Example 1 with PasswordAuthenticationContext
use of com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext in project midpoint by Evolveum.
the class MidPointAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String enteredUsername = (String) authentication.getPrincipal();
LOGGER.trace("Authenticating username '{}'", enteredUsername);
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI);
Authentication token;
if (authentication instanceof UsernamePasswordAuthenticationToken) {
String enteredPassword = (String) authentication.getCredentials();
token = passwordAuthenticationEvaluator.authenticate(connEnv, new PasswordAuthenticationContext(enteredUsername, enteredPassword));
} else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
token = passwordAuthenticationEvaluator.authenticateUserPreAuthenticated(connEnv, enteredUsername);
} else {
LOGGER.error("Unsupported authentication {}", authentication);
throw new AuthenticationServiceException("web.security.provider.unavailable");
}
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
return token;
}
Also used :
PasswordAuthenticationContext(com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)
Authentication(org.springframework.security.core.Authentication)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 2 with PasswordAuthenticationContext
use of com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext in project midpoint by Evolveum.
the class PageAccountActivation method propagatePassword.
private void propagatePassword(AjaxRequestTarget target, Form<?> form) {
List<ShadowType> shadowsToActivate = getShadowsToActivate();
PasswordTextField passwordPanel = (PasswordTextField) form.get(createComponentPath(ID_PASSWORD));
String value = passwordPanel.getModelObject();
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_USER_URI);
UsernamePasswordAuthenticationToken token;
try {
token = authenticationEvaluator.authenticate(connEnv, new PasswordAuthenticationContext(userModel.getObject().getName().getOrig(), value, userModel.getObject().getClass()));
} catch (Exception ex) {
LOGGER.error("Failed to authenticate user, reason {}", ex.getMessage());
getSession().error(getString("PageAccountActivation.authentication.failed"));
throw new RestartResponseException(PageAccountActivation.class, getPageParameters());
}
if (token == null) {
LOGGER.error("Failed to authenticate user");
getSession().error(getString("PageAccountActivation.authentication.failed"));
throw new RestartResponseException(PageAccountActivation.class, getPageParameters());
}
ProtectedStringType passwordValue = new ProtectedStringType();
passwordValue.setClearValue(value);
Collection<ObjectDelta<ShadowType>> passwordDeltas = new ArrayList<>(shadowsToActivate.size());
for (ShadowType shadow : shadowsToActivate) {
ObjectDelta<ShadowType> shadowDelta = getPrismContext().deltaFactory().object().createModificationReplaceProperty(ShadowType.class, shadow.getOid(), SchemaConstants.PATH_PASSWORD_VALUE, passwordValue);
shadowDelta.addModificationReplaceProperty(ShadowType.F_LIFECYCLE_STATE, SchemaConstants.LIFECYCLE_ACTIVE);
passwordDeltas.add(shadowDelta);
}
OperationResult result = runPrivileged(new Producer<OperationResult>() {
private static final long serialVersionUID = 1L;
@Override
public OperationResult run() {
OperationResult result = new OperationResult(OPERATION_ACTIVATE_SHADOWS);
Task task = createAnonymousTask(OPERATION_ACTIVATE_SHADOWS);
WebModelServiceUtils.save((Collection) passwordDeltas, null, result, task, PageAccountActivation.this);
return result;
}
});
result.recomputeStatus();
if (!result.isSuccess()) {
getSession().error(getString("PageAccountActivation.account.activation.failed"));
LOGGER.error("Failed to acitvate accounts, reason: {} ", result.getMessage());
target.add(getFeedbackPanel());
} else {
getSession().success(getString("PageAccountActivation.account.activation.successful"));
target.add(getFeedbackPanel());
activated = true;
}
target.add(PageAccountActivation.this);
}
Also used :
PasswordAuthenticationContext(com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)
Task(com.evolveum.midpoint.task.api.Task)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
ArrayList(java.util.ArrayList)
PasswordTextField(org.apache.wicket.markup.html.form.PasswordTextField)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
RestartResponseException(org.apache.wicket.RestartResponseException)
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
RestartResponseException(org.apache.wicket.RestartResponseException)
Collection(java.util.Collection)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
Example 3 with PasswordAuthenticationContext
use of com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext in project midpoint by Evolveum.
the class PasswordProvider method internalAuthentication.
@Override
protected Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> requireAssignment, AuthenticationChannel channel, Class<? extends FocusType> focusType) throws AuthenticationException {
if (authentication.isAuthenticated() && authentication.getPrincipal() instanceof GuiProfiledPrincipal) {
return authentication;
}
String enteredUsername = (String) authentication.getPrincipal();
LOGGER.trace("Authenticating username '{}'", enteredUsername);
ConnectionEnvironment connEnv = createEnvironment(channel);
try {
Authentication token;
if (authentication instanceof UsernamePasswordAuthenticationToken) {
String enteredPassword = (String) authentication.getCredentials();
PasswordAuthenticationContext authContext = new PasswordAuthenticationContext(enteredUsername, enteredPassword, focusType, requireAssignment);
if (channel != null) {
authContext.setSupportActivationByChannel(channel.isSupportActivationByChannel());
}
token = getEvaluator().authenticate(connEnv, authContext);
} else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
token = getEvaluator().authenticateUserPreAuthenticated(connEnv, new PreAuthenticationContext(enteredUsername, focusType, requireAssignment));
} else {
LOGGER.error("Unsupported authentication {}", authentication);
throw new AuthenticationServiceException("web.security.provider.unavailable");
}
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
return token;
} catch (AuthenticationException e) {
LOGGER.info("Authentication failed for {}: {}", enteredUsername, e.getMessage());
throw e;
}
}
Also used :
PasswordAuthenticationContext(com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)
GuiProfiledPrincipal(com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal)
AuthenticationException(org.springframework.security.core.AuthenticationException)
Authentication(org.springframework.security.core.Authentication)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
PreAuthenticationContext(com.evolveum.midpoint.model.api.context.PreAuthenticationContext)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Aggregations
PasswordAuthenticationContext (com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)3
ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)2
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2
Authentication (org.springframework.security.core.Authentication)2
PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)2
GuiProfiledPrincipal (com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal)1
PreAuthenticationContext (com.evolveum.midpoint.model.api.context.PreAuthenticationContext)1
ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)1
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1
Task (com.evolveum.midpoint.task.api.Task)1
ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)1
ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
RestartResponseException (org.apache.wicket.RestartResponseException)1
PasswordTextField (org.apache.wicket.markup.html.form.PasswordTextField)1
AuthenticationException (org.springframework.security.core.AuthenticationException)1
