Search in sources :

Example 1 with SecurityQuestionDefinitionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.

the class MidpointRestSecurityQuestionsAuthenticator method createAuthenticationContext.

@Override
protected SecurityQuestionsAuthenticationContext createAuthenticationContext(AuthorizationPolicy policy, ContainerRequestContext requestCtx) {
    JsonFactory f = new JsonFactory();
    ObjectMapper mapper = new ObjectMapper(f);
    JsonNode node = null;
    try {
        node = mapper.readTree(policy.getAuthorization());
    } catch (IOException e) {
        RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
        return null;
    }
    JsonNode userNameNode = node.findPath("user");
    if (userNameNode instanceof MissingNode) {
        RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
        return null;
    }
    String userName = userNameNode.asText();
    policy.setUserName(userName);
    JsonNode answerNode = node.findPath("answer");
    if (answerNode instanceof MissingNode) {
        SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
        SearchResultList<PrismObject<UserType>> users = null;
        try {
            users = searchUser(userName);
        } finally {
            SecurityContextHolder.getContext().setAuthentication(null);
        }
        if (users.size() != 1) {
            requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
            return null;
        }
        PrismObject<UserType> user = users.get(0);
        PrismContainer<SecurityQuestionAnswerType> questionAnswerContainer = user.findContainer(SchemaConstants.PATH_SECURITY_QUESTIONS_QUESTION_ANSWER);
        if (questionAnswerContainer == null || questionAnswerContainer.isEmpty()) {
            requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
            return null;
        }
        String questionChallenge = "";
        List<SecurityQuestionDefinitionType> questions = null;
        try {
            SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
            questions = getQuestions(user);
        } finally {
            SecurityContextHolder.getContext().setAuthentication(null);
        }
        Collection<SecurityQuestionAnswerType> questionAnswers = questionAnswerContainer.getRealValues();
        Iterator<SecurityQuestionAnswerType> questionAnswerIterator = questionAnswers.iterator();
        while (questionAnswerIterator.hasNext()) {
            SecurityQuestionAnswerType questionAnswer = questionAnswerIterator.next();
            SecurityQuestionDefinitionType question = questions.stream().filter(q -> q.getIdentifier().equals(questionAnswer.getQuestionIdentifier())).findFirst().get();
            String challenge = QUESTION.replace(Q_ID, question.getIdentifier());
            questionChallenge += challenge.replace(Q_TXT, question.getQuestionText());
            if (questionAnswerIterator.hasNext()) {
                questionChallenge += ",";
            }
        }
        String userChallenge = USER_CHALLENGE.replace("username", userName);
        String challenge = "{" + userChallenge + ", \"answer\" : [" + questionChallenge + "]}";
        RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, challenge);
        return null;
    }
    ArrayNode answers = (ArrayNode) answerNode;
    Iterator<JsonNode> answersList = answers.elements();
    Map<String, String> questionAnswers = new HashMap<>();
    while (answersList.hasNext()) {
        JsonNode answer = answersList.next();
        String questionId = answer.findPath("qid").asText();
        String questionAnswer = answer.findPath("qans").asText();
        questionAnswers.put(questionId, questionAnswer);
    }
    return new SecurityQuestionsAuthenticationContext(userName, questionAnswers);
}
Also used : SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType) HashMap(java.util.HashMap) JsonFactory(com.fasterxml.jackson.core.JsonFactory) JsonNode(com.fasterxml.jackson.databind.JsonNode) MissingNode(com.fasterxml.jackson.databind.node.MissingNode) IOException(java.io.IOException) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) PrismObject(com.evolveum.midpoint.prism.PrismObject) SecurityQuestionsAuthenticationContext(com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext) ArrayNode(com.fasterxml.jackson.databind.node.ArrayNode) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Example 2 with SecurityQuestionDefinitionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.

the class PageMyPasswordQuestions method checkIfQuestionisValid.

private SecurityQuestionAnswerDTO checkIfQuestionisValid(SecurityQuestionAnswerDTO questionIdentifier, List<SecurityQuestionDefinitionType> securityQuestionList) {
    for (Iterator iterator = securityQuestionList.iterator(); iterator.hasNext(); ) {
        SecurityQuestionDefinitionType securityQuestionDefinitionType = (SecurityQuestionDefinitionType) iterator.next();
        LOGGER.debug("List For" + securityQuestionDefinitionType.getIdentifier().trim());
        if (securityQuestionDefinitionType.getIdentifier().trim().equalsIgnoreCase((questionIdentifier.getPwdQuestion().trim()))) {
            questionIdentifier.setQuestionItself(securityQuestionDefinitionType.getQuestionText());
            LOGGER.info(": TRUE QUESTION");
            return questionIdentifier;
        } else {
            return null;
        }
    }
    return null;
}
Also used : SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType) Iterator(java.util.Iterator)

Example 3 with SecurityQuestionDefinitionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.

the class PageSecurityQuestions method initLayout.

public void initLayout() {
    Form mainForm = new Form(ID_MAIN_FORM);
    pqPanels = new ArrayList<MyPasswordQuestionsPanel>();
    PrismObject<SecurityPolicyType> securityPolicy = getSecurityPolicy();
    LOGGER.trace("Found security policy: {}", securityPolicy);
    if (securityPolicy == null) {
        LOGGER.error("No security policy, cannot process security questions");
        // we do not want to provide any information to the attacker.
        throw new RestartResponseException(PageError.class);
    }
    questionNumber = securityPolicy.asObjectable().getCredentials() != null && securityPolicy.asObjectable().getCredentials().getSecurityQuestions() != null ? securityPolicy.asObjectable().getCredentials().getSecurityQuestions().getQuestionNumber() : 0;
    policyQuestionList = securityPolicy.asObjectable().getCredentials() != null && securityPolicy.asObjectable().getCredentials().getSecurityQuestions() != null ? securityPolicy.asObjectable().getCredentials().getSecurityQuestions().getQuestion() : new ArrayList<SecurityQuestionDefinitionType>();
    List<SecurityQuestionAnswerDTO> userQuestionList = model.getObject().getSecurityAnswers();
    if (userQuestionList == null) {
        getSession().error(getString("pageForgetPassword.message.ContactAdminQuestionsNotSet"));
        SecurityContext securityContext = SecurityContextHolder.getContext();
        securityContext.setAuthentication(null);
        throw new RestartResponseException(PageForgotPassword.class);
    }
    if (questionNumber <= userQuestionList.size()) {
        // Questions
        for (Iterator iterator = policyQuestionList.iterator(); iterator.hasNext(); ) {
            SecurityQuestionDefinitionType securityQuestionDefinitionType = (SecurityQuestionDefinitionType) iterator.next();
            // user's question List loop to match the questions
            for (int userQuestint = 0; userQuestint < userQuestionList.size(); userQuestint++) {
                // if the question is in the policy check
                int panelNumber = 0;
                if (userQuestionList.get(userQuestint).getPwdQuestion().equalsIgnoreCase(securityQuestionDefinitionType.getIdentifier())) {
                    SecurityQuestionAnswerDTO a = new SecurityQuestionAnswerDTO(userQuestionList.get(userQuestint).getPwdQuestion(), "", userQuestionList.get(userQuestint).getQuestionItself());
                    a = checkIfQuestionisValid(a, policyQuestionList);
                    MyPasswordQuestionsPanel panel = new MyPasswordQuestionsPanel(ID_PASSWORD_QUESTIONS_PANEL + panelNumber, a);
                    pqPanels.add(panel);
                    panelNumber++;
                // This is the Question!
                }
            }
        }
    }
    add(mainForm);
    mainForm.add(getPanels(pqPanels));
    initButtons(mainForm);
}
Also used : SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType) Form(org.apache.wicket.markup.html.form.Form) ArrayList(java.util.ArrayList) SecurityPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType) RestartResponseException(org.apache.wicket.RestartResponseException) SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO) SecurityContext(org.springframework.security.core.context.SecurityContext) Iterator(java.util.Iterator) MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)

Example 4 with SecurityQuestionDefinitionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.

the class PageMyPasswordQuestions method executePasswordQuestionsAndAnswers.

