Examples with EndUserAuthentication io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication used on opensource projects

Search in sources :

Example 1 with EndUserAuthentication

use of io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication in project gravitee-access-management by gravitee-io.

the class UserAuthProviderImpl method authenticate.

@Override
public void authenticate(RoutingContext context, JsonObject authInfo, Handler<AsyncResult<User>> handler) {
    String username = authInfo.getString(USERNAME_PARAMETER);
    String password = authInfo.getString(PASSWORD_PARAMETER);
    String clientId = authInfo.getString(Parameters.CLIENT_ID);
    String ipAddress = authInfo.getString(Claims.ip_address);
    String userAgent = authInfo.getString(Claims.user_agent);
    parseClient(clientId, parseClientHandler -> {
        if (parseClientHandler.failed()) {
            logger.error("Authentication failure: unable to retrieve client " + clientId, parseClientHandler.cause());
            handler.handle(Future.failedFuture(parseClientHandler.cause()));
            return;
        }
        // retrieve the client (application)
        final Client client = parseClientHandler.result();
        // end user authentication
        SimpleAuthenticationContext authenticationContext = new SimpleAuthenticationContext(new VertxHttpServerRequest(context.request().getDelegate()));
        final Authentication authentication = new EndUserAuthentication(username, password, authenticationContext);
        authenticationContext.set(Claims.ip_address, ipAddress);
        authenticationContext.set(Claims.user_agent, userAgent);
        authenticationContext.set(Claims.domain, client.getDomain());
        userAuthenticationManager.authenticate(client, authentication).subscribe(user -> handler.handle(Future.succeededFuture(new io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User(user))), error -> handler.handle(Future.failedFuture(error)));
    });
}
Also used : Authentication(io.gravitee.am.identityprovider.api.Authentication) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication) User(io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) Client(io.gravitee.am.model.oidc.Client) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)

Example 2 with EndUserAuthentication

use of io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication in project gravitee-access-management by gravitee-io.

the class WebAuthnResponseEndpoint method authenticateUser.

private void authenticateUser(AuthenticationContext authenticationContext, Client client, String username, Handler<AsyncResult<User>> handler) {
    final Authentication authentication = new EndUserAuthentication(username, null, authenticationContext);
    userAuthenticationManager.authenticate(client, authentication, true).subscribe(user -> handler.handle(Future.succeededFuture(new io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User(user))), error -> handler.handle(Future.failedFuture(error)));
}
Also used : Authentication(io.gravitee.am.identityprovider.api.Authentication) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)

Example 3 with EndUserAuthentication

use of io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication in project gravitee-access-management by gravitee-io.

the class LogoutEndpoint method evaluateSingleSignOut.

