of OidcAuthenticationModuleType is null");
return null;
}
isSupportedChannel(authenticationChannel);
OidcClientModuleWebSecurityConfiguration.setProtector(getProtector());
OidcClientModuleWebSecurityConfiguration configuration = OidcClientModuleWebSecurityConfiguration.build((OidcAuthenticationModuleType) moduleType, sequenceSuffix, getPublicUrlPrefix(request), request);
configuration.setSequenceSuffix(sequenceSuffix);
configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new OidcClientProvider(configuration.getAdditionalConfiguration())));
OidcClientModuleWebSecurityConfigurer<OidcClientModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new OidcClientModuleWebSecurityConfigurer<>(configuration));
module.setObjectPostProcessor(getObjectObjectPostProcessor());
HttpSecurity http = module.getNewHttpSecurity();
setSharedObjects(http, sharedObjects);
ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, request);
moduleAuthentication.setFocusType(moduleType.getFocusType());
SecurityFilterChain filter = http.build();
return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used :
OidcClientModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.OidcClientModuleWebSecurityConfiguration)
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
OidcClientModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
OidcClientProvider(com.evolveum.midpoint.authentication.impl.provider.OidcClientProvider)
Example 2 with ModuleAuthenticationImpl
use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.
the class Saml2ModuleFactory method createModuleFilter.
@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
if (!(moduleType instanceof Saml2AuthenticationModuleType)) {
LOGGER.error("This factory support only Saml2AuthenticationModuleType, but modelType is " + moduleType);
return null;
}
isSupportedChannel(authenticationChannel);
SamlModuleWebSecurityConfiguration.setProtector(getProtector());
SamlModuleWebSecurityConfiguration configuration = SamlModuleWebSecurityConfiguration.build((Saml2AuthenticationModuleType) moduleType, sequenceSuffix, getPublicUrlPrefix(request), request);
configuration.setSequenceSuffix(sequenceSuffix);
configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new Saml2Provider()));
SamlModuleWebSecurityConfigurer<SamlModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new SamlModuleWebSecurityConfigurer<>(configuration));
HttpSecurity http = getNewHttpSecurity(module);
setSharedObjects(http, sharedObjects);
ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, request);
moduleAuthentication.setFocusType(moduleType.getFocusType());
SecurityFilterChain filter = http.build();
for (Filter f : filter.getFilters()) {
if (f instanceof Saml2WebSsoAuthenticationRequestFilter) {
((Saml2WebSsoAuthenticationRequestFilter) f).setRedirectMatcher(new AntPathRequestMatcher(module.getPrefix() + RemoteModuleAuthenticationImpl.AUTHENTICATION_REQUEST_PROCESSING_URL_SUFFIX_WITH_REG_ID));
break;
}
}
return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used :
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
Saml2ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
RemoteModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)
Saml2WebSsoAuthenticationRequestFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter)
Saml2Provider(com.evolveum.midpoint.authentication.impl.provider.Saml2Provider)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
Saml2WebSsoAuthenticationRequestFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter)
Filter(javax.servlet.Filter)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
SamlModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.SamlModuleWebSecurityConfiguration)
Example 3 with ModuleAuthenticationImpl
use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.
the class MidPointAuthenticationSuccessHandler method onAuthenticationSuccess.
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
String urlSuffix = AuthConstants.DEFAULT_PATH_AFTER_LOGIN;
String authenticatedChannel = null;
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
moduleAuthentication.setState(AuthenticationModuleState.SUCCESSFULLY);
if (mpAuthentication.getAuthenticationChannel() != null) {
authenticatedChannel = mpAuthentication.getAuthenticationChannel().getChannelId();
if (mpAuthentication.isAuthenticated()) {
urlSuffix = mpAuthentication.getAuthenticationChannel().getPathAfterSuccessfulAuthentication();
mpAuthentication.getAuthenticationChannel().postSuccessAuthenticationProcessing();
if (mpAuthentication.getAuthenticationChannel().isPostAuthenticationEnabled()) {
getRedirectStrategy().sendRedirect(request, response, urlSuffix);
return;
}
} else {
urlSuffix = mpAuthentication.getAuthenticationChannel().getPathDuringProccessing();
}
}
}
SavedRequest savedRequest = requestCache.getRequest(request, response);
if (savedRequest != null && savedRequest.getRedirectUrl().contains(ModuleWebSecurityConfigurationImpl.DEFAULT_PREFIX_OF_MODULE_WITH_SLASH + "/")) {
String target = savedRequest.getRedirectUrl().substring(0, savedRequest.getRedirectUrl().indexOf(ModuleWebSecurityConfigurationImpl.DEFAULT_PREFIX_OF_MODULE_WITH_SLASH + "/")) + urlSuffix;
getRedirectStrategy().sendRedirect(request, response, target);
return;
}
if (savedRequest != null && authenticatedChannel != null) {
int startIndex = savedRequest.getRedirectUrl().indexOf(request.getContextPath()) + request.getContextPath().length();
int endIndex = savedRequest.getRedirectUrl().length() - 1;
String channelSavedRequest = null;
if ((startIndex < endIndex)) {
String localePath = savedRequest.getRedirectUrl().substring(startIndex, endIndex);
channelSavedRequest = AuthSequenceUtil.searchChannelByPath(localePath);
}
if (channelSavedRequest == null) {
channelSavedRequest = SecurityPolicyUtil.DEFAULT_CHANNEL;
}
if (!(channelSavedRequest.equals(authenticatedChannel))) {
getRedirectStrategy().sendRedirect(request, response, urlSuffix);
return;
}
} else {
setDefaultTargetUrl(urlSuffix);
}
super.onAuthenticationSuccess(request, response, authentication);
}
Also used :
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
SavedRequest(org.springframework.security.web.savedrequest.SavedRequest)
Example 4 with ModuleAuthenticationImpl
use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.
