Example 16 with CustomScriptConfiguration
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class Authenticator method userAuthenticationService.
private boolean userAuthenticationService() {
if (externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.SERVICE)) {
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.SERVICE, 1, this.authAcr);
if (customScriptConfiguration == null) {
log.error("Failed to get CustomScriptConfiguration. auth_step: '{}', acr: '{}'", this.authStep, this.authAcr);
} else {
this.authAcr = customScriptConfiguration.getName();
boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, null, 1);
log.info("Authentication result for '{}'. auth_step: '{}', result: '{}'", credentials.getUsername(), this.authStep, result);
if (result) {
authenticationService.configureEventUser();
log.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
log.info("Authentication failed for User: '{}'", credentials.getUsername());
}
}
if (StringHelper.isNotEmpty(credentials.getUsername())) {
boolean authenticated = authenticationService.authenticate(credentials.getUsername(), credentials.getPassword());
if (authenticated) {
authenticationService.configureEventUser();
log.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
log.info("Authentication failed for User: '{}'", credentials.getUsername());
}
return false;
}
Also used :
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
Example 17 with CustomScriptConfiguration
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class AuthorizeAction method checkPermissionGranted.
public void checkPermissionGranted() {
if ((clientId == null) || clientId.isEmpty()) {
log.error("Permission denied. client_id should be not empty.");
permissionDenied();
return;
}
Client client = null;
try {
client = clientService.getClient(clientId);
} catch (EntryPersistenceException ex) {
log.error("Permission denied. Failed to find client by inum '{}' in LDAP.", clientId, ex);
permissionDenied();
return;
}
if (client == null) {
log.error("Permission denied. Failed to find client_id '{}' in LDAP.", clientId);
permissionDenied();
return;
}
SessionState session = getSession();
List<Prompt> prompts = Prompt.fromString(prompt, " ");
try {
session = sessionStateService.assertAuthenticatedSessionCorrespondsToNewRequest(session, acrValues);
} catch (AcrChangedException e) {
log.debug("There is already existing session which has another acr then {}, session: {}", acrValues, session.getId());
if (prompts.contains(Prompt.LOGIN)) {
session = handleAcrChange(session, prompts);
} else {
log.error("Please provide prompt=login to force login with new ACR or otherwise perform logout and re-authenticate.");
permissionDenied();
return;
}
}
if (session == null || StringUtils.isBlank(session.getUserDn()) || SessionIdState.AUTHENTICATED != session.getState()) {
Map<String, String> parameterMap = externalContext.getRequestParameterMap();
Map<String, String> requestParameterMap = authenticationService.getAllowedParameters(parameterMap);
String redirectTo = "/login.xhtml";
boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
if (useExternalAuthenticator) {
List<String> acrValuesList = acrValuesList();
if (acrValuesList.isEmpty()) {
if (StringHelper.isNotEmpty(defaultAuthenticationMode.getName())) {
acrValuesList = Arrays.asList(defaultAuthenticationMode.getName());
} else {
CustomScriptConfiguration defaultExternalAuthenticator = externalAuthenticationService.getDefaultExternalAuthenticator(AuthenticationScriptUsageType.INTERACTIVE);
if (defaultExternalAuthenticator != null) {
acrValuesList = Arrays.asList(defaultExternalAuthenticator.getName());
}
}
}
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.determineCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, acrValuesList);
if (customScriptConfiguration == null) {
log.error("Failed to get CustomScriptConfiguration. auth_step: {}, acr_values: {}", 1, this.acrValues);
permissionDenied();
return;
}
String acr = customScriptConfiguration.getName();
requestParameterMap.put(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, acr);
requestParameterMap.put("auth_step", Integer.toString(1));
String tmpRedirectTo = externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, 1);
if (StringHelper.isNotEmpty(tmpRedirectTo)) {
log.trace("Redirect to person authentication login page: {}", tmpRedirectTo);
redirectTo = tmpRedirectTo;
}
}
// Store Remote IP
String remoteIp = networkService.getRemoteIp();
requestParameterMap.put(Constants.REMOTE_IP, remoteIp);
// Create unauthenticated session
