Example 1 with SimplePrincipal
use of org.xdi.model.security.SimplePrincipal in project oxAuth by GluuFederation.
the class Authenticator method userAuthenticationInteractive.
private boolean userAuthenticationInteractive() {
SessionState sessionState = sessionStateService.getSessionState();
Map<String, String> sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
if (sessionIdAttributes == null) {
log.error("Failed to get session attributes");
authenticationFailedSessionInvalid();
return false;
}
// Set current state into identity to allow use in login form and
// authentication scripts
identity.setSessionState(sessionState);
initCustomAuthenticatorVariables(sessionIdAttributes);
boolean useExternalAuthenticator = externalAuthenticationService.isEnabled(AuthenticationScriptUsageType.INTERACTIVE);
if (useExternalAuthenticator && !StringHelper.isEmpty(this.authAcr)) {
initCustomAuthenticatorVariables(sessionIdAttributes);
if ((this.authStep == null) || StringHelper.isEmpty(this.authAcr)) {
log.error("Failed to determine authentication mode");
authenticationFailedSessionInvalid();
return false;
}
CustomScriptConfiguration customScriptConfiguration = externalAuthenticationService.getCustomScriptConfiguration(AuthenticationScriptUsageType.INTERACTIVE, this.authAcr);
if (customScriptConfiguration == null) {
log.error("Failed to get CustomScriptConfiguration for acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
return false;
}
// Check if all previous steps had passed
boolean passedPreviousSteps = isPassedPreviousAuthSteps(sessionIdAttributes, this.authStep);
if (!passedPreviousSteps) {
log.error("There are authentication steps not marked as passed. acr: '{}', auth_step: '{}'", this.authAcr, this.authStep);
return false;
}
boolean result = externalAuthenticationService.executeExternalAuthenticate(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
log.debug("Authentication result for user '{}'. auth_step: '{}', result: '{}', credentials: '{}'", credentials.getUsername(), this.authStep, result, System.identityHashCode(credentials));
int overridenNextStep = -1;
int apiVersion = externalAuthenticationService.executeExternalGetApiVersion(customScriptConfiguration);
if (apiVersion > 1) {
log.trace("According to API version script supports steps overriding");
overridenNextStep = externalAuthenticationService.getNextStep(customScriptConfiguration, externalContext.getRequestParameterValuesMap(), this.authStep);
log.debug("Get next step from script: '{}'", apiVersion);
}
if (!result && (overridenNextStep == -1)) {
return false;
}
boolean overrideCurrentStep = false;
if (overridenNextStep > -1) {
overrideCurrentStep = true;
// Reload session state
sessionState = sessionStateService.getSessionState();
// Reset to pecified step
sessionStateService.resetToStep(sessionState, overridenNextStep);
this.authStep = overridenNextStep;
log.info("Authentication reset to step : '{}'", this.authStep);
}
// Update parameters map to allow access it from count
// authentication steps method
updateExtraParameters(customScriptConfiguration, this.authStep + 1, sessionIdAttributes);
// Determine count authentication methods
int countAuthenticationSteps = externalAuthenticationService.executeExternalGetCountAuthenticationSteps(customScriptConfiguration);
// Reload from LDAP to make sure that we are updating latest session
// attributes
sessionState = sessionStateService.getSessionState();
sessionIdAttributes = sessionStateService.getSessionAttributes(sessionState);
// Prepare for next step
if ((this.authStep < countAuthenticationSteps) || overrideCurrentStep) {
int nextStep;
if (overrideCurrentStep) {
nextStep = overridenNextStep;
} else {
nextStep = this.authStep + 1;
}
String redirectTo = externalAuthenticationService.executeExternalGetPageForStep(customScriptConfiguration, nextStep);
if (StringHelper.isEmpty(redirectTo)) {
redirectTo = "/login.xhtml";
}
// Store/Update extra parameters in session attributes map
updateExtraParameters(customScriptConfiguration, nextStep, sessionIdAttributes);
if (!overrideCurrentStep) {
// Update auth_step
sessionIdAttributes.put("auth_step", Integer.toString(nextStep));
// Mark step as passed
markAuthStepAsPassed(sessionIdAttributes, this.authStep);
}
if (sessionState != null) {
boolean updateResult = updateSession(sessionState, sessionIdAttributes);
if (!updateResult) {
return false;
}
}
log.trace("Redirect to page: '{}'", redirectTo);
facesService.redirect(redirectTo);
return true;
}
if (this.authStep == countAuthenticationSteps) {
SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
Principal principal = new SimplePrincipal(credentials.getUsername());
identity.acceptExternallyAuthenticatedPrincipal(principal);
identity.quietLogin();
// Redirect to authorization workflow
log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
authenticationService.onSuccessfulLogin(eventSessionState);
log.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
} else {
if (StringHelper.isNotEmpty(credentials.getUsername())) {
boolean authenticated = authenticationService.authenticate(credentials.getUsername(), credentials.getPassword());
if (authenticated) {
SessionState eventSessionState = authenticationService.configureSessionUser(sessionState, sessionIdAttributes);
// Redirect to authorization workflow
log.debug("Sending event to trigger user redirection: '{}'", credentials.getUsername());
authenticationService.onSuccessfulLogin(eventSessionState);
}
log.info("Authentication success for User: '{}'", credentials.getUsername());
return true;
}
}
return false;
}
Also used :
SessionState(org.xdi.oxauth.model.common.SessionState)
CustomScriptConfiguration(org.xdi.model.custom.script.conf.CustomScriptConfiguration)
SimplePrincipal(org.xdi.model.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.xdi.model.security.SimplePrincipal)
Example 2 with SimplePrincipal
use of org.xdi.model.security.SimplePrincipal in project oxTrust by GluuFederation.
the class Authenticator method Shibboleth3Authenticate.
/**
* Authenticate using credentials passed from web request header
*/
public boolean Shibboleth3Authenticate() {
log.debug("Checking if user authenticated with shibboleth already");
boolean result = false;
HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
String authType = request.getAuthType();
String userUid = request.getHeader("REMOTE_USER");
String userUidlower = request.getHeader("remote_user");
Enumeration<?> headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
String headerName = (String) headerNames.nextElement();
log.trace(headerName + "-->" + request.getHeader(headerName));
}
log.debug("Username is " + userUid);
log.debug("UsernameLower is " + userUidlower);
log.debug("AuthType is " + authType);
Map<String, String[]> headers = FacesContext.getCurrentInstance().getExternalContext().getRequestHeaderValuesMap();
for (String name : headers.keySet()) {
log.trace(name + "==>" + StringUtils.join(headers.get(name)));
}
if (StringHelper.isEmpty(userUid) || StringHelper.isEmpty(authType) || !authType.equals("shibboleth")) {
result = false;
return result;
}
Pattern pattern = Pattern.compile(".+@.+\\.[a-z]+");
Matcher matcher = pattern.matcher(userUid);
User user = null;
if (matcher.matches()) {
// Find user by uid
user = personService.getPersonByEmail(userUid);
} else {
// Find user by uid
user = personService.getUserByUid(userUid);
}
if (user == null) {
result = false;
return result;
}
log.debug("Person Inum is " + user.getInum());
if (GluuStatus.ACTIVE.getValue().equals(user.getAttribute("gluuStatus"))) {
credentials.setUsername(user.getUid());
// credentials.setPassword("");
Principal principal = new SimplePrincipal(user.getUid());
log.debug("Principal is " + principal.toString());
identity.acceptExternallyAuthenticatedPrincipal(principal);
log.info("User '{}' authenticated with shibboleth already", userUid);
identity.quietLogin();
postLogin(user);
identity.getSessionMap().put(OxTrustConstants.APPLICATION_AUTHORIZATION_TYPE, OxTrustConstants.APPLICATION_AUTHORIZATION_NAME_SHIBBOLETH3);
result = true;
} else {
result = false;
}
return result;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Pattern(java.util.regex.Pattern)
User(org.gluu.oxtrust.model.User)
Matcher(java.util.regex.Matcher)
SimplePrincipal(org.xdi.model.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.xdi.model.security.SimplePrincipal)
Aggregations
Principal (java.security.Principal)2
SimplePrincipal (org.xdi.model.security.SimplePrincipal)2
Matcher (java.util.regex.Matcher)1
Pattern (java.util.regex.Pattern)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
User (org.gluu.oxtrust.model.User)1
CustomScriptConfiguration (org.xdi.model.custom.script.conf.CustomScriptConfiguration)1
SessionState (org.xdi.oxauth.model.common.SessionState)1
