Example 51 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project credhub by cloudfoundry-incubator.
the class UserContextFactoryTest method getAclUser_fromMtlsCertificate_returnsAppGuid.
@Test
public void getAclUser_fromMtlsCertificate_returnsAppGuid() throws Exception {
final PreAuthenticatedAuthenticationToken authenticationToken = setupMtlsMock();
UserContext context = subject.createUserContext(authenticationToken);
assertThat(context.getActor(), equalTo("mtls-app:e054393e-c9c3-478b-9047-e6d05c307bf2"));
}
Also used :
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Test(org.junit.Test)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Example 52 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project credhub by cloudfoundry-incubator.
the class UserContextFactoryTest method fromAuthentication_handlesMtlsAuth.
@Test
public void fromAuthentication_handlesMtlsAuth() throws Exception {
PreAuthenticatedAuthenticationToken mtlsAuth = setupMtlsMock();
UserContext context = subject.createUserContext(mtlsAuth);
assertThat(context.getUserName(), equalTo(null));
assertThat(context.getUserId(), equalTo(null));
assertThat(context.getIssuer(), equalTo(null));
assertThat(context.getScope(), equalTo(null));
assertThat(context.getValidFrom(), equalTo(1413495264L));
assertThat(context.getValidUntil(), equalTo(1413538464L));
assertThat(context.getClientId(), equalTo("CN=test_cn,OU=app:e054393e-c9c3-478b-9047-e6d05c307bf2"));
assertThat(context.getAuthMethod(), equalTo(AUTH_METHOD_MUTUAL_TLS));
}
Also used :
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Test(org.junit.Test)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Example 53 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class DataImport method provideFakeSecurityContext.
protected SecurityContext provideFakeSecurityContext() throws SchemaException {
// We need to provide a fake Spring security context here.
// We have to fake it because we do not have anything in the repository yet. And to get
// something to the repository we need a context. Chicken and egg. So we fake the egg.
SecurityContext securityContext = SecurityContextHolder.getContext();
UserType userAdministrator = new UserType();
prismContext.adopt(userAdministrator);
userAdministrator.setName(new PolyStringType(new PolyString("initAdmin", "initAdmin")));
MidPointPrincipal principal = new MidPointPrincipal(userAdministrator);
AuthorizationType superAutzType = new AuthorizationType();
prismContext.adopt(superAutzType, RoleType.class, RoleType.F_AUTHORIZATION);
superAutzType.getAction().add(AuthorizationConstants.AUTZ_ALL_URL);
Authorization superAutz = new Authorization(superAutzType);
Collection<Authorization> authorities = principal.getAuthorities();
authorities.add(superAutz);
Authentication authentication = new PreAuthenticatedAuthenticationToken(principal, null);
securityContext.setAuthentication(authentication);
return securityContext;
}
Also used :
PolyStringType(com.evolveum.prism.xml.ns._public.types_3.PolyStringType)
Authorization(com.evolveum.midpoint.security.api.Authorization)
Authentication(org.springframework.security.core.Authentication)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
SecurityContext(org.springframework.security.core.context.SecurityContext)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 54 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class MidpointSaml2LogoutRequestResolver method resolve.
@Override
public Saml2LogoutRequest resolve(HttpServletRequest httpServletRequest, Authentication authentication) {
Saml2AuthenticationToken token = null;
if (authentication instanceof MidpointAuthentication) {
ModuleAuthentication authModule = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
if (authModule instanceof Saml2ModuleAuthenticationImpl) {
if (authModule.getAuthentication() instanceof Saml2AuthenticationToken) {
token = (Saml2AuthenticationToken) authModule.getAuthentication();
} else if ((authModule.getAuthentication() instanceof PreAuthenticatedAuthenticationToken || authModule.getAuthentication() instanceof AnonymousAuthenticationToken) && authModule.getAuthentication().getDetails() instanceof Saml2AuthenticationToken) {
token = (Saml2AuthenticationToken) authModule.getAuthentication().getDetails();
}
}
} else if (authentication instanceof AnonymousAuthenticationToken && authentication.getDetails() instanceof Saml2AuthenticationToken) {
token = (Saml2AuthenticationToken) authentication.getDetails();
}
if (token != null) {
AuthenticatedPrincipal principal = token.getDetails() instanceof AuthenticatedPrincipal ? (AuthenticatedPrincipal) token.getDetails() : null;
if (!(principal instanceof Saml2AuthenticatedPrincipal)) {
String name = token.getRelyingPartyRegistration().getEntityId();
String relyingPartyRegistrationId = token.getRelyingPartyRegistration().getRegistrationId();
principal = new Saml2AuthenticatedPrincipal() {
@Override
public String getName() {
return name;
}
@Override
public String getRelyingPartyRegistrationId() {
return relyingPartyRegistrationId;
}
};
}
return resolver.resolve(httpServletRequest, new Saml2Authentication(principal, token.getSaml2Response(), null));
}
return resolver.resolve(httpServletRequest, authentication);
}
Also used :
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Saml2ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)
Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal)
Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal)
AuthenticatedPrincipal(org.springframework.security.core.AuthenticatedPrincipal)
Example 55 with PreAuthenticatedAuthenticationToken
use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project midpoint by Evolveum.
the class AuthenticationEvaluatorImpl method authenticateUserPreAuthenticated.
@Override
public PreAuthenticatedAuthenticationToken authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, PreAuthenticationContext authnCtx) {
MidPointPrincipal principal = getAndCheckPrincipal(connEnv, authnCtx.getUsername(), authnCtx.getPrincipalType(), authnCtx.isSupportActivationByChannel());
// Authorizations
if (hasNoneAuthorization(principal)) {
recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "no authorizations", authnCtx.getPrincipalType(), false);
throw new InternalAuthenticationServiceException("web.security.provider.access.denied");
}
if (AuthenticationEvaluatorUtil.checkRequiredAssignment(principal.getFocus().getAssignment(), authnCtx.getRequireAssignments())) {
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(principal, null, principal.getAuthorities());
recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, null, authnCtx.getPrincipalType(), true);
return token;
} else {
recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "not contains required assignment", authnCtx.getPrincipalType(), false);
throw new InternalAuthenticationServiceException("web.security.flexAuth.invalid.required.assignment");
}
}
Also used :
InternalAuthenticationServiceException(org.springframework.security.authentication.InternalAuthenticationServiceException)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Aggregations
PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)60
Authentication (org.springframework.security.core.Authentication)34
Test (org.junit.Test)11
SecurityContext (org.springframework.security.core.context.SecurityContext)10
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)7
User (ca.corefacility.bioinformatics.irida.model.user.User)6
AuthenticationException (org.springframework.security.core.AuthenticationException)6
GrantedAuthority (org.springframework.security.core.GrantedAuthority)6
MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)5
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)4
MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)3
ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)3
X509Certificate (java.security.cert.X509Certificate)3
ArrayList (java.util.ArrayList)3
OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)3
BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)3
PasswordAuthenticationContext (com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)2
PrismObject (com.evolveum.midpoint.prism.PrismObject)2
