-
Notifications
You must be signed in to change notification settings - Fork 188
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
attribute verification module structure
- Loading branch information
1 parent
b87880d
commit 187e1f7
Showing
7 changed files
with
268 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
64 changes: 64 additions & 0 deletions
64
...lveum/midpoint/authentication/impl/factory/module/AttributeVerificationModuleFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
/* | ||
* Copyright (c) 2022 Evolveum and contributors | ||
* | ||
* This work is dual-licensed under the Apache License 2.0 | ||
* and European Union Public License. See LICENSE file for details. | ||
*/ | ||
package com.evolveum.midpoint.authentication.impl.factory.module; | ||
|
||
import com.evolveum.midpoint.authentication.api.AuthenticationChannel; | ||
import com.evolveum.midpoint.authentication.impl.module.authentication.AttributeVerificationModuleAuthentication; | ||
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl; | ||
import com.evolveum.midpoint.authentication.impl.module.configuration.LoginFormModuleWebSecurityConfiguration; | ||
import com.evolveum.midpoint.authentication.impl.module.configurer.AttributeVerificationModuleWebSecurityConfigurer; | ||
import com.evolveum.midpoint.authentication.impl.provider.AttributeVerificationProvider; | ||
import com.evolveum.midpoint.xml.ns._public.common.common_3.*; | ||
|
||
import org.springframework.security.authentication.AuthenticationProvider; | ||
import org.springframework.stereotype.Component; | ||
|
||
@Component | ||
public class AttributeVerificationModuleFactory extends AbstractCredentialModuleFactory | ||
<LoginFormModuleWebSecurityConfiguration, AttributeVerificationModuleWebSecurityConfigurer<LoginFormModuleWebSecurityConfiguration>> { | ||
|
||
@Override | ||
public boolean match(AbstractAuthenticationModuleType moduleType, AuthenticationChannel authenticationChannel) { | ||
return moduleType instanceof AttributeVerificationAuthenticationModuleType; | ||
} | ||
|
||
@Override | ||
protected LoginFormModuleWebSecurityConfiguration createConfiguration( | ||
AbstractAuthenticationModuleType moduleType, String prefixOfSequence, AuthenticationChannel authenticationChannel) { | ||
LoginFormModuleWebSecurityConfiguration configuration = LoginFormModuleWebSecurityConfiguration.build(moduleType,prefixOfSequence); | ||
configuration.setSequenceSuffix(prefixOfSequence); | ||
return configuration; | ||
} | ||
|
||
@Override | ||
protected AttributeVerificationModuleWebSecurityConfigurer<LoginFormModuleWebSecurityConfiguration> createModule( | ||
LoginFormModuleWebSecurityConfiguration configuration) { | ||
return getObjectObjectPostProcessor().postProcess(new AttributeVerificationModuleWebSecurityConfigurer<>(configuration)); | ||
} | ||
|
||
@Override | ||
protected AuthenticationProvider createProvider(CredentialPolicyType usedPolicy) { | ||
return new AttributeVerificationProvider(); | ||
} | ||
|
||
@Override | ||
protected Class<? extends CredentialPolicyType> supportedClass() { | ||
return AttributeVerificationCredentialsPolicyType.class; | ||
} | ||
|
||
@Override | ||
protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, | ||
LoginFormModuleWebSecurityConfiguration configuration, AuthenticationSequenceModuleType sequenceModule) { | ||
AttributeVerificationModuleAuthentication moduleAuthentication = new AttributeVerificationModuleAuthentication(sequenceModule); | ||
moduleAuthentication.setPrefix(configuration.getPrefixOfModule()); | ||
moduleAuthentication.setCredentialName(((AbstractCredentialAuthenticationModuleType)moduleType).getCredentialName()); | ||
moduleAuthentication.setCredentialType(supportedClass()); | ||
moduleAuthentication.setNameOfModule(configuration.getModuleIdentifier()); | ||
return moduleAuthentication; | ||
} | ||
|
||
} |
24 changes: 24 additions & 0 deletions
24
.../authentication/impl/module/authentication/AttributeVerificationModuleAuthentication.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/* | ||
* Copyright (c) 2022 Evolveum and contributors | ||
* | ||
* This work is dual-licensed under the Apache License 2.0 | ||
* and European Union Public License. See LICENSE file for details. | ||
*/ | ||
package com.evolveum.midpoint.authentication.impl.module.authentication; | ||
|
||
import com.evolveum.midpoint.authentication.api.util.AuthenticationModuleNameConstants; | ||
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType; | ||
|
||
public class AttributeVerificationModuleAuthentication extends CredentialModuleAuthenticationImpl { | ||
|
||
public AttributeVerificationModuleAuthentication(AuthenticationSequenceModuleType sequenceModule) { | ||
super(AuthenticationModuleNameConstants.ATTRIBUTE_VERIFICATION, sequenceModule); | ||
} | ||
|
||
public ModuleAuthenticationImpl clone() { | ||
AttributeVerificationModuleAuthentication module = new AttributeVerificationModuleAuthentication(this.getSequenceModule()); | ||
module.setAuthentication(this.getAuthentication()); | ||
super.clone(module); | ||
return module; | ||
} | ||
} |
16 changes: 16 additions & 0 deletions
16
.../midpoint/authentication/impl/module/authentication/token/AttributeVerificationToken.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
/* | ||
* Copyright (c) 2022 Evolveum and contributors | ||
* | ||
* This work is dual-licensed under the Apache License 2.0 | ||
* and European Union Public License. See LICENSE file for details. | ||
*/ | ||
