-
Notifications
You must be signed in to change notification settings - Fork 188
/
PasswordAuthenticationEvaluatorImpl.java
76 lines (63 loc) · 3.17 KB
/
PasswordAuthenticationEvaluatorImpl.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/*
* Copyright (c) 2010-2019 Evolveum and contributors
*
* This work is dual-licensed under the Apache License 2.0
* and European Union Public License. See LICENSE file for details.
*/
package com.evolveum.midpoint.model.impl.security;
import org.apache.commons.lang.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;
import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
@Component("passwordAuthenticationEvaluator")
public class PasswordAuthenticationEvaluatorImpl extends AuthenticationEvaluatorImpl<PasswordType, PasswordAuthenticationContext> {
@Override
protected void checkEnteredCredentials(ConnectionEnvironment connEnv, PasswordAuthenticationContext authCtx) {
if (StringUtils.isBlank(authCtx.getPassword())) {
recordAuthenticationBehavior(authCtx.getUsername(), null, connEnv, "empty password provided", authCtx.getPrincipalType(), false);
throw new BadCredentialsException("web.security.provider.password.encoding");
}
}
@Override
protected boolean supportsAuthzCheck() {
return true;
}
@Override
protected PasswordType getCredential(CredentialsType credentials) {
return credentials.getPassword();
}
@Override
protected void validateCredentialNotNull(ConnectionEnvironment connEnv,
@NotNull MidPointPrincipal principal, PasswordType credential) {
ProtectedStringType protectedString = credential.getValue();
if (protectedString == null) {
recordAuthenticationBehavior(principal.getUsername(), principal, connEnv, "no stored password value", principal.getFocus().getClass(), false);
throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad");
}
}
@Override
protected boolean passwordMatches(
ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal,
PasswordType passwordType, PasswordAuthenticationContext authCtx) {
return decryptAndMatch(connEnv, principal, passwordType.getValue(), authCtx.getPassword());
}
@Override
protected CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy,
PasswordAuthenticationContext authnCtx) {
return SecurityUtil.getEffectivePasswordCredentialsPolicy(securityPolicy);
}
@Override
protected boolean supportsActivation() {
return true;
}
}