the class HttpHeaderModuleFactory method createModuleFilter.
@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
if (!(moduleType instanceof HttpHeaderAuthenticationModuleType)) {
LOGGER.error("This factory support only HttpHeaderAuthenticationModuleType, but modelType is " + moduleType);
return null;
}
isSupportedChannel(authenticationChannel);
HttpHeaderAuthenticationModuleType httpModuleType = (HttpHeaderAuthenticationModuleType) moduleType;
HttpHeaderModuleWebSecurityConfiguration configuration = HttpHeaderModuleWebSecurityConfiguration.build(httpModuleType, sequenceSuffix);
configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new PasswordProvider()));
HttpHeaderModuleWebSecurityConfigurer<HttpHeaderModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new HttpHeaderModuleWebSecurityConfigurer<>(configuration));
HttpSecurity http = getNewHttpSecurity(module);
setSharedObjects(http, sharedObjects);
ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration);
moduleAuthentication.setFocusType(httpModuleType.getFocusType());
SecurityFilterChain filter = http.build();
return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used :
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
HttpHeaderModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.HttpHeaderModuleWebSecurityConfiguration)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
HttpHeaderAuthenticationModuleType(com.evolveum.midpoint.xml.ns._public.common.common_3.HttpHeaderAuthenticationModuleType)
PasswordProvider(com.evolveum.midpoint.authentication.impl.provider.PasswordProvider)
Example 5 with ModuleAuthenticationImpl
use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.
the class LdapModuleFactory method createModuleFilter.
@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
if (!(moduleType instanceof LdapAuthenticationModuleType)) {
LOGGER.error("This factory support only LdapAuthenticationModuleType, but modelType is " + moduleType);
return null;
}
isSupportedChannel(authenticationChannel);
LdapModuleWebSecurityConfiguration configuration = LdapModuleWebSecurityConfiguration.build(moduleType, sequenceSuffix);
configuration.setSequenceSuffix(sequenceSuffix);
configuration.addAuthenticationProvider(getProvider((LdapAuthenticationModuleType) moduleType));
LdapWebSecurityConfigurer<LdapModuleWebSecurityConfiguration> module = createModule(configuration);
HttpSecurity http = getNewHttpSecurity(module);
setSharedObjects(http, sharedObjects);
ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication((LdapAuthenticationModuleType) moduleType, configuration);
SecurityFilterChain filter = http.build();
return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used :
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
LdapModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.LdapModuleWebSecurityConfiguration)
LdapAuthenticationModuleType(com.evolveum.midpoint.xml.ns._public.common.common_3.LdapAuthenticationModuleType)
Aggregations
ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)19
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)9
Authentication (org.springframework.security.core.Authentication)8
HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)7
SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)7
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)2
LdapModuleAuthentication (com.evolveum.midpoint.authentication.impl.module.authentication.LdapModuleAuthentication)2
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)2
AuthModule (com.evolveum.midpoint.authentication.api.AuthModule)1
AuthenticationChannel (com.evolveum.midpoint.authentication.api.AuthenticationChannel)1
ModuleWebSecurityConfiguration (com.evolveum.midpoint.authentication.api.ModuleWebSecurityConfiguration)1
MidpointAnonymousAuthenticationFilter (com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter)1
LdapDirContextAdapter (com.evolveum.midpoint.authentication.impl.ldap.LdapDirContextAdapter)1
CredentialModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.CredentialModuleAuthenticationImpl)1
OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)1
RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)1
Saml2ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)1
HttpHeaderModuleWebSecurityConfiguration (com.evolveum.midpoint.authentication.impl.module.configuration.HttpHeaderModuleWebSecurityConfiguration)1
LdapModuleWebSecurityConfiguration (com.evolveum.midpoint.authentication.impl.module.configuration.LdapModuleWebSecurityConfiguration)1
OidcClientModuleWebSecurityConfiguration (com.evolveum.midpoint.authentication.impl.module.configuration.OidcClientModuleWebSecurityConfiguration)1
