/
MidPointLdapAuthenticationProvider.java
65 lines (48 loc) · 2.55 KB
/
MidPointLdapAuthenticationProvider.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package com.evolveum.midpoint.model.impl.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
public class MidPointLdapAuthenticationProvider extends LdapAuthenticationProvider{
private static final Trace LOGGER = TraceManager.getTrace(MidPointLdapAuthenticationProvider.class);
@Autowired private SecurityHelper securityHelper;
public MidPointLdapAuthenticationProvider(LdapAuthenticator authenticator) {
super(authenticator);
}
@Override
protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken authentication) {
try {
return super.doAuthentication(authentication);
} catch (RuntimeException e) {
LOGGER.error("Failed to authenticate user {}. Error: {}", authentication.getName(), e.getMessage(), e);
securityHelper.auditLoginFailure(authentication.getName(), null, ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI), "bad credentials");
throw e;
}
}
@Override
protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication,
UserDetails user) {
Authentication authNCtx = super.createSuccessfulAuthentication(authentication, user);
Object principal = authNCtx.getPrincipal();
if (!(principal instanceof MidPointPrincipal)) {
throw new BadCredentialsException("LdapAuthentication.incorrect.value");
}
MidPointPrincipal midPointPrincipal = (MidPointPrincipal) principal;
UserType userType = midPointPrincipal.getUser();
if (userType == null) {
throw new BadCredentialsException("LdapAuthentication.bad.user");
}
securityHelper.auditLoginSuccess(userType, ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI));
return authNCtx;
}
}