Example 1 with SecurityQuestionDto
use of com.evolveum.midpoint.web.security.util.SecurityQuestionDto in project midpoint by Evolveum.
the class PageSecurityQuestions method generateAnswer.
private String generateAnswer() {
JSONArray answers = new JSONArray();
for (SecurityQuestionDto question : questionsModel.getObject()) {
if (StringUtils.isNotBlank(question.getQuestionAnswer())) {
JSONObject json = new JSONObject();
json.put(AuthConstants.SEC_QUESTION_J_QID, question.getIdentifier());
json.put(AuthConstants.SEC_QUESTION_J_QANS, question.getQuestionAnswer());
answers.put(json);
}
}
if (answers.length() == 0) {
return null;
}
return answers.toString();
}
Also used :
SecurityQuestionDto(com.evolveum.midpoint.web.security.util.SecurityQuestionDto)
JSONObject(com.github.openjson.JSONObject)
JSONArray(com.github.openjson.JSONArray)
Example 2 with SecurityQuestionDto
use of com.evolveum.midpoint.web.security.util.SecurityQuestionDto in project midpoint by Evolveum.
the class PageSecurityQuestions method createUsersSecurityQuestionsList.
private List<SecurityQuestionDto> createUsersSecurityQuestionsList(PrismObject<UserType> user) {
SecurityQuestionsCredentialsType credentialsPolicyType = user.asObjectable().getCredentials().getSecurityQuestions();
if (credentialsPolicyType == null || credentialsPolicyType.getQuestionAnswer() == null || credentialsPolicyType.getQuestionAnswer().isEmpty()) {
String key = "web.security.flexAuth.any.security.questions";
error(getString(key));
LOGGER.error(key);
throw new RestartResponseException(PageSecurityQuestions.class);
}
List<SecurityQuestionAnswerType> secQuestAnsList = credentialsPolicyType.getQuestionAnswer();
SecurityPolicyType securityPolicy = resolveSecurityPolicy(user);
LOGGER.trace("Found security policy: {}", securityPolicy);
if (securityPolicy == null) {
LOGGER.error("No security policy, cannot process security questions");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageError.class);
}
if (securityPolicy.getCredentials() == null) {
LOGGER.error("No credential for security policy, cannot process security questions");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageError.class);
}
SecurityQuestionsCredentialsPolicyType secQuestionsPolicy = securityPolicy.getCredentials().getSecurityQuestions();
List<SecurityQuestionDefinitionType> questionList = secQuestionsPolicy != null ? secQuestionsPolicy.getQuestion() : new ArrayList<SecurityQuestionDefinitionType>();
List<SecurityQuestionDto> questionsDto = new ArrayList<SecurityQuestionDto>();
int questionNumber = secQuestionsPolicy != null ? secQuestionsPolicy.getQuestionNumber() : 1;
for (SecurityQuestionDefinitionType question : questionList) {
if (Boolean.TRUE.equals(question.isEnabled())) {
for (SecurityQuestionAnswerType userAnswer : secQuestAnsList) {
if (question.getIdentifier().equals(userAnswer.getQuestionIdentifier())) {
SecurityQuestionDto questionDto = new SecurityQuestionDto(question.getIdentifier());
questionDto.setQuestionText(question.getQuestionText());
questionsDto.add(questionDto);
break;
}
}
}
if (questionNumber == questionsDto.size()) {
break;
}
}
if (questionsDto.size() < questionNumber) {
String key = "pageForgetPassword.message.ContactAdminQuestionsNotSetEnough";
error(getString(key));
LOGGER.error(key);
throw new RestartResponseException(PageSecurityQuestions.class);
}
return questionsDto;
}
Also used :
ArrayList(java.util.ArrayList)
SecurityQuestionDto(com.evolveum.midpoint.web.security.util.SecurityQuestionDto)
RestartResponseException(org.apache.wicket.RestartResponseException)
Example 3 with SecurityQuestionDto
use of com.evolveum.midpoint.web.security.util.SecurityQuestionDto in project midpoint by Evolveum.
the class PageSecurityQuestions method initQuestionsSection.
private void initQuestionsSection(MidpointForm form) {
WebMarkupContainer questionsContainer = new WebMarkupContainer(ID_INSIDE_FORM);
questionsContainer.setOutputMarkupId(true);
questionsContainer.add(new VisibleEnableBehaviour() {
private static final long serialVersionUID = 1L;
@Override
public boolean isVisible() {
return showedQuestions;
}
});
form.add(questionsContainer);
ListView<SecurityQuestionDto> questionsView = new ListView<SecurityQuestionDto>(ID_QUESTIONS, questionsModel) {
private static final long serialVersionUID = 1L;
@Override
protected void populateItem(ListItem<SecurityQuestionDto> item) {
SecurityQuestionDto question = item.getModelObject();
Label questionText = new Label(ID_QUESTION_TEXT, new PropertyModel<String>(item.getModel(), "questionText"));
item.add(questionText);
RequiredTextField<String> questionAnswer = new RequiredTextField<>(ID_QUESTION_ANSWER, new PropertyModel<String>(item.getModel(), "questionAnswer"));
questionAnswer.setOutputMarkupId(true);
questionAnswer.add(new AjaxFormComponentUpdatingBehavior("blur") {
@Override
protected void onUpdate(AjaxRequestTarget target) {
String answer = generateAnswer();
answerModel.setObject(answer);
target.add(getHiddenAnswer());
}
});
item.add(questionAnswer);
}
};
questionsView.setOutputMarkupId(true);
questionsContainer.add(questionsView);
AjaxButton back = new AjaxButton(ID_BACK_2_BUTTON) {
private static final long serialVersionUID = 1L;
@Override
public void onClick(AjaxRequestTarget target) {
showedQuestions = false;
questionsModel.setObject(new ArrayList<SecurityQuestionDto>());
getHiddenUsername().getModel().setObject(null);
getHiddenAnswer().getModel().setObject(null);
target.add(getMainForm());
}
};
questionsContainer.add(back);
}
Also used :
AjaxFormComponentUpdatingBehavior(org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior)
Label(org.apache.wicket.markup.html.basic.Label)
RequiredTextField(org.apache.wicket.markup.html.form.RequiredTextField)
WebMarkupContainer(org.apache.wicket.markup.html.WebMarkupContainer)
AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget)
AjaxButton(com.evolveum.midpoint.web.component.AjaxButton)
ListView(org.apache.wicket.markup.html.list.ListView)
SecurityQuestionDto(com.evolveum.midpoint.web.security.util.SecurityQuestionDto)
VisibleEnableBehaviour(com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour)
ListItem(org.apache.wicket.markup.html.list.ListItem)
Aggregations
SecurityQuestionDto (com.evolveum.midpoint.web.security.util.SecurityQuestionDto)3
AjaxButton (com.evolveum.midpoint.web.component.AjaxButton)1
VisibleEnableBehaviour (com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour)1
JSONArray (com.github.openjson.JSONArray)1
JSONObject (com.github.openjson.JSONObject)1
ArrayList (java.util.ArrayList)1
RestartResponseException (org.apache.wicket.RestartResponseException)1
AjaxRequestTarget (org.apache.wicket.ajax.AjaxRequestTarget)1
AjaxFormComponentUpdatingBehavior (org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior)1
WebMarkupContainer (org.apache.wicket.markup.html.WebMarkupContainer)1
Label (org.apache.wicket.markup.html.basic.Label)1
RequiredTextField (org.apache.wicket.markup.html.form.RequiredTextField)1
ListItem (org.apache.wicket.markup.html.list.ListItem)1
ListView (org.apache.wicket.markup.html.list.ListView)1
