Example 1 with TwoFactorWebAuthenticationDetails
use of org.hisp.dhis.security.spring2fa.TwoFactorWebAuthenticationDetails in project dhis2-core by dhis2.
the class AuthenticationListener method handleAuthenticationSuccess.
@EventListener({ InteractiveAuthenticationSuccessEvent.class, AuthenticationSuccessEvent.class })
public void handleAuthenticationSuccess(AbstractAuthenticationEvent event) {
Authentication auth = event.getAuthentication();
String username = event.getAuthentication().getName();
Object details = auth.getDetails();
if (TwoFactorWebAuthenticationDetails.class.isAssignableFrom(details.getClass())) {
TwoFactorWebAuthenticationDetails authDetails = (TwoFactorWebAuthenticationDetails) details;
log.debug(String.format("Login attempt succeeded for remote IP: %s", authDetails.getIp()));
}
if (OAuth2LoginAuthenticationToken.class.isAssignableFrom(auth.getClass())) {
OAuth2LoginAuthenticationToken authenticationToken = (OAuth2LoginAuthenticationToken) auth;
DhisOidcUser principal = (DhisOidcUser) authenticationToken.getPrincipal();
username = principal.getUser().getUsername();
WebAuthenticationDetails tokenDetails = (WebAuthenticationDetails) authenticationToken.getDetails();
String remoteAddress = tokenDetails.getRemoteAddress();
log.debug(String.format("OIDC login attempt succeeded for remote IP: %s", remoteAddress));
}
registerSuccessfulLogin(username);
}
Also used :
TwoFactorWebAuthenticationDetails(org.hisp.dhis.security.spring2fa.TwoFactorWebAuthenticationDetails)
DhisOidcUser(org.hisp.dhis.security.oidc.DhisOidcUser)
Authentication(org.springframework.security.core.Authentication)
WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails)
TwoFactorWebAuthenticationDetails(org.hisp.dhis.security.spring2fa.TwoFactorWebAuthenticationDetails)
OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)
EventListener(org.springframework.context.event.EventListener)
Example 2 with TwoFactorWebAuthenticationDetails
use of org.hisp.dhis.security.spring2fa.TwoFactorWebAuthenticationDetails in project dhis2-core by dhis2.
the class AccountController method authenticate.
private void authenticate(String username, String rawPassword, Collection<GrantedAuthority> authorities, HttpServletRequest request) {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, rawPassword, authorities);
token.setDetails(new TwoFactorWebAuthenticationDetails(request));
Authentication auth = twoFactorAuthenticationProvider.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
HttpSession session = request.getSession();
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
}
Also used :
TwoFactorWebAuthenticationDetails(org.hisp.dhis.security.spring2fa.TwoFactorWebAuthenticationDetails)
Authentication(org.springframework.security.core.Authentication)
HttpSession(javax.servlet.http.HttpSession)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Example 3 with TwoFactorWebAuthenticationDetails
use of org.hisp.dhis.security.spring2fa.TwoFactorWebAuthenticationDetails in project dhis2-core by dhis2.
the class AuthenticationListener method handleAuthenticationFailure.
@EventListener
public void handleAuthenticationFailure(AbstractAuthenticationFailureEvent event) {
Authentication auth = event.getAuthentication();
String username = event.getAuthentication().getName();
Object details = auth.getDetails();
if (details != null && TwoFactorWebAuthenticationDetails.class.isAssignableFrom(details.getClass())) {
TwoFactorWebAuthenticationDetails authDetails = (TwoFactorWebAuthenticationDetails) details;
log.debug(String.format("Login attempt failed for remote IP: %s", authDetails.getIp()));
}
if (OAuth2LoginAuthenticationToken.class.isAssignableFrom(auth.getClass())) {
OAuth2LoginAuthenticationToken authenticationToken = (OAuth2LoginAuthenticationToken) auth;
DhisOidcUser principal = (DhisOidcUser) authenticationToken.getPrincipal();
if (principal != null) {
username = principal.getUser().getUsername();
}
WebAuthenticationDetails tokenDetails = (WebAuthenticationDetails) authenticationToken.getDetails();
String remoteAddress = tokenDetails.getRemoteAddress();
log.debug(String.format("OIDC login attempt failed for remote IP: %s", remoteAddress));
}
securityService.registerFailedLogin(username);
}
Also used :
TwoFactorWebAuthenticationDetails(org.hisp.dhis.security.spring2fa.TwoFactorWebAuthenticationDetails)
DhisOidcUser(org.hisp.dhis.security.oidc.DhisOidcUser)
Authentication(org.springframework.security.core.Authentication)
WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails)
TwoFactorWebAuthenticationDetails(org.hisp.dhis.security.spring2fa.TwoFactorWebAuthenticationDetails)
OAuth2LoginAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)
EventListener(org.springframework.context.event.EventListener)
Aggregations
TwoFactorWebAuthenticationDetails (org.hisp.dhis.security.spring2fa.TwoFactorWebAuthenticationDetails)3
Authentication (org.springframework.security.core.Authentication)3
DhisOidcUser (org.hisp.dhis.security.oidc.DhisOidcUser)2
EventListener (org.springframework.context.event.EventListener)2
OAuth2LoginAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken)2
WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)2
HttpSession (javax.servlet.http.HttpSession)1
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1
