Examples with IdmTokenDto eu.bcvsolutions.idm.core.api.dto.IdmTokenDto used on opensource projects

Example 46 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class JwtAuthenticationMapper method createToken.

/**
 * Create token with assigned identity authorities
 *
 * @param identity
 * @param preparedToken
 * @return preparedToken with filled required
 */
public IdmTokenDto createToken(IdmIdentityDto identity, IdmTokenDto preparedToken) {
    Assert.notNull(identity, "Identity is required.");
    UUID identityId = identity.getId();
    Assert.notNull(identityId, "Identity identifier is required.");
    // 
    // persist token
    IdmTokenDto token = new IdmTokenDto();
    if (preparedToken != null) {
        // fill optional token properties
        token.setId(preparedToken.getId());
        token.setModuleId(preparedToken.getModuleId());
        token.setExternalId(preparedToken.getExternalId());
        token.getProperties().putAll(preparedToken.getProperties());
        token.setDisabled(preparedToken.isDisabled());
        token.setIssuedAt(preparedToken.getIssuedAt());
        token.setOwnerId(preparedToken.getOwnerId());
        token.setOwnerType(preparedToken.getOwnerType());
        token.setTokenType(preparedToken.getTokenType());
        token.setSecretVerified(preparedToken.isSecretVerified());
    }
    // required properties
    if (token.getTokenType() == null) {
        token.setTokenType(AUTHENTICATION_TOKEN_NAME);
    }
    if (token.getOwnerId() == null) {
        token.setOwnerId(identityId);
    }
    if (token.getOwnerType() == null) {
        token.setOwnerType(tokenManager.getOwnerType(identity));
    }
    if (token.getIssuedAt() == null) {
        token.setIssuedAt(ZonedDateTime.now());
    }
    // 
    ConfigurationMap properties = token.getProperties();
    properties.put(PROPERTY_AUTHORITIES, getDtoAuthorities(grantedAuthoritiesFactory.getGrantedAuthoritiesForIdentity(identity.getId())));
    properties.put(PROPERTY_CURRENT_USERNAME, identity.getUsername());
    properties.put(PROPERTY_CURRENT_IDENTITY_ID, identityId);
    // original user can be set in prepared token
    properties.putIfAbsent(PROPERTY_ORIGINAL_USERNAME, identity.getUsername());
    // original user can be set in prepared token
    properties.putIfAbsent(PROPERTY_ORIGINAL_IDENTITY_ID, identityId);
    // 
    if (token.getId() == null) {
        // token id has to be written into token
        token.setId(UUID.randomUUID());
    }
    // resolve expiration
    if (properties.getBoolean(PROPERTY_PRESERVE_EXPIRATION)) {
        token.setExpiration(preparedToken.getExpiration());
        // 
        LOG.debug("Expiration for token [{}] is preserved, expiration is set to [{}].", token.getId(), token.getExpiration());
    } else {
        token.setExpiration(getNewExpiration());
    }
    // 
    token.setToken(getTokenHash(token));
    token = tokenManager.saveToken(identity, token);
    // 
    return token;
}

Example 47 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class JwtAuthenticationMapper method fromDto.

/**
 * Converts dto to authentication.
 *
 * @param token
 * @return
 */
public IdmJwtAuthentication fromDto(IdmTokenDto token) {
    Assert.notNull(token, "Token is required.");
    // 
    List<GrantedAuthority> grantedAuthorities = getDtoAuthorities(token).stream().map(authority -> new DefaultGrantedAuthority(authority.getAuthority())).collect(Collectors.toList());
    // 
    IdmJwtAuthentication authentication = new IdmJwtAuthentication(new IdmIdentityDto(token.getProperties().getUuid(PROPERTY_CURRENT_IDENTITY_ID), token.getProperties().getString(PROPERTY_CURRENT_USERNAME)), new IdmIdentityDto(token.getProperties().getUuid(PROPERTY_ORIGINAL_IDENTITY_ID), token.getProperties().getString(PROPERTY_ORIGINAL_USERNAME)), token.getExpiration(), token.getIssuedAt(), grantedAuthorities, token.getModuleId());
    authentication.setId(token.getId());
    // 
    return authentication;
}

Example 48 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class DefaultJwtAuthenticationService method createJwtAuthenticationAndAuthenticate.

@Override
public LoginDto createJwtAuthenticationAndAuthenticate(LoginDto loginDto, IdmIdentityDto identity, String moduleId) {
    IdmTokenDto preparedToken = new IdmTokenDto();
    preparedToken.setModuleId(moduleId);
    return createJwtAuthenticationAndAuthenticate(loginDto, identity, preparedToken);
}

Example 49 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class DefaultJwtAuthenticationService method createJwtAuthenticationAndAuthenticate.

@Override
public LoginDto createJwtAuthenticationAndAuthenticate(LoginDto loginDto, IdmIdentityDto identity, IdmTokenDto preparedToken) {
    Assert.notNull(identity, "Identity is required.");
    UUID identityId = identity.getId();
    Assert.notNull(identityId, "Identity identifier is required.");
    // check identity is valid
    if (identity.isDisabled()) {
        throw new IdentityDisabledException(MessageFormat.format("Check identity can login: The identity [{0}] is disabled.", identity.getUsername()));
    }
    // two factor authentication is not configured for given identity
    if (tokenManager.isNew(preparedToken)) {
        if (// public password change page => login is needed, before password is changed
        loginDto.isSkipMustChange() || twoFactorAuthenticationManager.getTwoFactorAuthenticationType(identityId) == null) {
            preparedToken.setSecretVerified(true);
        } else {
            // two factor needed
            preparedToken.setSecretVerified(false);
        }
    }
    // create token
    IdmTokenDto token = jwtTokenMapper.createToken(identity, preparedToken);
    // check two factor authentication is required
    if (twoFactorAuthenticationManager.requireTwoFactorAuthentication(identityId, token.getId())) {
        IdmJwtAuthenticationDto authenticationDto = jwtTokenMapper.toDto(token);
        // token is needed in exception => sso login can be used and client doesn't have token
        throw new TwoFactorAuthenticationRequiredException(jwtTokenMapper.writeToken(authenticationDto));
    }
    // 
    return login(loginDto, token);
}

Example 50 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class DefaultTokenManager method disableToken.

@Override
@Transactional
public IdmTokenDto disableToken(UUID tokenId, BasePermission... permission) {
    Assert.notNull(tokenId, "Token identifier is required.");
    // 
    IdmTokenDto token = getToken(tokenId);
    if (token == null) {
        LOG.trace("Persisted token with id [{}] not found, disable token will be skipped.", tokenId);
        return null;
    }
    return disableToken(token, permission);
}