SessionState unauthenticatedSession = sessionStateService.generateUnauthenticatedSessionState(null, new Date(), SessionIdState.UNAUTHENTICATED, requestParameterMap, false);
unauthenticatedSession.setSessionAttributes(requestParameterMap);
unauthenticatedSession.addPermission(clientId, false);
// always persist is prompt is not none
boolean persisted = sessionStateService.persistSessionState(unauthenticatedSession, !prompts.contains(Prompt.NONE));
if (persisted && log.isTraceEnabled()) {
log.trace("Session '{}' persisted to LDAP", unauthenticatedSession.getId());
}
this.sessionState = unauthenticatedSession.getId();
sessionStateService.createSessionStateCookie(this.sessionState);
Map<String, Object> loginParameters = new HashMap<String, Object>();
if (requestParameterMap.containsKey(AuthorizeRequestParam.LOGIN_HINT)) {
loginParameters.put(AuthorizeRequestParam.LOGIN_HINT, requestParameterMap.get(AuthorizeRequestParam.LOGIN_HINT));
}
facesService.redirect(redirectTo, loginParameters);
return;
}
if (StringUtils.isBlank(redirectionUriService.validateRedirectionUri(clientId, redirectUri))) {
permissionDenied();
}
final User user = userService.getUserByDn(session.getUserDn());
log.trace("checkPermissionGranted, user = " + user);
if (AuthorizeParamsValidator.noNonePrompt(prompts)) {
if (appConfiguration.getTrustedClientEnabled()) {
// if trusted client = true, then skip authorization page and grant access directly
if (client.getTrustedClient() && !prompts.contains(Prompt.CONSENT)) {
permissionGranted(session);
return;
}
}
if (client.getPersistClientAuthorizations()) {
ClientAuthorizations clientAuthorizations = clientAuthorizationsService.findClientAuthorizations(user.getAttribute("inum"), client.getClientId());
if (clientAuthorizations != null && clientAuthorizations.getScopes() != null && Arrays.asList(clientAuthorizations.getScopes()).containsAll(org.xdi.oxauth.model.util.StringUtils.spaceSeparatedToList(scope))) {
permissionGranted(session);
return;
}
}
} else {
invalidRequest();
}
return;
}
Also used :
SessionState(org.xdi.oxauth.model.common.SessionState)
User(org.xdi.oxauth.model.common.User)
EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)
ClientAuthorizations(org.xdi.oxauth.model.ldap.ClientAuthorizations)
AcrChangedException(org.xdi.oxauth.model.exception.AcrChangedException)
Prompt(org.xdi.oxauth.model.common.Prompt)
Client(org.xdi.oxauth.model.registration.Client)
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
Example 18 with CustomScriptConfiguration
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxAuth by GluuFederation.
the class GluuConfigurationWS method createAuthLevelMapping.
public Map<Integer, Set<String>> createAuthLevelMapping() {
Map<Integer, Set<String>> map = Maps.newHashMap();
try {
for (CustomScriptConfiguration script : externalAuthenticationService.getCustomScriptConfigurationsMap()) {
String acr = script.getName();
int level = script.getLevel();
Set<String> acrs = map.get(level);
if (acrs == null) {
acrs = Sets.newHashSet();
map.put(level, acrs);
}
acrs.add(acr);
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
return map;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
WebApplicationException(javax.ws.rs.WebApplicationException)
Example 19 with CustomScriptConfiguration
use of org.xdi.model.custom.script.conf.CustomScriptConfiguration in project oxCore by GluuFederation.
the class CustomScriptManager method reloadCustomScriptConfigurations.
private ReloadResult reloadCustomScriptConfigurations(Map<String, CustomScriptConfiguration> customScriptConfigurations, List<CustomScript> newCustomScripts) {
Map<String, CustomScriptConfiguration> newCustomScriptConfigurations;
boolean modified = false;
if (customScriptConfigurations == null) {
newCustomScriptConfigurations = new HashMap<String, CustomScriptConfiguration>();
modified = true;
} else {
// Clone old map to avoid reload not changed scripts because it's time and CPU
// consuming process
newCustomScriptConfigurations = new HashMap<String, CustomScriptConfiguration>(customScriptConfigurations);
}
List<String> newSupportedCustomScriptInums = new ArrayList<String>();
for (CustomScript newCustomScript : newCustomScripts) {
if (!newCustomScript.isEnabled()) {
continue;
}
if (ScriptLocationType.FILE == newCustomScript.getLocationType()) {
// Replace script revision with file modification time. This should allow to
// reload script automatically after changing location_type
long fileModifiactionTime = getFileModificationTime(newCustomScript.getLocationPath());
