Examples with AccPasswordFilterEchoItemDto eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto used on opensource projects

Search in sources :

Example 6 with AccPasswordFilterEchoItemDto

use of eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto in project CzechIdMng by bcvsolutions.

the class DefaultPasswordFilterManager method validate.

@Override
public void validate(AccPasswordFilterRequestDto request) {
    LOG.info("Validation request from resource [{}] for identity identifier [{}] starting. {}", request.getResource(), request.getUsername(), request.getLogMetadata());
    SysSystemDto system = getSystem(request.getResource());
    SysSystemAttributeMappingDto passwordFilterAttribute = getAttributeMappingForPasswordFilter(system);
    IdmIdentityDto identity = evaluateUsernameToIdentity(system, request, passwordFilterAttribute);
    List<AccUniformPasswordDto> passwordDefinitions = getActiveUniformPasswordDefinitions(system);
    final GuardedString password = request.getPassword();
    final long timeout = passwordFilterAttribute.getEchoTimeout();
    final boolean changeInIdm = changeInIdm(passwordDefinitions);
    // Accounts with password filter support
    List<AccAccountDto> managedAccounts = null;
    // Accounts only for password changed without echo and password filter system
    List<AccAccountDto> notManagedAccounts = null;
    // System doesn't exists in password uniform feature
    if (CollectionUtils.isEmpty(passwordDefinitions)) {
        LOG.debug("System [{}] isn't exist in uniform password definition. Password will be check only trough the given system.");
        // Try find one account for given system with supported password filter
        managedAccounts = getAccountForSystemWithPasswordFilter(system, identity);
        notManagedAccounts = Lists.newArrayList();
    } else {
        UUID identityId = identity.getId();
        managedAccounts = getAccountsForPasswordChange(passwordDefinitions, identityId, Boolean.TRUE);
        notManagedAccounts = getAccountsForPasswordChange(passwordDefinitions, identityId, Boolean.FALSE);
    }
    if (managedAccounts.isEmpty()) {
        LOG.warn("For identifier [{}] (identity: [{}]) and resource [{}] wasn't found any managed account, validation will not be processed. {}", request.getUsername(), identity.getUsername(), request.getResource(), request.getLogMetadata());
        return;
    }
    // Accounts for current system only
    List<AccAccountDto> accounts = managedAccounts.stream().filter(account -> {
        return account.getSystem().equals(system.getId());
    }).collect(Collectors.toList());
    for (AccAccountDto account : accounts) {
        AccPasswordFilterEchoItemDto echo = getEcho(account.getId());
        if (echo == null) {
            // Echo doesn't exist yet we can continue for validation
            LOG.debug("Echo for account id [{}] and system identifier [{}] doesn't exist. {}", account.getId(), request.getUsername(), request.getLogMetadata());
            continue;
        }
        boolean echoValid = echo.isEchoValid(timeout);
        boolean passwordEqual = isPasswordEqual(echo, password);
        if (echoValid && passwordEqual && echo.isChanged()) {
            // Classic valid echo that was already changed, for this echo will not validate again
            LOG.info("Echo record found! Account uid [{}] and system code [{}]. Validation will be skipped. {}", account.getUid(), system.getCode(), request.getLogMetadata());
            // For one valid echo just skip password validate for all another password from uniform password
            return;
        }
        if (echo.isValidityChecked()) {
            // Validation was successfully executed, now is second run
            // TODO: can we skip this validation?
            LOG.debug("For account [{}] and system [{}] exist only echo for validation. {}", account.getUid(), system.getCode(), request.getLogMetadata());
        }
    }
    // Unite system from managed and not managed accounts
    List<SysSystemDto> systems = getSystemForAccounts(managedAccounts);
    systems.addAll(getSystemForAccounts(notManagedAccounts));
    // Get password policies from managed systems
    List<IdmPasswordPolicyDto> policies = getPasswordPolicy(systems);
    // Default password policy must be also added when is setup change trough IdM
    if (changeInIdm) {
        IdmPasswordPolicyDto defaultPasswordPolicy = policyService.getDefaultPasswordPolicy(IdmPasswordPolicyType.VALIDATE);
        // Password policy can be added by some system check for duplicate
        if (defaultPasswordPolicy != null && !policies.contains(defaultPasswordPolicy)) {
            policies.add(defaultPasswordPolicy);
        }
    }
    // For empty policies is not required process validation
    if (policies.isEmpty()) {
