Examples with ConnectionEnvironment com.evolveum.midpoint.security.api.ConnectionEnvironment used on opensource projects

Example 11 with ConnectionEnvironment

use of com.evolveum.midpoint.security.api.ConnectionEnvironment in project midpoint by Evolveum.

the class SecurityQuestionProvider method internalAuthentication.

@Override
protected Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> requireAssignment, AuthenticationChannel channel, Class<? extends FocusType> focusType) throws AuthenticationException {
    if (authentication.isAuthenticated() && authentication.getPrincipal() instanceof GuiProfiledPrincipal) {
        return authentication;
    }
    String enteredUsername = (String) authentication.getPrincipal();
    LOGGER.trace("Authenticating username '{}'", enteredUsername);
    ConnectionEnvironment connEnv = createEnvironment(channel);
    try {
        Authentication token;
        if (authentication instanceof SecurityQuestionsAuthenticationToken) {
            Map<String, String> answers = (Map<String, String>) authentication.getCredentials();
            SecurityQuestionsAuthenticationContext authContext = new SecurityQuestionsAuthenticationContext(enteredUsername, focusType, answers, requireAssignment);
            if (channel != null) {
                authContext.setSupportActivationByChannel(channel.isSupportActivationByChannel());
            }
            token = getEvaluator().authenticate(connEnv, authContext);
        } else {
            LOGGER.error("Unsupported authentication {}", authentication);
            throw new AuthenticationServiceException("web.security.provider.unavailable");
        }
        MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
        LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
        return token;
    } catch (AuthenticationException e) {
        LOGGER.info("Authentication failed for {}: {}", enteredUsername, e.getMessage());
        throw e;
    }
}

Example 12 with ConnectionEnvironment

use of com.evolveum.midpoint.security.api.ConnectionEnvironment in project midpoint by Evolveum.

the class PasswordCallback method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    LOGGER.trace("Invoked PasswordCallback with {} callbacks: {}", callbacks.length, callbacks);
    WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
    String username = pc.getIdentifier();
    String wssPasswordType = pc.getType();
    LOGGER.trace("Username: '{}', Password type: {}", username, wssPasswordType);
    try {
        ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI);
        pc.setPassword(passwordAuthenticationEvaluatorImpl.getAndCheckUserPassword(connEnv, username));
    } catch (Exception e) {
        LOGGER.trace("Exception in password callback: {}: {}", e.getClass().getSimpleName(), e.getMessage(), e);
        throw new PasswordCallbackException("Authentication failed");
    }
}

Example 13 with ConnectionEnvironment

use of com.evolveum.midpoint.security.api.ConnectionEnvironment in project midpoint by Evolveum.

the class NodeAuthenticationEvaluatorImpl method authenticate.

public boolean authenticate(@Nullable String remoteName, String remoteAddress, @NotNull String credentials, String operation) {
    LOGGER.debug("Checking if {} ({}) is a known node", remoteName, remoteAddress);
    OperationResult result = new OperationResult(OPERATION_SEARCH_NODE);
    ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI);
    try {
        List<PrismObject<NodeType>> allNodes = repositoryService.searchObjects(NodeType.class, null, null, result);
        List<PrismObject<NodeType>> matchingNodes = getMatchingNodes(allNodes, remoteName, remoteAddress);
        if (matchingNodes.isEmpty()) {
            LOGGER.debug("Authenticity cannot be established: No matching nodes for remote name '{}' and remote address '{}'", remoteName, remoteAddress);
        } else if (matchingNodes.size() > 1 && !taskManager.isLocalNodeClusteringEnabled()) {
            LOGGER.debug("Authenticity cannot be established: More than one matching node for remote name '{}' and " + "remote address '{}' with local-node clustering disabled: {}", remoteName, remoteAddress, matchingNodes);
        } else {
            assert matchingNodes.size() == 1 || matchingNodes.size() > 1 && taskManager.isLocalNodeClusteringEnabled();
            LOGGER.trace("Matching result: Node(s) {} recognized as known (remote host name {} or IP address {} matched).", matchingNodes, remoteName, remoteAddress);
            PrismObject<NodeType> actualNode = null;
            for (PrismObject<NodeType> matchingNode : matchingNodes) {
                ProtectedStringType encryptedSecret = matchingNode.asObjectable().getSecret();
                if (encryptedSecret != null) {
                    String plainSecret;
                    try {
                        plainSecret = protector.decryptString(encryptedSecret);
                    } catch (EncryptionException e) {
                        LoggingUtils.logUnexpectedException(LOGGER, "Couldn't decrypt node secret for {}", e, matchingNode);
                        continue;
                    }
                    if (credentials.equals(plainSecret)) {
                        LOGGER.debug("Node secret matches for {}", matchingNode);
                        actualNode = matchingNode;
                        break;
                    } else {
                        LOGGER.debug("Node secret does not match for {}", matchingNode);
                    }
                } else {
                    LOGGER.debug("No secret known for node {}", matchingNode);
                }
            }
            if (actualNode != null) {
                LOGGER.trace("Established authenticity for remote {}", actualNode);
                NodeAuthenticationTokenImpl authNtoken = new NodeAuthenticationTokenImpl(actualNode, remoteAddress, Collections.emptyList());
                SecurityContextHolder.getContext().setAuthentication(authNtoken);
                securityHelper.auditLoginSuccess(actualNode.asObjectable(), connEnv);
                return true;
            } else {
                LOGGER.debug("Authenticity for {} couldn't be established: none of the secrets match", matchingNodes);
            }
        }
    } catch (RuntimeException | SchemaException e) {
        LOGGER.error("Unhandled exception when listing nodes");
        LoggingUtils.logUnexpectedException(LOGGER, "Unhandled exception when listing nodes", e);
    }
    securityHelper.auditLoginFailure(remoteName != null ? remoteName : remoteAddress, null, connEnv, "Failed to authenticate node.");
    return false;
}

Example 14 with ConnectionEnvironment

use of com.evolveum.midpoint.security.api.ConnectionEnvironment in project midpoint by Evolveum.

the class MidPointAbstractAuthenticationProvider method createConnectEnvironment.

protected ConnectionEnvironment createConnectEnvironment(String channel) {
    ConnectionEnvironment env = ConnectionEnvironment.create(channel);
    Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
    if (actualAuthentication instanceof MidpointAuthentication && ((MidpointAuthentication) actualAuthentication).getSessionId() != null) {
        env.setSessionIdOverride(((MidpointAuthentication) actualAuthentication).getSessionId());
    }
    return env;
}

Example 15 with ConnectionEnvironment

use of com.evolveum.midpoint.security.api.ConnectionEnvironment in project midpoint by Evolveum.

the class PasswordProvider method internalAuthentication.

@Override
protected Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> requireAssignment, AuthenticationChannel channel, Class<? extends FocusType> focusType) throws AuthenticationException {
    if (authentication.isAuthenticated() && authentication.getPrincipal() instanceof GuiProfiledPrincipal) {
        return authentication;
    }
    String enteredUsername = (String) authentication.getPrincipal();
    LOGGER.trace("Authenticating username '{}'", enteredUsername);
    ConnectionEnvironment connEnv = createEnvironment(channel);
    try {
        Authentication token;
        if (authentication instanceof UsernamePasswordAuthenticationToken) {
            String enteredPassword = (String) authentication.getCredentials();
            PasswordAuthenticationContext authContext = new PasswordAuthenticationContext(enteredUsername, enteredPassword, focusType, requireAssignment);
            if (channel != null) {
                authContext.setSupportActivationByChannel(channel.isSupportActivationByChannel());
            }
            token = getEvaluator().authenticate(connEnv, authContext);
        } else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
            token = getEvaluator().authenticateUserPreAuthenticated(connEnv, new PreAuthenticationContext(enteredUsername, focusType, requireAssignment));
        } else {
            LOGGER.error("Unsupported authentication {}", authentication);
            throw new AuthenticationServiceException("web.security.provider.unavailable");
        }
        MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
        LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
        return token;
    } catch (AuthenticationException e) {
        LOGGER.info("Authentication failed for {}: {}", enteredUsername, e.getMessage());
        throw e;
    }
}