Search in sources :

Example 1 with MFAChallengeEndpoint

use of io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFAChallengeEndpoint in project gravitee-access-management by gravitee-io.

the class RootProvider method doStart.

@Override
protected void doStart() throws Exception {
    super.doStart();
    // create the root router
    final Router rootRouter = Router.router(vertx);
    // body handler
    bodyHandler(rootRouter);
    // static handler
    staticHandler(rootRouter);
    // session cookie handler
    sessionAndCookieHandler(rootRouter);
    // GraviteeContext handler
    authFlowContextHandler(rootRouter);
    // CSRF handler
    csrfHandler(rootRouter);
    // CSP Handler
    cspHandler(rootRouter);
    // common handler
    Handler<RoutingContext> userTokenRequestParseHandler = new UserTokenRequestParseHandler(userService);
    Handler<RoutingContext> clientRequestParseHandler = new ClientRequestParseHandler(clientSyncService).setRequired(true);
    Handler<RoutingContext> clientRequestParseHandlerOptional = new ClientRequestParseHandler(clientSyncService);
    Handler<RoutingContext> passwordPolicyRequestParseHandler = new PasswordPolicyRequestParseHandler(passwordService, domain);
    Handler<RoutingContext> botDetectionHandler = new BotDetectionHandler(domain, botDetectionManager);
    Handler<RoutingContext> geoIpHandler = new GeoIpHandler(vertx.eventBus());
    Handler<RoutingContext> loginAttemptHandler = new LoginAttemptHandler(domain, identityProviderManager, loginAttemptService);
    Handler<RoutingContext> rememberDeviceSettingsHandler = new RememberDeviceSettingsHandler();
    final DeviceIdentifierHandler deviceIdentifierHandler = new DeviceIdentifierHandler(deviceService);
    // Root policy chain handler
    rootRouter.route().handler(new ClientRequestParseHandler(clientSyncService).setContinueOnError(true)).handler(geoIpHandler).handler(policyChainHandler.create(ExtensionPoint.ROOT));
    // Identifier First Login route
    rootRouter.route(PATH_IDENTIFIER_FIRST_LOGIN).handler(clientRequestParseHandler).handler(botDetectionHandler).handler(new LoginSocialAuthenticationHandler(identityProviderManager, jwtService, certificateManager)).handler(new IdentifierFirstLoginEndpoint(thymeleafTemplateEngine, domain, botDetectionManager));
    // login route
    rootRouter.get(PATH_LOGIN).handler(clientRequestParseHandler).handler(new LoginSocialAuthenticationHandler(identityProviderManager, jwtService, certificateManager)).handler(policyChainHandler.create(ExtensionPoint.PRE_LOGIN)).handler(new LoginHideFormHandler(domain)).handler(new LoginEndpoint(thymeleafTemplateEngine, domain, botDetectionManager, deviceIdentifierManager));
    rootRouter.post(PATH_LOGIN).handler(clientRequestParseHandler).handler(botDetectionHandler).handler(loginAttemptHandler).handler(new LoginFormHandler(userAuthProvider)).handler(deviceIdentifierHandler).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(new LoginPostEndpoint());
    rootRouter.route(PATH_LOGIN).failureHandler(new LoginFailureHandler(authenticationFlowContextService));
    // logout route
    rootRouter.route(PATH_LOGOUT).handler(new LogoutEndpoint(domain, clientSyncService, jwtService, userService, authenticationFlowContextService, identityProviderManager, certificateManager, webClient));
    rootRouter.route(PATH_LOGOUT_CALLBACK).handler(new LogoutCallbackEndpoint(domain, clientSyncService, jwtService, userService, authenticationFlowContextService, certificateManager));
    // SSO/Social login route
    Handler<RoutingContext> socialAuthHandler = SocialAuthHandler.create(new SocialAuthenticationProvider(userAuthenticationManager, eventManager, domain));
    Handler<RoutingContext> loginCallbackParseHandler = new LoginCallbackParseHandler(clientSyncService, identityProviderManager, jwtService, certificateManager);
    Handler<RoutingContext> loginCallbackOpenIDConnectFlowHandler = new LoginCallbackOpenIDConnectFlowHandler(thymeleafTemplateEngine);