        LOG.info("Any applicable password policy found! For identifier [{}] (identity: [{}]) and resource [{}]. {}", request.getUsername(), identity.getUsername(), request.getResource(), request.getLogMetadata());
    } else {
        // Compose validation request for IdM
        IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
        passwordValidationDto.setPassword(password);
        passwordValidationDto.setIdentity(identity);
        // password is changed on different logged identity, but change by password filter is originally executed as target identity
        passwordValidationDto.setEnforceMinPasswordAgeValidation(true);
        try {
            policyService.validate(passwordValidationDto, policies);
        } catch (Exception e) {
            // Just log the message and send error next
            LOG.error("Validation didn't pass! For identity username [{}] and system code [{}]. Error message: [{}]. {}", identity.getUsername(), system.getCode(), StringUtils.defaultString(e.getMessage()), request.getLogMetadata());
            // Set echod with not information about not valid password
            managedAccounts.forEach(account -> {
                createEchoForValidation(account.getId(), password, false);
            });
            // Throw error to caller
            throw e;
        }
    }
    // Set validate echos only for managed accounts
    managedAccounts.forEach(account -> {
        createEchoForValidation(account.getId(), password, true);
    });
    // Password valid
    LOG.info("Validation request pass! For identity [{}] and system code [{}]. {}", identity.getUsername(), system.getCode(), request.getLogMetadata());
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) SysSystem_(eu.bcvsolutions.idm.acc.entity.SysSystem_) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) ZonedDateTime(java.time.ZonedDateTime) Autowired(org.springframework.beans.factory.annotation.Autowired) StringUtils(org.apache.commons.lang3.StringUtils) GroovyScriptService(eu.bcvsolutions.idm.core.api.service.GroovyScriptService) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) Map(java.util.Map) IdentityEventType(eu.bcvsolutions.idm.core.model.event.IdentityEvent.IdentityEventType) AccPasswordFilterEchoItemDto(eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto) ImmutableMap(com.google.common.collect.ImmutableMap) PasswordFilterEncoderConfiguration(eu.bcvsolutions.idm.acc.config.domain.PasswordFilterEncoderConfiguration) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) Strings(org.apache.logging.log4j.util.Strings) IdentityEvent(eu.bcvsolutions.idm.core.model.event.IdentityEvent) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) DefaultTransformFromResourceEvaluator(eu.bcvsolutions.idm.acc.script.evaluator.DefaultTransformFromResourceEvaluator) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) AccUniformPasswordDto(eu.bcvsolutions.idm.acc.dto.AccUniformPasswordDto) AccUniformPasswordService(eu.bcvsolutions.idm.acc.service.api.AccUniformPasswordService) HashMap(java.util.HashMap) BooleanUtils(org.apache.commons.lang3.BooleanUtils) ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) CollectionUtils(org.apache.commons.collections4.CollectionUtils) AccUniformPasswordFilter(eu.bcvsolutions.idm.acc.dto.filter.AccUniformPasswordFilter) ArrayList(java.util.ArrayList) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) Lists(com.google.common.collect.Lists) PasswordFilterManager(eu.bcvsolutions.idm.acc.service.api.PasswordFilterManager) LookupService(eu.bcvsolutions.idm.core.api.service.LookupService) Service(org.springframework.stereotype.Service) IdentityProcessor(eu.bcvsolutions.idm.core.api.event.processor.IdentityProcessor) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) IdmPasswordPolicyType(eu.bcvsolutions.idm.core.api.domain.IdmPasswordPolicyType) IdentityPasswordProcessor(eu.bcvsolutions.idm.core.model.event.processor.identity.IdentityPasswordProcessor) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmCacheManager(eu.bcvsolutions.idm.core.api.service.IdmCacheManager) AbstractScriptEvaluator(eu.bcvsolutions.idm.core.script.evaluator.AbstractScriptEvaluator) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) AccAccount_(eu.bcvsolutions.idm.acc.entity.AccAccount_) AccPasswordFilterRequestDto(eu.bcvsolutions.idm.acc.dto.AccPasswordFilterRequestDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) Assert(org.springframework.util.Assert) IdmPasswordPolicyService(eu.bcvsolutions.idm.core.api.service.IdmPasswordPolicyService) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) AccUniformPasswordDto(eu.bcvsolutions.idm.acc.dto.AccUniformPasswordDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccPasswordFilterEchoItemDto(eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto) IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) UUID(java.util.UUID)