/**
 * Check if the single sign out feature is requested, if yes return the delegated OP end session endpoint URL
 * @param routingContext the routing context
 * @param handler handler holding the potential delegated OP end session endpoint URL
 */
private void evaluateSingleSignOut(RoutingContext routingContext, Handler<AsyncResult<String>> handler) {
    final Client client = routingContext.get(ConstantKeys.CLIENT_CONTEXT_KEY);
    final User endUser = routingContext.get(ConstantKeys.USER_CONTEXT_KEY) != null ? routingContext.get(ConstantKeys.USER_CONTEXT_KEY) : (routingContext.user() != null ? ((io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User) routingContext.user().getDelegate()).getUser() : null);
    // if no client, continue
    if (client == null) {
        handler.handle(Future.succeededFuture());
        return;
    }
    // if single sign out feature disabled, continue
    if (!client.isSingleSignOut()) {
        handler.handle(Future.succeededFuture());
        return;
    }
    // if no user, continue
    if (endUser == null) {
        handler.handle(Future.succeededFuture());
        return;
    }
    // generate the delegated OP logout request
    final Authentication authentication = new EndUserAuthentication(endUser, null, new SimpleAuthenticationContext(new VertxHttpServerRequest(routingContext.request().getDelegate())));
    identityProviderManager.get(endUser.getSource()).filter(provider -> provider instanceof SocialAuthenticationProvider).flatMap(provider -> ((SocialAuthenticationProvider) provider).signOutUrl(authentication)).flatMap(logoutRequest -> generateLogoutCallback(routingContext, endUser, logoutRequest)).subscribe(endpoint -> handler.handle(Future.succeededFuture(endpoint)), err -> {
        LOGGER.warn("Unable to sign the end user out of the external OIDC '{}', only sign out of AM", client.getClientId(), err);
        handler.handle(Future.succeededFuture());
    }, () -> handler.handle(Future.succeededFuture()));
}
Also used : Client(io.gravitee.am.model.oidc.Client) Authentication(io.gravitee.am.identityprovider.api.Authentication) Maybe(io.reactivex.Maybe) LoggerFactory(org.slf4j.LoggerFactory) IdentityProviderManager(io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager) UserService(io.gravitee.am.gateway.handler.root.service.user.UserService) ConstantKeys(io.gravitee.am.common.utils.ConstantKeys) JWTService(io.gravitee.am.gateway.handler.common.jwt.JWTService) ClientSyncService(io.gravitee.am.gateway.handler.common.client.ClientSyncService) AsyncResult(io.vertx.core.AsyncResult) User(io.gravitee.am.model.User) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) SocialAuthenticationProvider(io.gravitee.am.identityprovider.api.social.SocialAuthenticationProvider) UriBuilder(io.gravitee.am.common.web.UriBuilder) AuthenticationFlowContextService(io.gravitee.am.service.AuthenticationFlowContextService) RequestUtils(io.gravitee.am.gateway.handler.common.vertx.utils.RequestUtils) Logger(org.slf4j.Logger) HttpServerRequest(io.vertx.reactivex.core.http.HttpServerRequest) JWT(io.gravitee.am.common.jwt.JWT) CertificateManager(io.gravitee.am.gateway.handler.common.certificate.CertificateManager) Request(io.gravitee.am.identityprovider.api.common.Request) Domain(io.gravitee.am.model.Domain) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) Future(io.vertx.core.Future) RoutingContext(io.vertx.reactivex.ext.web.RoutingContext) WebClient(io.vertx.reactivex.ext.web.client.WebClient) UserNotFoundException(io.gravitee.am.service.exception.UserNotFoundException) UriBuilderRequest(io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest) MultiMap(io.vertx.reactivex.core.MultiMap) UserToken(io.gravitee.am.gateway.handler.root.service.user.model.UserToken) Parameters(io.gravitee.am.common.oidc.Parameters) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication) CONTEXT_PATH(io.gravitee.am.gateway.handler.common.vertx.utils.UriBuilderRequest.CONTEXT_PATH) Handler(io.vertx.core.Handler) StringUtils(org.springframework.util.StringUtils) User(io.gravitee.am.model.User) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) VertxHttpServerRequest(io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest) Authentication(io.gravitee.am.identityprovider.api.Authentication) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication) Client(io.gravitee.am.model.oidc.Client) WebClient(io.vertx.reactivex.ext.web.client.WebClient) SocialAuthenticationProvider(io.gravitee.am.identityprovider.api.social.SocialAuthenticationProvider) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)

Example 4 with EndUserAuthentication

use of io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication in project gravitee-access-management by gravitee-io.

the class UserAuthenticationServiceImpl method loadPreAuthenticatedUser.

@Override
public Maybe<User> loadPreAuthenticatedUser(String subject, Request request) {
    // find user by its technical id
    return userService.findById(subject).switchIfEmpty(Maybe.error(new UserNotFoundException(subject))).flatMap(user -> isIndefinitelyLocked(user) ? Maybe.error(new AccountLockedException("User " + user.getUsername() + " is locked")) : Maybe.just(user)).flatMap(user -> identityProviderManager.get(user.getSource()).flatMap(authenticationProvider -> {
        SimpleAuthenticationContext authenticationContext = new SimpleAuthenticationContext(request);
        final Authentication authentication = new EndUserAuthentication(user, null, authenticationContext);
        return authenticationProvider.loadPreAuthenticatedUser(authentication);
    }).flatMap(idpUser -> {
        // retrieve information from the idp user and update the user
        Map<String, Object> additionalInformation = idpUser.getAdditionalInformation() == null ? new HashMap<>() : new HashMap<>(idpUser.getAdditionalInformation());
        additionalInformation.put(SOURCE_FIELD, user.getSource());
        additionalInformation.put(Parameters.CLIENT_ID, user.getClient());
        ((DefaultUser) idpUser).setAdditionalInformation(additionalInformation);
        return update(user, idpUser, false).flatMap(userService::enhance).toMaybe();
    }).switchIfEmpty(Maybe.defer(() -> userService.enhance(user).toMaybe())));
}
Also used : UserNotFoundException(io.gravitee.am.service.exception.UserNotFoundException) Claims(io.gravitee.am.common.oidc.idtoken.Claims) Client(io.gravitee.am.model.oidc.Client) Date(java.util.Date) Completable(io.reactivex.Completable) Authentication(io.gravitee.am.identityprovider.api.Authentication) Maybe(io.reactivex.Maybe) LoggerFactory(org.slf4j.LoggerFactory) IdentityProviderManager(io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager) Autowired(org.springframework.beans.factory.annotation.Autowired) HashMap(java.util.HashMap) EmailService(io.gravitee.am.gateway.handler.common.email.EmailService) AuditService(io.gravitee.am.service.AuditService) Single(io.reactivex.Single) DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) UserAuthenticationService(io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationService) Request(io.gravitee.gateway.api.Request) AuditBuilder(io.gravitee.am.service.reporter.builder.AuditBuilder) Map(java.util.Map) ReferenceType(io.gravitee.am.model.ReferenceType) User(io.gravitee.am.model.User) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) StandardClaims(io.gravitee.am.common.oidc.StandardClaims) Logger(org.slf4j.Logger) AccountDisabledException(io.gravitee.am.common.exception.authentication.AccountDisabledException) Optional.ofNullable(java.util.Optional.ofNullable) Domain(io.gravitee.am.model.Domain) EventType(io.gravitee.am.common.audit.EventType) OIDC_PROVIDER_ID_ACCESS_TOKEN_KEY(io.gravitee.am.common.utils.ConstantKeys.OIDC_PROVIDER_ID_ACCESS_TOKEN_KEY) UserNotFoundException(io.gravitee.am.service.exception.UserNotFoundException) LoginAttemptCriteria(io.gravitee.am.repository.management.api.search.LoginAttemptCriteria) UserAuditBuilder(io.gravitee.am.service.reporter.builder.management.UserAuditBuilder) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication) UserService(io.gravitee.am.gateway.handler.common.user.UserService) Template(io.gravitee.am.model.Template) AccountLockedException(io.gravitee.am.common.exception.authentication.AccountLockedException) OIDC_PROVIDER_ID_TOKEN_KEY(io.gravitee.am.common.utils.ConstantKeys.OIDC_PROVIDER_ID_TOKEN_KEY) Parameters(io.gravitee.am.common.oauth2.Parameters) AccountSettings(io.gravitee.am.model.account.AccountSettings) AccountLockedException(io.gravitee.am.common.exception.authentication.AccountLockedException) DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) Authentication(io.gravitee.am.identityprovider.api.Authentication) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)