/**
	 * method for get existing questions and answer from user credentials
	 * @author oguzhan
	 * @param userQuestionList
	 * @param policyQuestionList
	 * @param panelNumber
	 */
public void executePasswordQuestionsAndAnswers(List<SecurityQuestionAnswerDTO> userQuestionList, List<SecurityQuestionDefinitionType> policyQuestionList, int panelNumber) {
    int userQuest = 0;
    LOGGER.debug("executePasswordQuestionsAndAnswers");
    for (Iterator iterator = policyQuestionList.iterator(); iterator.hasNext(); ) {
        /* Loop for finding the Existing Questions 
		 * and Answers according to Policy*/
        SecurityQuestionDefinitionType securityQuestionDefinitionType = (SecurityQuestionDefinitionType) iterator.next();
        //user's question List loop to match the questions
        for (int i = userQuest; i < userQuestionList.size(); i++) {
            if (userQuestionList.get(i).getPwdQuestion().trim().compareTo(securityQuestionDefinitionType.getIdentifier().trim()) == 0) {
                SecurityQuestionAnswerDTO a = new SecurityQuestionAnswerDTO(userQuestionList.get(i).getPwdQuestion(), userQuestionList.get(i).getPwdAnswer(), userQuestionList.get(i).getQuestionItself());
                a = checkIfQuestionisValidSingle(a, securityQuestionDefinitionType);
                MyPasswordQuestionsPanel panel = new MyPasswordQuestionsPanel(ID_PASSWORD_QUESTIONS_PANEL + panelNumber, a);
                pqPanels.add(panel);
                panelNumber++;
                userQuest++;
                break;
            } else if (userQuestionList.get(i).getPwdQuestion().trim().compareTo(securityQuestionDefinitionType.getIdentifier().trim()) != 0) {
                SecurityQuestionAnswerDTO a = new SecurityQuestionAnswerDTO(policyQuestionList.get(panelNumber).getIdentifier(), "", policyQuestionList.get(panelNumber).getQuestionText());
                a.setQuestionItself(securityQuestionDefinitionType.getQuestionText());
                userQuestionList.get(i).setPwdQuestion(securityQuestionDefinitionType.getIdentifier().trim());
                MyPasswordQuestionsPanel panel = new MyPasswordQuestionsPanel(ID_PASSWORD_QUESTIONS_PANEL + panelNumber, a);
                pqPanels.add(panel);
                panelNumber++;
                userQuest++;
                break;
            }
        }
    }
}
Also used : SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType) SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO) Iterator(java.util.Iterator) MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)

Example 5 with SecurityQuestionDefinitionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType in project midpoint by Evolveum.

the class PageMyPasswordQuestions method initLayout.

public void initLayout() {
    Form mainForm = new Form(ID_MAIN_FORM);
    //question panel list 
    pqPanels = new ArrayList<MyPasswordQuestionsPanel>();
    OperationResult result = new OperationResult(OPERATION_LOAD_QUESTION_POLICY);
    try {
        Task task = getPageBase().createSimpleTask(OPERATION_LOAD_QUESTION_POLICY);
        OperationResult subResult = result.createSubresult(OPERATION_LOAD_QUESTION_POLICY);
        try {
            //PrismObject<SystemConfigurationType> config = getPageBase().getModelService().getObject(
            //	SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), null,
            //task, result);
            CredentialsPolicyType credPolicy = getModelInteractionService().getCredentialsPolicy(null, null, result);
            //Global Policy set question numbers
            if (credPolicy != null && credPolicy.getSecurityQuestions() != null) {
                questionNumber = credPolicy.getSecurityQuestions().getQuestionNumber();
                // Actual Policy Question List
                policyQuestionList = credPolicy.getSecurityQuestions().getQuestion();
            } else {
                questionNumber = 0;
                policyQuestionList = new ArrayList<SecurityQuestionDefinitionType>();
            }
        } catch (Exception ex) {
            ex.printStackTrace();
        /*	List<SecurityQuestionAnswerDTO> userQuestionList= model.getObject().getSecurityAnswers();
				int panelNumber=0;
				PrismObject<UserType> user = null;
				
				

				Collection options = SelectorOptions.createCollection(UserType.F_CREDENTIALS,
						GetOperationOptions.createRetrieve(RetrieveOption.INCLUDE));
				Task taskTwo = createSimpleTask("LOAD USER WRAPPER");
				user = getModelService().getObject(UserType.class, SecurityUtils.getPrincipalUser().getOid(), options, taskTwo, result);
			
				OperationResult parentResult = new OperationResult(OPERATION_LOAD_QUESTION_POLICY);
				questionNumber = getModelInteractionService().getCredentialsPolicy(user, parentResult).getSecurityQuestions().getQuestionNumber();
				
				policyQuestionList=getModelInteractionService().getCredentialsPolicy(user, parentResult).getSecurityQuestions().getQuestion();
				if(userQuestionList==null){
							
					executeAddingQuestions(questionNumber, 0, policyQuestionList);
												