Example 7 with AccPasswordFilterEchoItemDto

use of eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto in project CzechIdMng by bcvsolutions.

the class DefaultPasswordFilterManager method clearChangedEcho.

@Override
public void clearChangedEcho(UUID accountId) {
    AccPasswordFilterEchoItemDto echo = getEcho(accountId);
    echo.setChanged(false);
    echo.setChangeDate(null);
    idmCacheManager.cacheValue(ECHO_CACHE_NAME, accountId, echo);
}
Also used : AccPasswordFilterEchoItemDto(eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto)

Example 8 with AccPasswordFilterEchoItemDto

use of eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto in project CzechIdMng by bcvsolutions.

the class DefaultPasswordFilterManager method createEchoForValidation.

@Override
public void createEchoForValidation(UUID accountId, GuardedString password, boolean success) {
    AccPasswordFilterEchoItemDto echo = new AccPasswordFilterEchoItemDto(hashPassword(password), accountId);
    echo.setValidityChecked(success);
    echo.setValidateDate(ZonedDateTime.now());
    LOG.info("For account [{}] will be created new echo record for validation [{}].", accountId, success);
    idmCacheManager.cacheValue(ECHO_CACHE_NAME, accountId, echo);
}
Also used : AccPasswordFilterEchoItemDto(eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto)

Aggregations

AccPasswordFilterEchoItemDto (eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto)8 ZonedDateTime (java.time.ZonedDateTime)4 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)3 ValueWrapper (eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper)3 ImmutableMap (com.google.common.collect.ImmutableMap)2 Lists (com.google.common.collect.Lists)2 PasswordFilterEncoderConfiguration (eu.bcvsolutions.idm.acc.config.domain.PasswordFilterEncoderConfiguration)2 AccResultCode (eu.bcvsolutions.idm.acc.domain.AccResultCode)2 AccPasswordFilterRequestDto (eu.bcvsolutions.idm.acc.dto.AccPasswordFilterRequestDto)2 AccUniformPasswordDto (eu.bcvsolutions.idm.acc.dto.AccUniformPasswordDto)2 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)2 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)2 AccAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter)2 AccUniformPasswordFilter (eu.bcvsolutions.idm.acc.dto.filter.AccUniformPasswordFilter)2 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)2 AccAccount_ (eu.bcvsolutions.idm.acc.entity.AccAccount_)2 SysSystem_ (eu.bcvsolutions.idm.acc.entity.SysSystem_)2 DefaultTransformFromResourceEvaluator (eu.bcvsolutions.idm.acc.script.evaluator.DefaultTransformFromResourceEvaluator)2 AccAccountService (eu.bcvsolutions.idm.acc.service.api.AccAccountService)2 AccUniformPasswordService (eu.bcvsolutions.idm.acc.service.api.AccUniformPasswordService)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial