Example 61 with RestartResponseException
use of org.apache.wicket.RestartResponseException in project midpoint by Evolveum.
the class PageRegistrationBase method initPostAuthenticationConfiguration.
private void initPostAuthenticationConfiguration() {
SecurityPolicyType securityPolicy = resolveSecurityPolicy();
this.postAuthenticationDto = new SelfRegistrationDto();
try {
this.postAuthenticationDto.initPostAuthenticationDto(securityPolicy);
} catch (SchemaException e) {
LOGGER.error("Failed to initialize self registration configuration.", e);
getSession().error(createStringResource("PageSelfRegistration.selfRegistration.configuration.init.failed").getString());
throw new RestartResponseException(PageLogin.class);
}
}
Also used :
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
RestartResponseException(org.apache.wicket.RestartResponseException)
SecurityPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType)
Example 62 with RestartResponseException
use of org.apache.wicket.RestartResponseException in project midpoint by Evolveum.
the class PageRegistrationFinish method init.
private void init() {
OperationResult result = new OperationResult(OPERATION_FINISH_REGISTRATION);
try {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!authentication.isAuthenticated()) {
LOGGER.error("Unauthenticated request");
String msg = createStringResource("PageSelfRegistration.unauthenticated").getString();
getSession().error(createStringResource(msg));
result.recordFatalError(msg);
initLayout(result);
throw new RestartResponseException(PageSelfRegistration.class);
}
FocusType user = ((MidPointPrincipal) authentication.getPrincipal()).getFocus();
PrismObject<UserType> administrator = getAdministratorPrivileged(result);
assignDefaultRoles(user.getOid(), administrator, result);
result.computeStatus();
if (result.getStatus() == OperationResultStatus.FATAL_ERROR) {
LOGGER.error("Failed to assign default roles, {}", result.getMessage());
} else {
NonceType nonceClone = user.getCredentials().getNonce().clone();
removeNonceAndSetLifecycleState(user.getOid(), nonceClone, administrator, result);
assignAdditionalRoleIfPresent(user.getOid(), nonceClone, administrator, result);
result.computeStatus();
}
initLayout(result);
} catch (CommonException | AuthenticationException e) {
result.computeStatus();
initLayout(result);
}
}
Also used :
RestartResponseException(org.apache.wicket.RestartResponseException)
AuthenticationException(org.springframework.security.core.AuthenticationException)
Authentication(org.springframework.security.core.Authentication)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
CommonException(com.evolveum.midpoint.util.exception.CommonException)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 63 with RestartResponseException
use of org.apache.wicket.RestartResponseException in project midpoint by Evolveum.
the class PageSecurityQuestions method loadUserAndSecurityQuestions.
private void loadUserAndSecurityQuestions(PageParameters parameters) {
String userOid = parameters.get(SESSION_ATTRIBUTE_POID).toString();
LOGGER.trace("Processing security questions for user {}", userOid);
PrismObject<UserType> user = runPrivileged((Producer<PrismObject<UserType>>) () -> {
Task task = createAnonymousTask(OPERATION_LOAD_USER);
OperationResult subResult = task.getResult();
try {
Collection<SelectorOptions<GetOperationOptions>> options = SelectorOptions.createCollection(GetOperationOptions.createNoFetch());
return getModelService().getObject(UserType.class, userOid, options, task, subResult);
} catch (ObjectNotFoundException | SchemaException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
LOGGER.error("Error getting user {}: {}", userOid, e.getMessage(), e);
// we do not want to provide any information to the attacker.
return null;
}
});
this.user = user;
if (user == null) {
// TODO
throw new RestartResponseException(PageLogin.class);
}
questions = new PasswordQuestionsDto(userOid);
questions.setUserQuestionAnswers(createUsersSecurityQuestionsList(user));
}
Also used :
PrismObject(com.evolveum.midpoint.prism.PrismObject)
Task(com.evolveum.midpoint.task.api.Task)
GetOperationOptions(com.evolveum.midpoint.schema.GetOperationOptions)
RestartResponseException(org.apache.wicket.RestartResponseException)
Collection(java.util.Collection)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
PasswordQuestionsDto(com.evolveum.midpoint.web.page.admin.home.dto.PasswordQuestionsDto)
Example 64 with RestartResponseException
use of org.apache.wicket.RestartResponseException in project midpoint by Evolveum.
the class PageSecurityQuestions method resetPassword.
private void resetPassword(UserType user, AjaxRequestTarget target) {
Task task = createAnonymousTask(OPERATION_RESET_PASSWORD);
OperationResult result = task.getResult();
LOGGER.debug("Resetting password for {}", user);
ProtectedStringType password = new ProtectedStringType();
PrismObject<SystemConfigurationType> systemConfig = null;
String newPassword = "";
PageBase page = (PageBase) getPage();
ModelService modelService = page.getModelService();
try {
systemConfig = modelService.getObject(SystemConfigurationType.class, SystemObjectsType.SYSTEM_CONFIGURATION.value(), null, task, result);
LOGGER.trace("system config {}", systemConfig);
CredentialsPolicyType credentialsPolicy = getModelInteractionService().getCredentialsPolicy(user.asPrismObject(), task, result);
String policyOid = null;
if (credentialsPolicy != null && credentialsPolicy.getPassword() != null) {
if (credentialsPolicy.getPassword().getValuePolicyRef() != null) {
policyOid = credentialsPolicy.getPassword().getValuePolicyRef().getOid();
}
}
if (policyOid == null) {
warn(getString("pageSecurityQuestions.message.noPolicySet"));
target.add(getFeedbackPanel());
return;
}
PrismObject<ValuePolicyType> valPolicy = modelService.getObject(ValuePolicyType.class, policyOid, null, task, result);
LOGGER.trace("password value policy {}", valPolicy);
newPassword = getModelInteractionService().generateValue(valPolicy.asObjectable(), valPolicy.asObjectable().getStringPolicy().getLimitations().getMinLength(), false, user.asPrismObject(), "security questions password generation", task, result);
} catch (CommonException e1) {
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't reset password", e1);
}
password.setClearValue(newPassword);
WebComponentUtil.encryptProtectedString(password, true, getMidpointApplication());
final ItemPath valuePath = ItemPath.create(SchemaConstantsGenerated.C_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE);
SchemaRegistry registry = getPrismContext().getSchemaRegistry();
Collection<ObjectDelta<? extends ObjectType>> deltas = new ArrayList<>();
PrismObjectDefinition objDef = registry.findObjectDefinitionByCompileTimeClass(UserType.class);
PropertyDelta delta = getPrismContext().deltaFactory().property().createModificationReplaceProperty(valuePath, objDef, password);
Class<? extends ObjectType> type = UserType.class;
deltas.add(getPrismContext().deltaFactory().object().createModifyDelta(user.getOid(), delta, type));
try {
modelService.executeChanges(deltas, null, task, result);
OperationResult parentResult = new OperationResult(OPERATION_LOAD_RESET_PASSWORD_POLICY);
try {
// TODO should we really ignore user-specific security policy?
CredentialsPolicyType globalCredentialsPolicy = getModelInteractionService().getCredentialsPolicy(null, null, parentResult);
CredentialsResetTypeType resetType = globalCredentialsPolicy != null && globalCredentialsPolicy.getSecurityQuestions() != null && globalCredentialsPolicy.getSecurityQuestions().getResetMethod() != null ? globalCredentialsPolicy.getSecurityQuestions().getResetMethod().getResetType() : null;
if (resetType == null || resetType == CredentialsResetTypeType.SECURITY_QUESTIONS) {
getSession().setAttribute("pwdReset", newPassword);
setResponsePage(PageShowPassword.class);
} else if (resetType == CredentialsResetTypeType.SECURITY_QUESTIONS_EMAIL) {
// not checked
if (systemConfig.asObjectable().getNotificationConfiguration() != null && systemConfig.asObjectable().getNotificationConfiguration().getMail() != null) {
MailConfigurationType mailConfig = systemConfig.asObjectable().getNotificationConfiguration().getMail();
if (mailConfig.getServer() != null) {
List serverList = mailConfig.getServer();
if (serverList.size() > 0) {
MailServerConfigurationType mailServerType = mailConfig.getServer().get(0);
sendMailToUser(mailServerType.getUsername(), getMidpointApplication().getProtector().decryptString(mailServerType.getPassword()), newPassword, mailServerType.getHost(), mailServerType.getPort().toString(), mailConfig.getDefaultFrom(), user.getEmailAddress());
} else {
getSession().error(getString("pageLogin.message.ForgetPasswordSettingsWrong"));
throw new RestartResponseException(PageLogin.class);
}
} else {
getSession().error(getString("pageLogin.message.ForgetPasswordSettingsWrong"));
throw new RestartResponseException(PageLogin.class);
}
} else {
getSession().error(getString("pageLogin.message.ForgetPasswordSettingsWrong"));
throw new RestartResponseException(PageLogin.class);
}
}
} catch (ObjectNotFoundException | SchemaException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// TODO ASAP a message should be shown as the result of the process
// MailMessage mailMessage=new MailMessage(, port);
// mailTransport.send(mailMessage, transportName, task,
// parentResult);
} catch (ObjectAlreadyExistsException | ObjectNotFoundException | SchemaException | ExpressionEvaluationException | CommunicationException | ConfigurationException | PolicyViolationException | SecurityViolationException | EncryptionException e) {
LoggingUtils.logUnexpectedException(LOGGER, "reset password exception", e);
}
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
ArrayList(java.util.ArrayList)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException)
PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta)
List(java.util.List)
ArrayList(java.util.ArrayList)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
PrismObjectDefinition(com.evolveum.midpoint.prism.PrismObjectDefinition)
PageLogin(com.evolveum.midpoint.web.page.login.PageLogin)
PageBase(com.evolveum.midpoint.gui.api.page.PageBase)
ModelService(com.evolveum.midpoint.model.api.ModelService)
RestartResponseException(org.apache.wicket.RestartResponseException)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
SchemaRegistry(com.evolveum.midpoint.prism.schema.SchemaRegistry)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 65 with RestartResponseException
use of org.apache.wicket.RestartResponseException in project midpoint by Evolveum.
the class PageSecurityQuestions method initLayout.
public void initLayout() {
Form mainForm = new MidpointForm(ID_MAIN_FORM);
pqPanels = new ArrayList<>();
PrismObject<SecurityPolicyType> securityPolicy = getGlobalSecurityPolicy();
LOGGER.trace("Found security policy: {}", securityPolicy);
if (securityPolicy == null) {
LOGGER.error("No security policy, cannot process security questions");
// we do not want to provide any information to the attacker.
throw new RestartResponseException(PageError.class);
}
SecurityQuestionsCredentialsPolicyType secQuestionsPolicy = securityPolicy.asObjectable().getCredentials() != null ? securityPolicy.asObjectable().getCredentials().getSecurityQuestions() : null;
questionNumber = secQuestionsPolicy != null ? secQuestionsPolicy.getQuestionNumber() : 1;
questionList = secQuestionsPolicy != null ? secQuestionsPolicy.getQuestion() : new ArrayList<>();
List<SecurityQuestionAnswerDTO> userQuestionAnswerList = questions.getUserQuestionAnswers();
if (userQuestionAnswerList == null) {
getSession().error(getString("pageForgetPassword.message.ContactAdminQuestionsNotSet"));
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(null);
throw new RestartResponseException(PageForgotPassword.class);
}
int panelNumber = 0;
// Loop for finding the preset questions from the Policy Questions
for (SecurityQuestionDefinitionType question : questionList) {
// user's question List loop to match the questions
for (SecurityQuestionAnswerDTO questionAnswer : userQuestionAnswerList) {
// if the question is in the policy check
if (questionAnswer.getPwdQuestionIdentifier().equalsIgnoreCase(question.getIdentifier())) {
LoadableModel<SecurityQuestionAnswerDTO> model = new LoadableModel<SecurityQuestionAnswerDTO>() {
@Override
protected SecurityQuestionAnswerDTO load() {
SecurityQuestionAnswerDTO a = new SecurityQuestionAnswerDTO(questionAnswer.getPwdQuestionIdentifier(), "", questionAnswer.getPwdQuestion());
a = checkIfQuestionIsValid(a, questionList);
return a;
}
};
MyPasswordQuestionsPanel panel = new MyPasswordQuestionsPanel(ID_QUESTION_ANSWER_PANEL, model);
panel.getBaseFormComponent().setRequired(true);
pqPanels.add(panel);
panelNumber++;
}
}
if (panelNumber == questionNumber) {
// we have enough
break;
}
}
if (panelNumber < questionNumber) {
getSession().error(getString("pageForgetPassword.message.ContactAdminQuestionsNotSetEnough"));
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(null);
throw new RestartResponseException(PageForgotPassword.class);
}
add(mainForm);
mainForm.add(getPanels(pqPanels));
initButtons(mainForm);
}
Also used :
MidpointForm(com.evolveum.midpoint.web.component.form.MidpointForm)
Form(org.apache.wicket.markup.html.form.Form)
ArrayList(java.util.ArrayList)
MidpointForm(com.evolveum.midpoint.web.component.form.MidpointForm)
RestartResponseException(org.apache.wicket.RestartResponseException)
SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)
SecurityContext(org.springframework.security.core.context.SecurityContext)
LoadableModel(com.evolveum.midpoint.gui.api.model.LoadableModel)
MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)
Aggregations
RestartResponseException (org.apache.wicket.RestartResponseException)73
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)36
Task (com.evolveum.midpoint.task.api.Task)27
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)20
ArrayList (java.util.ArrayList)10
PrismObject (com.evolveum.midpoint.prism.PrismObject)8
CommonException (com.evolveum.midpoint.util.exception.CommonException)8
SecurityPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType)8
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)6
UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)6
WrapperContext (com.evolveum.midpoint.gui.api.factory.wrapper.WrapperContext)5
PageBase (com.evolveum.midpoint.gui.api.page.PageBase)5
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)5
ObjectNotFoundException (com.evolveum.midpoint.util.exception.ObjectNotFoundException)5
PageError (com.evolveum.midpoint.web.page.error.PageError)5
ResourceType (com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType)4
Collection (java.util.Collection)4
AjaxRequestTarget (org.apache.wicket.ajax.AjaxRequestTarget)4
IModel (org.apache.wicket.model.IModel)4
StringValue (org.apache.wicket.util.string.StringValue)4