    Handler<RoutingContext> loginCallbackFailureHandler = new LoginCallbackFailureHandler(authenticationFlowContextService);
    Handler<RoutingContext> loginCallbackEndpoint = new LoginCallbackEndpoint();
    Handler<RoutingContext> loginSSOPOSTEndpoint = new LoginSSOPOSTEndpoint(thymeleafTemplateEngine);
    rootRouter.get(PATH_LOGIN_CALLBACK).handler(loginCallbackOpenIDConnectFlowHandler).handler(loginCallbackParseHandler).handler(socialAuthHandler).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(loginCallbackEndpoint).failureHandler(loginCallbackFailureHandler);
    rootRouter.post(PATH_LOGIN_CALLBACK).handler(loginCallbackOpenIDConnectFlowHandler).handler(loginCallbackParseHandler).handler(socialAuthHandler).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(loginCallbackEndpoint).failureHandler(loginCallbackFailureHandler);
    rootRouter.get(PATH_LOGIN_SSO_POST).handler(loginSSOPOSTEndpoint);
    rootRouter.get(PATH_LOGIN_SSO_SPNEGO).handler(policyChainHandler.create(ExtensionPoint.PRE_LOGIN)).handler(new LoginNegotiateAuthenticationHandler(userAuthProvider, thymeleafTemplateEngine)).handler(policyChainHandler.create(ExtensionPoint.POST_LOGIN)).handler(new LoginPostEndpoint());
    // MFA route
    rootRouter.route(PATH_MFA_ENROLL).handler(clientRequestParseHandler).handler(new MFAEnrollEndpoint(factorManager, thymeleafTemplateEngine, userService, domain));
    rootRouter.route(PATH_MFA_CHALLENGE).handler(clientRequestParseHandler).handler(rememberDeviceSettingsHandler).handler(new MFAChallengeEndpoint(factorManager, userService, thymeleafTemplateEngine, deviceService, applicationContext, domain));
    rootRouter.route(PATH_MFA_CHALLENGE_ALTERNATIVES).handler(clientRequestParseHandler).handler(new MFAChallengeAlternativesEndpoint(thymeleafTemplateEngine, factorManager));
    rootRouter.route(PATH_MFA_RECOVERY_CODE).handler(clientRequestParseHandler).handler(new MFARecoveryCodeEndpoint(thymeleafTemplateEngine, domain, userService));
    // WebAuthn route
    Handler<RoutingContext> webAuthnAccessHandler = new WebAuthnAccessHandler(domain);
    rootRouter.route(PATH_WEBAUTHN_REGISTER).handler(clientRequestParseHandler).handler(webAuthnAccessHandler).handler(new WebAuthnRegisterEndpoint(domain, userAuthenticationManager, webAuthn, thymeleafTemplateEngine));
    rootRouter.route(PATH_WEBAUTHN_LOGIN).handler(clientRequestParseHandler).handler(webAuthnAccessHandler).handler(new WebAuthnLoginEndpoint(domain, userAuthenticationManager, webAuthn, thymeleafTemplateEngine, deviceIdentifierManager, deviceService));
    rootRouter.post(PATH_WEBAUTHN_RESPONSE).handler(clientRequestParseHandler).handler(webAuthnAccessHandler).handler(new WebAuthnResponseEndpoint(userAuthenticationManager, webAuthn, credentialService, domain));
    // Registration route
    Handler<RoutingContext> registerAccessHandler = new RegisterAccessHandler(domain);
    rootRouter.route(HttpMethod.GET, PATH_REGISTER).handler(clientRequestParseHandler).handler(registerAccessHandler).handler(policyChainHandler.create(ExtensionPoint.PRE_REGISTER)).handler(new RegisterEndpoint(thymeleafTemplateEngine, domain, botDetectionManager));
    rootRouter.route(HttpMethod.POST, PATH_REGISTER).handler(new RegisterSubmissionRequestParseHandler()).handler(clientRequestParseHandlerOptional).handler(botDetectionHandler).handler(registerAccessHandler).handler(passwordPolicyRequestParseHandler).handler(new RegisterProcessHandler(userService, domain)).handler(policyChainHandler.create(ExtensionPoint.POST_REGISTER)).handler(new RegisterSubmissionEndpoint());
    rootRouter.route(PATH_REGISTER).failureHandler(new RegisterFailureHandler());
    rootRouter.route(HttpMethod.GET, PATH_CONFIRM_REGISTRATION).handler(new RegisterConfirmationRequestParseHandler(userService)).handler(clientRequestParseHandlerOptional).handler(new RegisterConfirmationEndpoint(thymeleafTemplateEngine, domain));
    rootRouter.route(HttpMethod.POST, PATH_CONFIRM_REGISTRATION).handler(new RegisterConfirmationSubmissionRequestParseHandler()).handler(userTokenRequestParseHandler).handler(passwordPolicyRequestParseHandler).handler(policyChainHandler.create(ExtensionPoint.POST_REGISTER)).handler(new RegisterConfirmationSubmissionEndpoint(userService));
    // Forgot password route
    Handler<RoutingContext> forgotPasswordAccessHandler = new ForgotPasswordAccessHandler(domain);
    rootRouter.route(HttpMethod.GET, PATH_FORGOT_PASSWORD).handler(clientRequestParseHandler).handler(forgotPasswordAccessHandler).handler(new ForgotPasswordEndpoint(thymeleafTemplateEngine, domain, botDetectionManager));
    rootRouter.route(HttpMethod.POST, PATH_FORGOT_PASSWORD).handler(new ForgotPasswordSubmissionRequestParseHandler(domain)).handler(clientRequestParseHandler).handler(botDetectionHandler).handler(forgotPasswordAccessHandler).handler(new ForgotPasswordSubmissionEndpoint(userService, domain));
    rootRouter.route(HttpMethod.GET, PATH_RESET_PASSWORD).handler(new ResetPasswordRequestParseHandler(userService)).handler(clientRequestParseHandlerOptional).handler(userTokenRequestParseHandler).handler(new ResetPasswordOneTimeTokenHandler()).handler(policyChainHandler.create(ExtensionPoint.PRE_RESET_PASSWORD)).handler(new ResetPasswordEndpoint(thymeleafTemplateEngine, domain));
    rootRouter.route(HttpMethod.POST, PATH_RESET_PASSWORD).handler(new ResetPasswordSubmissionRequestParseHandler()).handler(userTokenRequestParseHandler).handler(new ResetPasswordOneTimeTokenHandler()).handler(passwordPolicyRequestParseHandler).handler(policyChainHandler.create(ExtensionPoint.POST_RESET_PASSWORD)).handler(new ResetPasswordSubmissionEndpoint(userService));
    // error route
    rootRouter.route(HttpMethod.GET, PATH_ERROR).handler(new ErrorEndpoint(domain, thymeleafTemplateEngine, clientSyncService, jwtService));
    // error handler
    errorHandler(rootRouter);
    // mount root router
    router.mountSubRouter(path(), rootRouter);
}
Also used : RememberDeviceSettingsHandler(io.gravitee.am.gateway.handler.root.resources.handler.rememberdevice.RememberDeviceSettingsHandler) LoginCallbackEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.login.LoginCallbackEndpoint) GeoIpHandler(io.gravitee.am.gateway.handler.root.resources.handler.geoip.GeoIpHandler) WebAuthnLoginEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.webauthn.WebAuthnLoginEndpoint) RoutingContext(io.vertx.reactivex.ext.web.RoutingContext) LoginAttemptHandler(io.gravitee.am.gateway.handler.root.resources.handler.loginattempt.LoginAttemptHandler) RegisterSubmissionEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.user.register.RegisterSubmissionEndpoint) ClientRequestParseHandler(io.gravitee.am.gateway.handler.root.resources.handler.client.ClientRequestParseHandler) ResetPasswordSubmissionEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.user.password.ResetPasswordSubmissionEndpoint) LogoutEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.logout.LogoutEndpoint) PasswordPolicyRequestParseHandler(io.gravitee.am.gateway.handler.root.resources.handler.user.PasswordPolicyRequestParseHandler) Router(io.vertx.reactivex.ext.web.Router) ErrorEndpoint(io.gravitee.am.gateway.handler.common.vertx.web.endpoint.ErrorEndpoint) LoginSSOPOSTEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.login.LoginSSOPOSTEndpoint) LoginPostEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.login.LoginPostEndpoint) UserTokenRequestParseHandler(io.gravitee.am.gateway.handler.root.resources.handler.user.UserTokenRequestParseHandler) RegisterConfirmationSubmissionEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.user.register.RegisterConfirmationSubmissionEndpoint) MFAChallengeEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFAChallengeEndpoint) WebAuthnRegisterEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.webauthn.WebAuthnRegisterEndpoint) MFAChallengeAlternativesEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFAChallengeAlternativesEndpoint) SocialAuthenticationProvider(io.gravitee.am.gateway.handler.root.resources.auth.provider.SocialAuthenticationProvider) WebAuthnResponseEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.webauthn.WebAuthnResponseEndpoint) WebAuthnRegisterEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.webauthn.WebAuthnRegisterEndpoint) RegisterEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.user.register.RegisterEndpoint) BotDetectionHandler(io.gravitee.am.gateway.handler.root.resources.handler.botdetection.BotDetectionHandler) MFAEnrollEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFAEnrollEndpoint) ForgotPasswordSubmissionEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.user.password.ForgotPasswordSubmissionEndpoint) IdentifierFirstLoginEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.identifierfirst.IdentifierFirstLoginEndpoint) MFARecoveryCodeEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFARecoveryCodeEndpoint) LogoutCallbackEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.logout.LogoutCallbackEndpoint) DeviceIdentifierHandler(io.gravitee.am.gateway.handler.root.resources.handler.rememberdevice.DeviceIdentifierHandler) WebAuthnLoginEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.webauthn.WebAuthnLoginEndpoint) LoginEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.login.LoginEndpoint) IdentifierFirstLoginEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.identifierfirst.IdentifierFirstLoginEndpoint) RegisterConfirmationEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.user.register.RegisterConfirmationEndpoint) ResetPasswordEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.user.password.ResetPasswordEndpoint) ForgotPasswordEndpoint(io.gravitee.am.gateway.handler.root.resources.endpoint.user.password.ForgotPasswordEndpoint) WebAuthnAccessHandler(io.gravitee.am.gateway.handler.root.resources.handler.webauthn.WebAuthnAccessHandler)

Aggregations

ErrorEndpoint (io.gravitee.am.gateway.handler.common.vertx.web.endpoint.ErrorEndpoint)1 SocialAuthenticationProvider (io.gravitee.am.gateway.handler.root.resources.auth.provider.SocialAuthenticationProvider)1 IdentifierFirstLoginEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.identifierfirst.IdentifierFirstLoginEndpoint)1 LoginCallbackEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.login.LoginCallbackEndpoint)1 LoginEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.login.LoginEndpoint)1 LoginPostEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.login.LoginPostEndpoint)1 LoginSSOPOSTEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.login.LoginSSOPOSTEndpoint)1 LogoutCallbackEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.logout.LogoutCallbackEndpoint)1 LogoutEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.logout.LogoutEndpoint)1 MFAChallengeAlternativesEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFAChallengeAlternativesEndpoint)1 MFAChallengeEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFAChallengeEndpoint)1 MFAEnrollEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFAEnrollEndpoint)1 MFARecoveryCodeEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.mfa.MFARecoveryCodeEndpoint)1 ForgotPasswordEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.user.password.ForgotPasswordEndpoint)1 ForgotPasswordSubmissionEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.user.password.ForgotPasswordSubmissionEndpoint)1 ResetPasswordEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.user.password.ResetPasswordEndpoint)1 ResetPasswordSubmissionEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.user.password.ResetPasswordSubmissionEndpoint)1 RegisterConfirmationEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.user.register.RegisterConfirmationEndpoint)1 RegisterConfirmationSubmissionEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.user.register.RegisterConfirmationSubmissionEndpoint)1 RegisterEndpoint (io.gravitee.am.gateway.handler.root.resources.endpoint.user.register.RegisterEndpoint)1