Example 5 with EndUserAuthentication

use of io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication in project gravitee-access-management by gravitee-io.

the class ResourceOwnerPasswordCredentialsTokenGranter method resolveResourceOwner.

@Override
protected Maybe<User> resolveResourceOwner(TokenRequest tokenRequest, Client client) {
    String username = tokenRequest.getUsername();
    String password = tokenRequest.getPassword();
    return userAuthenticationManager.authenticate(client, new EndUserAuthentication(username, password, new SimpleAuthenticationContext(tokenRequest))).onErrorResumeNext(ex -> Single.error(new InvalidGrantException(ex.getMessage()))).toMaybe();
}
Also used : InvalidGrantException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException) GrantType(io.gravitee.am.common.oauth2.GrantType) UserAuthenticationManager(io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationManager) TokenRequest(io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest) Client(io.gravitee.am.model.oidc.Client) MultiValueMap(io.gravitee.common.util.MultiValueMap) Maybe(io.reactivex.Maybe) AbstractTokenGranter(io.gravitee.am.gateway.handler.oauth2.service.granter.AbstractTokenGranter) TokenService(io.gravitee.am.gateway.handler.oauth2.service.token.TokenService) Single(io.reactivex.Single) InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException) USERNAME(io.gravitee.am.common.oauth2.Parameters.USERNAME) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication) TokenRequestResolver(io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequestResolver) PASSWORD(io.gravitee.am.common.oauth2.Parameters.PASSWORD) User(io.gravitee.am.model.User) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) InvalidGrantException(io.gravitee.am.gateway.handler.oauth2.exception.InvalidGrantException) EndUserAuthentication(io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)

Aggregations

EndUserAuthentication (io.gravitee.am.gateway.handler.common.auth.user.EndUserAuthentication)8 SimpleAuthenticationContext (io.gravitee.am.identityprovider.api.SimpleAuthenticationContext)7 Authentication (io.gravitee.am.identityprovider.api.Authentication)6 Client (io.gravitee.am.model.oidc.Client)6 User (io.gravitee.am.model.User)5 Maybe (io.reactivex.Maybe)5 Domain (io.gravitee.am.model.Domain)4 Logger (org.slf4j.Logger)4 LoggerFactory (org.slf4j.LoggerFactory)4 Parameters (io.gravitee.am.common.oauth2.Parameters)3 IdentityProviderManager (io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager)3 UserAuthenticationManager (io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationManager)3 VertxHttpServerRequest (io.gravitee.am.gateway.handler.common.vertx.core.http.VertxHttpServerRequest)3 DefaultUser (io.gravitee.am.identityprovider.api.DefaultUser)3 Single (io.reactivex.Single)3 ConstantKeys (io.gravitee.am.common.utils.ConstantKeys)2 AuthenticationDetails (io.gravitee.am.gateway.handler.common.auth.AuthenticationDetails)2 AuthenticationEvent (io.gravitee.am.gateway.handler.common.auth.event.AuthenticationEvent)2 UserAuthenticationService (io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationService)2 UserService (io.gravitee.am.gateway.handler.common.user.UserService)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial