Examples with ModuleAuthenticationImpl com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl used on opensource projects

Example 11 with ModuleAuthenticationImpl

use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.

the class MidPointAbstractAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication originalAuthentication) throws AuthenticationException {
    AuthenticationRequirements authRequirements = new AuthenticationRequirements();
    try {
        Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
        Authentication processingAuthentication = originalAuthentication;
        if (isAnonymous(originalAuthentication)) {
            // hack for specific situation when user is anonymous, but accessDecisionManager resolve it
            return originalAuthentication;
        }
        processingAuthentication = initAuthRequirements(processingAuthentication, originalAuthentication, actualAuthentication, authRequirements);
        Authentication token = internalAuthentication(processingAuthentication, authRequirements.requireAssignment, authRequirements.channel, authRequirements.focusType);
        if (actualAuthentication instanceof MidpointAuthentication) {
            MidpointAuthentication mpAuthentication = (MidpointAuthentication) actualAuthentication;
            ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) getProcessingModule(mpAuthentication);
            if (token.getPrincipal() instanceof MidPointPrincipal) {
                MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
                token = createNewAuthenticationToken(token, mpAuthentication.getAuthenticationChannel().resolveAuthorities(principal.getAuthorities()));
            } else {
                token = createNewAuthenticationToken(token, token.getAuthorities());
            }
            writeAuthentication(processingAuthentication, mpAuthentication, moduleAuthentication, token);
            return mpAuthentication;
        }
        return token;
    } catch (RuntimeException | Error e) {
        // Make sure to explicitly log all runtime errors here. Spring security is doing very poor job and does not log this properly.
        LOGGER.error("Authentication (runtime) error: {}", e.getMessage(), e);
        throw e;
    }
}

Example 12 with ModuleAuthenticationImpl

use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.

the class RemoteModuleWebSecurityConfigurer method createAnonymousFilter.

@Override
protected AnonymousAuthenticationFilter createAnonymousFilter() {
    AnonymousAuthenticationFilter filter = new MidpointAnonymousAuthenticationFilter(authRegistry, authChannelRegistry, PrismContext.get(), UUID.randomUUID().toString(), "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")) {

        @Override
        protected void processAuthentication(ServletRequest req) {
            if (SecurityContextHolder.getContext().getAuthentication() instanceof MidpointAuthentication) {
                MidpointAuthentication mpAuthentication = (MidpointAuthentication) SecurityContextHolder.getContext().getAuthentication();
                ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) mpAuthentication.getProcessingModuleAuthentication();
                if (moduleAuthentication != null && (moduleAuthentication.getAuthentication() == null || getAuthTokenClass().isAssignableFrom(moduleAuthentication.getAuthentication().getClass()))) {
                    Authentication authentication = createBasicAuthentication((HttpServletRequest) req);
                    moduleAuthentication.setAuthentication(authentication);
                    mpAuthentication.setPrincipal(authentication.getPrincipal());
                }
            }
        }
    };
    filter.setAuthenticationDetailsSource(new RemoteAuthenticationDetailsSource(getAuthTokenClass()));
    return filter;
}

Example 13 with ModuleAuthenticationImpl

use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.

the class MidPointLdapAuthenticationProvider method getFocusType.

private Class<? extends FocusType> getFocusType() {
    Class<? extends FocusType> focusType = UserType.class;
    Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
    if (actualAuthentication instanceof MidpointAuthentication) {
        MidpointAuthentication mpAuthentication = (MidpointAuthentication) actualAuthentication;
        ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) getProcessingModule(mpAuthentication);
        if (moduleAuthentication != null && moduleAuthentication.getFocusType() != null) {
            focusType = PrismContext.get().getSchemaRegistry().determineCompileTimeClass(moduleAuthentication.getFocusType());
        }
    }
    return focusType;
}

Example 14 with ModuleAuthenticationImpl

use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.

the class OidcResourceServerModuleFactory method createModuleFilter.

@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
    if (!(moduleType instanceof OidcAuthenticationModuleType)) {
        LOGGER.error("This factory support only OidcAuthenticationModuleType, but modelType is " + moduleType);
        return null;
    }
    if (((OidcAuthenticationModuleType) moduleType).getResourceServer() == null) {
        LOGGER.error("Resource configuration of OidcAuthenticationModuleType is null");
        return null;
    }
    isSupportedChannel(authenticationChannel);
    OidcResourceServerModuleWebSecurityConfiguration.setProtector(getProtector());
    OidcResourceServerModuleWebSecurityConfiguration configuration = OidcResourceServerModuleWebSecurityConfiguration.build((OidcAuthenticationModuleType) moduleType, sequenceSuffix);
    configuration.setSequenceSuffix(sequenceSuffix);
    OidcResourceServerAuthenticationModuleType resourceServer = ((OidcAuthenticationModuleType) moduleType).getResourceServer();
    JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
    if (resourceServer.getNameOfUsernameClaim() != null) {
        jwtAuthenticationConverter.setPrincipalClaimName(resourceServer.getNameOfUsernameClaim());
    }
    configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new OidcResourceServerProvider(configuration.getDecoder(), jwtAuthenticationConverter)));
    OidcResourceServerModuleWebSecurityConfigurer<OidcResourceServerModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new OidcResourceServerModuleWebSecurityConfigurer<>(configuration));
    module.setObjectPostProcessor(getObjectObjectPostProcessor());
    HttpSecurity http = module.getNewHttpSecurity();
    setSharedObjects(http, sharedObjects);
    ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, resourceServer);
    moduleAuthentication.setFocusType(moduleType.getFocusType());
    SecurityFilterChain filter = http.build();
    return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}

Example 15 with ModuleAuthenticationImpl

use of com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl in project midpoint by Evolveum.

the class MidpointAnonymousAuthenticationFilter method createAuthentication.

protected Authentication createAuthentication(HttpServletRequest request) {
    Authentication auth = createBasicAuthentication(request);
    MidpointAuthentication authentication = new MidpointAuthentication(SecurityPolicyUtil.createDefaultSequence());
    AuthenticationsPolicyType authenticationsPolicy;
    try {
        authenticationsPolicy = SecurityPolicyUtil.createDefaultAuthenticationPolicy(NO_CUSTOM_IGNORED_LOCAL_PATH, prismContext.getSchemaRegistry());
    } catch (SchemaException e) {
        LOGGER.error("Couldn't get default authentication policy");
        throw new IllegalArgumentException("Couldn't get default authentication policy", e);
    }
    AuthenticationSequenceType sequence = SecurityPolicyUtil.createDefaultSequence();
    AuthenticationChannel authenticationChannel = AuthSequenceUtil.buildAuthChannel(authChannelRegistry, sequence);
    List<AuthModule> authModules = AuthSequenceUtil.buildModuleFilters(authRegistry, sequence, request, authenticationsPolicy.getModules(), null, new HashMap<>(), authenticationChannel);
    authentication.setAuthModules(authModules);
    if (authModules != null) {
        ModuleAuthenticationImpl module = (ModuleAuthenticationImpl) authModules.get(0).getBaseModuleAuthentication();
        module.setAuthentication(auth);
        authentication.addAuthentications(module);
    }
    authentication.setPrincipal(auth.getPrincipal());
    return authentication;
}