					LOGGER.info(getModelInteractionService().getCredentialsPolicy(user, parentResult).getSecurityQuestions().getQuestionNumber().toString());

				}else{
					for(int userQuestint=0;userQuestint<userQuestionList.size();userQuestint++){
						SecurityQuestionAnswerDTO answerDTO=  checkIfQuestionisValid(userQuestionList.get(userQuestint), policyQuestionList);
						if (userQuestionList.get(userQuestint)!=null){
							LOGGER.debug("Questitself"+userQuestionList.get(userQuestint).getQuestionItself());
							MyPasswordQuestionsPanel panel=new MyPasswordQuestionsPanel(ID_PASSWORD_QUESTIONS_PANEL+ panelNumber,userQuestionList.get(userQuestint));
							pqPanels.add(panel);			
							panelNumber++;
						}

					}
					//TODO same questions check should be implemented
				
				}
				add(mainForm);
				mainForm.add(getPanels(pqPanels));

				initButtons(mainForm);
				return;
			*/
        }
        /*User's Pre-Set Question List*/
        List<SecurityQuestionAnswerDTO> userQuestionList = model.getObject().getSecurityAnswers();
        //Case that policy have more than users's number of numbers
        if ((userQuestionList == null) || (questionNumber > userQuestionList.size())) {
            if (userQuestionList == null) {
                executeAddingQuestions(questionNumber, 0, policyQuestionList);
            //TODO same questions check should be implemented
            } else {
                executePasswordQuestionsAndAnswers(userQuestionList, policyQuestionList, userQuestionList.size());
                //QUESTION NUMBER BIGGER THAN QUESTION LIST
                //rest of the questions	
                int difference = questionNumber - userQuestionList.size();
                executeAddingQuestions(difference, userQuestionList.size(), policyQuestionList);
            }
        } else if (questionNumber == userQuestionList.size()) {
            //QUESTION NUMBER EQUALS TO QUESTION LIST
            executePasswordQuestionsAndAnswers(userQuestionList, policyQuestionList, 0);
        //TODO PART2: Case that policy have smaller than users's number of numbers
        } else if (questionNumber < userQuestionList.size()) {
            //QUESTION NUMBER SMALLER THAN QUESTION LIST
            executePasswordQuestionsAndAnswers(userQuestionList, policyQuestionList, 0);
        //this part will be using at remove operation in the future
        /*	int diff = userQuestionList.size()-questionNumber;				
				for(Iterator iterator = userQuestionList.iterator(); iterator.hasNext();){
					
					SecurityQuestionAnswerDTO element = (SecurityQuestionAnswerDTO)iterator.next();
					for(int i=0; i<diff;i++){
						if(element == userQuestionList.get(questionNumber+i)){
							
							try{
								//LOGGER.info("REMOVE");
								iterator.remove();
							} catch (UnsupportedOperationException uoe) {
					            LOGGER.info(uoe.getStackTrace().toString());
					        }
					     }						
					}					
				}*/
        }
    } catch (Exception ex) {
        result.recordFatalError("Couldn't load system configuration.", ex);
    }
    add(mainForm);
    mainForm.add(getPanels(pqPanels));
    initButtons(mainForm);
}
Also used : Task(com.evolveum.midpoint.task.api.Task) SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType) Form(org.apache.wicket.markup.html.form.Form) SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO) MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) CredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType) RestartResponseException(org.apache.wicket.RestartResponseException) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException)

Aggregations

SecurityQuestionDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)5 MyPasswordQuestionsPanel (com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)3 SecurityQuestionAnswerDTO (com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)3 Iterator (java.util.Iterator)3 RestartResponseException (org.apache.wicket.RestartResponseException)2 Form (org.apache.wicket.markup.html.form.Form)2 SecurityQuestionsAuthenticationContext (com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)1 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1 Task (com.evolveum.midpoint.task.api.Task)1 CredentialsPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType)1 SecurityPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType)1 SecurityQuestionAnswerType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)1 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)1 JsonFactory (com.fasterxml.jackson.core.JsonFactory)1 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 ArrayNode (com.fasterxml.jackson.databind.node.ArrayNode)1 MissingNode (com.fasterxml.jackson.databind.node.MissingNode)1