newCustomScript.setRevision(fileModifiactionTime);
}
String newSupportedCustomScriptInum = StringHelper.toLowerCase(newCustomScript.getInum());
newSupportedCustomScriptInums.add(newSupportedCustomScriptInum);
CustomScriptConfiguration prevCustomScriptConfiguration = newCustomScriptConfigurations.get(newSupportedCustomScriptInum);
if ((prevCustomScriptConfiguration == null) || (prevCustomScriptConfiguration.getCustomScript().getRevision() != newCustomScript.getRevision())) {
// Destroy old version properly before creating new one
if (prevCustomScriptConfiguration != null) {
destroyCustomScript(prevCustomScriptConfiguration);
}
// Load script entry with all attributes
CustomScript loadedCustomScript = customScriptService.getCustomScriptByDn(newCustomScript.getScriptType().getCustomScriptModel(), newCustomScript.getDn());
// Prepare configuration attributes
Map<String, SimpleCustomProperty> newConfigurationAttributes = new HashMap<String, SimpleCustomProperty>();
List<SimpleExtendedCustomProperty> simpleCustomProperties = loadedCustomScript.getConfigurationProperties();
if (simpleCustomProperties == null) {
simpleCustomProperties = new ArrayList<SimpleExtendedCustomProperty>(0);
}
for (SimpleCustomProperty simpleCustomProperty : simpleCustomProperties) {
newConfigurationAttributes.put(simpleCustomProperty.getValue1(), simpleCustomProperty);
}
if (ScriptLocationType.FILE == loadedCustomScript.getLocationType()) {
// Replace script revision with file modification time. This should allow to
// reload script automatically after changing location_type
long fileModifiactionTime = getFileModificationTime(loadedCustomScript.getLocationPath());
loadedCustomScript.setRevision(fileModifiactionTime);
if (fileModifiactionTime != 0) {
String scriptFromFile = loadFromFile(loadedCustomScript.getLocationPath());
if (StringHelper.isNotEmpty(scriptFromFile)) {
loadedCustomScript.setScript(scriptFromFile);
}
}
}
// Load script
BaseExternalType newCustomScriptExternalType = createExternalType(loadedCustomScript, newConfigurationAttributes);
CustomScriptConfiguration newCustomScriptConfiguration = new CustomScriptConfiguration(loadedCustomScript, newCustomScriptExternalType, newConfigurationAttributes);
// Store configuration and script
newCustomScriptConfigurations.put(newSupportedCustomScriptInum, newCustomScriptConfiguration);
modified = true;
}
}
// Remove old external scripts configurations
for (Iterator<Entry<String, CustomScriptConfiguration>> it = newCustomScriptConfigurations.entrySet().iterator(); it.hasNext(); ) {
Entry<String, CustomScriptConfiguration> externalAuthenticatorConfigurationEntry = it.next();
String prevSupportedCustomScriptInum = externalAuthenticatorConfigurationEntry.getKey();
if (!newSupportedCustomScriptInums.contains(prevSupportedCustomScriptInum)) {
// Destroy old authentication method
destroyCustomScript(externalAuthenticatorConfigurationEntry.getValue());
it.remove();
modified = true;
}
}
return new ReloadResult(newCustomScriptConfigurations, modified);
}
Also used :
CustomScript(org.xdi.model.custom.script.model.CustomScript)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
SimpleExtendedCustomProperty(org.xdi.model.SimpleExtendedCustomProperty)
Entry(java.util.Map.Entry)
BaseExternalType(org.xdi.model.custom.script.type.BaseExternalType)
SimpleCustomProperty(org.xdi.model.SimpleCustomProperty)
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
Aggregations
CustomScriptConfiguration (org.xdi.model.custom.script.conf.CustomScriptConfiguration)19
SessionState (org.xdi.oxauth.model.common.SessionState)4
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
AuthenticationScriptUsageType (org.xdi.model.AuthenticationScriptUsageType)2
SimpleCustomProperty (org.xdi.model.SimpleCustomProperty)2
CustomScript (org.xdi.model.custom.script.model.CustomScript)2
IOException (java.io.IOException)1
Principal (java.security.Principal)1
HashSet (java.util.HashSet)1
List (java.util.List)1
Entry (java.util.Map.Entry)1
Set (java.util.Set)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
EntryPersistenceException (org.gluu.site.ldap.persistence.exception.EntryPersistenceException)1
SimpleExtendedCustomProperty (org.xdi.model.SimpleExtendedCustomProperty)1
CustomScriptType (org.xdi.model.custom.script.CustomScriptType)1
AuthenticationCustomScript (org.xdi.model.custom.script.model.auth.AuthenticationCustomScript)1
BaseExternalType (org.xdi.model.custom.script.type.BaseExternalType)1
PersonAuthenticationType (org.xdi.model.custom.script.type.auth.PersonAuthenticationType)1
