Example 6 with ConnectionEnvironment
use of com.evolveum.midpoint.security.api.ConnectionEnvironment in project midpoint by Evolveum.
the class RestServiceUtil method finishRequest.
public static void finishRequest(Task task, SecurityHelper securityHelper) {
task.getResult().computeStatus();
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI);
connEnv.setSessionIdOverride(task.getTaskIdentifier());
securityHelper.auditLogout(connEnv, task);
}
Also used :
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
Example 7 with ConnectionEnvironment
use of com.evolveum.midpoint.security.api.ConnectionEnvironment in project midpoint by Evolveum.
the class MidpointRestAuthenticator method handleRequest.
public void handleRequest(AuthorizationPolicy policy, Message m, ContainerRequestContext requestCtx) {
if (policy == null) {
RestServiceUtil.createAbortMessage(requestCtx);
return;
}
T authenticationContext = createAuthenticationContext(policy, requestCtx);
if (authenticationContext == null) {
return;
}
String enteredUsername = authenticationContext.getUsername();
if (enteredUsername == null) {
RestServiceUtil.createAbortMessage(requestCtx);
return;
}
LOGGER.trace("Authenticating username '{}' to REST service", enteredUsername);
// We need to create task before attempting authentication. Task ID is also a session ID.
Task task = taskManager.createTaskInstance(ModelRestService.OPERATION_REST_SERVICE);
task.setChannel(SchemaConstants.CHANNEL_REST_URI);
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI);
connEnv.setSessionIdOverride(task.getTaskIdentifier());
UsernamePasswordAuthenticationToken token;
try {
token = getAuthenticationEvaluator().authenticate(connEnv, authenticationContext);
} catch (UsernameNotFoundException | BadCredentialsException e) {
LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic authentication failed. Cannot authenticate user.").build());
return;
} catch (DisabledException | LockedException | CredentialsExpiredException | AccessDeniedException | AuthenticationCredentialsNotFoundException | AuthenticationServiceException e) {
LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
requestCtx.abortWith(Response.status(Status.FORBIDDEN).build());
return;
}
UserType user = ((MidPointPrincipal) token.getPrincipal()).getUser();
task.setOwner(user.asPrismObject());
// m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
if (!authorizeUser(user, null, enteredUsername, connEnv, requestCtx)) {
return;
}
String oid = requestCtx.getHeaderString("Switch-To-Principal");
OperationResult result = task.getResult();
if (StringUtils.isNotBlank(oid)) {
try {
PrismObject<UserType> authorizedUser = model.getObject(UserType.class, oid, null, task, result);
task.setOwner(authorizedUser);
if (!authorizeUser(AuthorizationConstants.AUTZ_REST_PROXY_URL, user, authorizedUser, enteredUsername, connEnv, requestCtx)) {
return;
}
if (!authorizeUser(authorizedUser.asObjectable(), null, authorizedUser.getName().getOrig(), connEnv, requestCtx)) {
return;
}
} catch (ObjectNotFoundException | SchemaException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
LOGGER.trace("Exception while authenticating user identified with '{}' to REST service: {}", oid, e.getMessage(), e);
requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Proxy Authentication failed. Cannot authenticate user.").build());
return;
}
}
m.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, task);
LOGGER.trace("Authorized to use REST service ({})", user);
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
Task(com.evolveum.midpoint.task.api.Task)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException)
SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException)
DisabledException(org.springframework.security.authentication.DisabledException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
LockedException(org.springframework.security.authentication.LockedException)
AuthenticationCredentialsNotFoundException(org.springframework.security.authentication.AuthenticationCredentialsNotFoundException)
CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException)
CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
Aggregations
ConnectionEnvironment (com.evolveum.midpoint.security.api.ConnectionEnvironment)7
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)4
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)3
PasswordAuthenticationContext (com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)2
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)2
Task (com.evolveum.midpoint.task.api.Task)2
ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)2
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)2
SOAPMessage (javax.xml.soap.SOAPMessage)2
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2
Authentication (org.springframework.security.core.Authentication)2
ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)1
CommunicationException (com.evolveum.midpoint.util.exception.CommunicationException)1
ConfigurationException (com.evolveum.midpoint.util.exception.ConfigurationException)1
ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)1
SecurityViolationException (com.evolveum.midpoint.util.exception.SecurityViolationException)1
ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)1
UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)1
ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)1
