Search in sources :

Example 11 with GuiProfiledPrincipal

use of com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal in project midpoint by Evolveum.

the class GuiProfiledPrincipalManagerImpl method getLocalLoggedInPrincipals.

@Override
public List<UserSessionManagementType> getLocalLoggedInPrincipals() {
    String currentNodeId = taskManager.getNodeId();
    if (sessionRegistry != null) {
        List<Object> loggedInUsers = sessionRegistry.getAllPrincipals();
        List<UserSessionManagementType> loggedPrincipals = new ArrayList<>();
        for (Object principal : loggedInUsers) {
            if (!(principal instanceof GuiProfiledPrincipal)) {
                continue;
            }
            List<SessionInformation> sessionInfos = sessionRegistry.getAllSessions(principal, false);
            if (sessionInfos == null || sessionInfos.isEmpty()) {
                continue;
            }
            GuiProfiledPrincipal midPointPrincipal = (GuiProfiledPrincipal) principal;
            UserSessionManagementType userSessionManagementType = new UserSessionManagementType();
            userSessionManagementType.setFocus(midPointPrincipal.getFocus());
            userSessionManagementType.setActiveSessions(sessionInfos.size());
            userSessionManagementType.getNode().add(currentNodeId);
            loggedPrincipals.add(userSessionManagementType);
        }
        return loggedPrincipals;
    } else {
        return emptyList();
    }
}
Also used : SessionInformation(org.springframework.security.core.session.SessionInformation) UserSessionManagementType(com.evolveum.midpoint.xml.ns._public.common.api_types_3.UserSessionManagementType) GuiProfiledPrincipal(com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal) ArrayList(java.util.ArrayList) PrismObject(com.evolveum.midpoint.prism.PrismObject) PolyString(com.evolveum.midpoint.prism.polystring.PolyString)

Example 12 with GuiProfiledPrincipal

use of com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal in project midpoint by Evolveum.

the class GuiProfiledPrincipalManagerImpl method getPrincipal.

@Override
public GuiProfiledPrincipal getPrincipal(PrismObject<? extends FocusType> focus, AuthorizationTransformer authorizationTransformer, OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
    if (focus == null) {
        return null;
    }
    securityContextManager.setTemporaryPrincipalOid(focus.getOid());
    try {
        PrismObject<SystemConfigurationType> systemConfiguration = getSystemConfiguration(result);
        LifecycleStateModelType lifecycleModel = getLifecycleModel(focus, systemConfiguration);
        focusComputer.recompute(focus, lifecycleModel);
        GuiProfiledPrincipal principal = new GuiProfiledPrincipal(focus.asObjectable());
        initializePrincipalFromAssignments(principal, systemConfiguration, authorizationTransformer);
        return principal;
    } finally {
        securityContextManager.clearTemporaryPrincipalOid();
    }
}
Also used : GuiProfiledPrincipal(com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal)

Example 13 with GuiProfiledPrincipal

use of com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal in project midpoint by Evolveum.

the class AbstractModelIntegrationTest method assertCompiledGuiProfile.

protected CompiledGuiProfileAsserter<Void> assertCompiledGuiProfile(MidPointPrincipal principal) {
    if (!(principal instanceof GuiProfiledPrincipal)) {
        fail("Expected GuiProfiledPrincipal, but got " + principal.getClass());
    }
    CompiledGuiProfile compiledGuiProfile = ((GuiProfiledPrincipal) principal).getCompiledGuiProfile();
    CompiledGuiProfileAsserter<Void> asserter = new CompiledGuiProfileAsserter<>(compiledGuiProfile, null, "in principal " + principal);
    initializeAsserter(asserter);
    return asserter;
}
Also used : GuiProfiledPrincipal(com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal) CompiledGuiProfile(com.evolveum.midpoint.model.api.authentication.CompiledGuiProfile)

Example 14 with GuiProfiledPrincipal

use of com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal in project midpoint by Evolveum.

the class MailNonceProvider method internalAuthentication.

@Override
protected Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> requireAssignment, AuthenticationChannel channel, Class<? extends FocusType> focusType) throws AuthenticationException {
    if (authentication.isAuthenticated() && authentication.getPrincipal() instanceof GuiProfiledPrincipal) {
        return authentication;
    }
    String enteredUsername = (String) authentication.getPrincipal();
    LOGGER.trace("Authenticating username '{}'", enteredUsername);
    ConnectionEnvironment connEnv = createEnvironment(channel);
    try {
        Authentication token;
        if (authentication instanceof MailNonceAuthenticationToken) {
            String nonce = (String) authentication.getCredentials();
            NonceAuthenticationContext authContext = new NonceAuthenticationContext(enteredUsername, focusType, nonce, getNoncePolicy(enteredUsername), requireAssignment);
            if (channel != null) {
                authContext.setSupportActivationByChannel(channel.isSupportActivationByChannel());
            }
            token = getEvaluator().authenticate(connEnv, authContext);
        } else {
            LOGGER.error("Unsupported authentication {}", authentication);
            throw new AuthenticationServiceException("web.security.provider.unavailable");
        }
        MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
        LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
        return token;
    } catch (AuthenticationException e) {
        LOGGER.info("Authentication failed for {}: {}", enteredUsername, e.getMessage());
        throw e;
    }
}
Also used : NonceAuthenticationContext(com.evolveum.midpoint.model.api.context.NonceAuthenticationContext) GuiProfiledPrincipal(com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal) AuthenticationException(org.springframework.security.core.AuthenticationException) ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication) MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication) Authentication(org.springframework.security.core.Authentication) MailNonceAuthenticationToken(com.evolveum.midpoint.authentication.impl.module.authentication.token.MailNonceAuthenticationToken) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 15 with GuiProfiledPrincipal

use of com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal in project midpoint by Evolveum.

the class TestAbstractAuthenticationEvaluator method initSystem.

@Override
public void initSystem(Task initTask, OperationResult initResult) throws Exception {
    super.initSystem(initTask, initResult);
    modelService.postInit(initResult);
    // System Configuration
    try {
        repoAddObjectFromFile(SYSTEM_CONFIGURATION_FILE, initResult);
    } catch (ObjectAlreadyExistsException e) {
        throw new ObjectAlreadyExistsException("System configuration already exists in repository;" + "looks like the previous test haven't cleaned it up", e);
    }
    repoAddObjectFromFile(SECURITY_POLICY_FILE, initResult);
    // Administrator
    repoAddObjectFromFile(ROLE_SUPERUSER_FILE, initResult);
    PrismObject<UserType> userAdministrator = repoAddObjectFromFile(USER_ADMINISTRATOR_FILE, initResult);
    login(userAdministrator);
    // Users
    repoAddObjectFromFile(USER_JACK_FILE, UserType.class, initResult).asObjectable();
    repoAddObjectFromFile(USER_GUYBRUSH_FILE, UserType.class, initResult).asObjectable();
    messages = new MessageSourceAccessor(messageSource);
    ((AuthenticationEvaluatorImpl) getAuthenticationEvaluator()).setPrincipalManager(new GuiProfiledPrincipalManager() {

        @Override
        public <F extends FocusType, O extends ObjectType> PrismObject<F> resolveOwner(PrismObject<O> object) throws CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
            return focusProfileService.resolveOwner(object);
        }

        @Override
        public void updateFocus(MidPointPrincipal principal, Collection<? extends ItemDelta<?, ?>> itemDeltas) {
            focusProfileService.updateFocus(principal, itemDeltas);
        }

        @Override
        public GuiProfiledPrincipal getPrincipal(PrismObject<? extends FocusType> user) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
            return getPrincipal(user, null, null);
        }

        @Override
        public GuiProfiledPrincipal getPrincipal(PrismObject<? extends FocusType> user, AuthorizationTransformer authorizationLimiter, OperationResult result) throws SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
            GuiProfiledPrincipal principal = focusProfileService.getPrincipal(user);
            addFakeAuthorization(principal);
            return principal;
        }

        @Override
        public GuiProfiledPrincipal getPrincipal(String username, Class<? extends FocusType> clazz) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
            GuiProfiledPrincipal principal = focusProfileService.getPrincipal(username, clazz);
            addFakeAuthorization(principal);
            return principal;
        }

        @Override
        public GuiProfiledPrincipal getPrincipalByOid(String oid, Class<? extends FocusType> clazz) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException {
            GuiProfiledPrincipal principal = focusProfileService.getPrincipalByOid(oid, clazz);
            addFakeAuthorization(principal);
            return principal;
        }

        // TODO test maybe later?
        @Override
        public List<UserSessionManagementType> getLocalLoggedInPrincipals() {
            return null;
        }

        @Override
        public void terminateLocalSessions(TerminateSessionEvent terminateSessionEvent) {
        // TOTO test it
        }
    });
}
Also used : OperationResult(com.evolveum.midpoint.schema.result.OperationResult) PrismObject(com.evolveum.midpoint.prism.PrismObject) MessageSourceAccessor(org.springframework.context.support.MessageSourceAccessor) GuiProfiledPrincipal(com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal) AuthenticationEvaluatorImpl(com.evolveum.midpoint.authentication.impl.evaluator.AuthenticationEvaluatorImpl) List(java.util.List) TerminateSessionEvent(com.evolveum.midpoint.TerminateSessionEvent) GuiProfiledPrincipalManager(com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipalManager)

Aggregations

GuiProfiledPrincipal (com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal)17 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)4 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)4 PrismObject (com.evolveum.midpoint.prism.PrismObject)3 ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)3 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)3 Authentication (org.springframework.security.core.Authentication)3 AuthenticationException (org.springframework.security.core.AuthenticationException)3 CompiledGuiProfile (com.evolveum.midpoint.model.api.authentication.CompiledGuiProfile)2 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)2 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)2 ArrayList (java.util.ArrayList)2 SessionInformation (org.springframework.security.core.session.SessionInformation)2 TerminateSessionEvent (com.evolveum.midpoint.TerminateSessionEvent)1 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)1 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)1 AuthenticationEvaluatorImpl (com.evolveum.midpoint.authentication.impl.evaluator.AuthenticationEvaluatorImpl)1 MailNonceAuthenticationToken (com.evolveum.midpoint.authentication.impl.module.authentication.token.MailNonceAuthenticationToken)1 SecurityQuestionsAuthenticationToken (com.evolveum.midpoint.authentication.impl.module.authentication.token.SecurityQuestionsAuthenticationToken)1 ReadOnlyModel (com.evolveum.midpoint.gui.api.model.ReadOnlyModel)1