package com.evolveum.midpoint.authentication.impl.module.authentication.token; | ||
|
||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; | ||
|
||
public class AttributeVerificationToken extends UsernamePasswordAuthenticationToken { | ||
|
||
public AttributeVerificationToken(Object principal, Object credentials) { | ||
super(principal, credentials); | ||
} | ||
} |
45 changes: 45 additions & 0 deletions
45
...thentication/impl/module/configurer/AttributeVerificationModuleWebSecurityConfigurer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
/* | ||
* Copyright (c) 2022 Evolveum and contributors | ||
* | ||
* This work is dual-licensed under the Apache License 2.0 | ||
* and European Union Public License. See LICENSE file for details. | ||
*/ | ||
package com.evolveum.midpoint.authentication.impl.module.configurer; | ||
|
||
import com.evolveum.midpoint.authentication.api.util.AuthUtil; | ||
import com.evolveum.midpoint.authentication.impl.entry.point.WicketLoginUrlAuthenticationEntryPoint; | ||
import com.evolveum.midpoint.authentication.impl.filter.SecurityQuestionsAuthenticationFilter; | ||
import com.evolveum.midpoint.authentication.impl.filter.configurers.MidpointExceptionHandlingConfigurer; | ||
import com.evolveum.midpoint.authentication.impl.filter.configurers.MidpointFormLoginConfigurer; | ||
import com.evolveum.midpoint.authentication.impl.handler.MidPointAuthenticationSuccessHandler; | ||
import com.evolveum.midpoint.authentication.impl.handler.MidpointAuthenticationFailureHandler; | ||
import com.evolveum.midpoint.authentication.impl.module.configuration.LoginFormModuleWebSecurityConfiguration; | ||
|
||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
|
||
public class AttributeVerificationModuleWebSecurityConfigurer<C extends LoginFormModuleWebSecurityConfiguration> extends ModuleWebSecurityConfigurer<C> { | ||
|
||
public AttributeVerificationModuleWebSecurityConfigurer(C configuration) { | ||
super(configuration); | ||
} | ||
|
||
@Override | ||
protected void configure(HttpSecurity http) throws Exception { | ||
super.configure(http); | ||
http.antMatcher(AuthUtil.stripEndingSlashes(getPrefix()) + "/**"); | ||
getOrApply(http, new MidpointFormLoginConfigurer<>(new SecurityQuestionsAuthenticationFilter())) | ||
.loginPage("/verification/attribute") | ||
.loginProcessingUrl(AuthUtil.stripEndingSlashes(getPrefix()) + "/spring_security_login") | ||
.failureHandler(new MidpointAuthenticationFailureHandler()) | ||
.successHandler(getObjectPostProcessor().postProcess( | ||
new MidPointAuthenticationSuccessHandler())).permitAll(); | ||
getOrApply(http, new MidpointExceptionHandlingConfigurer<>()) | ||
.authenticationEntryPoint(new WicketLoginUrlAuthenticationEntryPoint("/verification/attribute")); | ||
|
||
http.logout().clearAuthentication(true) | ||
.logoutRequestMatcher(getLogoutMatcher(http, getPrefix() +"/logout")) | ||
.invalidateHttpSession(true) | ||
.deleteCookies("JSESSIONID") | ||
.logoutSuccessHandler(createLogoutHandler()); | ||
} | ||
} |
68 changes: 68 additions & 0 deletions
68
...ava/com/evolveum/midpoint/authentication/impl/provider/AttributeVerificationProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
/* | ||
* Copyright (c) 2022 Evolveum and contributors | ||
* | ||
* This work is dual-licensed under the Apache License 2.0 | ||
* and European Union Public License. See LICENSE file for details. | ||
*/ | ||
package com.evolveum.midpoint.authentication.impl.provider; | ||
|
||
import com.evolveum.midpoint.authentication.api.AuthenticationChannel; | ||
import com.evolveum.midpoint.authentication.api.config.AuthenticationEvaluator; | ||
import com.evolveum.midpoint.authentication.impl.module.authentication.token.AttributeVerificationToken; | ||
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal; | ||
import com.evolveum.midpoint.model.api.context.AttributeVerificationAuthenticationContext; | ||
import com.evolveum.midpoint.util.logging.Trace; | ||
import com.evolveum.midpoint.util.logging.TraceManager; | ||
import com.evolveum.midpoint.xml.ns._public.common.common_3.*; | ||
|
||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.AuthenticationException; | ||
import org.springframework.security.core.GrantedAuthority; | ||
|
||
import java.util.Collection; | ||
import java.util.List; | ||
|
||
public class AttributeVerificationProvider extends AbstractCredentialProvider<AttributeVerificationAuthenticationContext> { | ||
|
||
private static final Trace LOGGER = TraceManager.getTrace(AttributeVerificationProvider.class); | ||
|
||
@Autowired | ||
private AuthenticationEvaluator<AttributeVerificationAuthenticationContext> authenticationEvaluator; | ||
|
||
@Override | ||
protected AuthenticationEvaluator<AttributeVerificationAuthenticationContext> getEvaluator() { | ||
return authenticationEvaluator; | ||
} | ||
|
||
@Override | ||
protected Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> requireAssignment, | ||
AuthenticationChannel channel, Class<? extends FocusType> focusType) throws AuthenticationException { | ||
if (authentication.isAuthenticated() && authentication.getPrincipal() instanceof GuiProfiledPrincipal) { | ||
return authentication; | ||
} | ||
//todo implement | ||
return null; | ||
} | ||
|
||
@Override | ||
protected Authentication createNewAuthenticationToken(Authentication actualAuthentication, Collection<? extends GrantedAuthority> newAuthorities) { | ||
if (actualAuthentication instanceof UsernamePasswordAuthenticationToken) { | ||
return new UsernamePasswordAuthenticationToken(actualAuthentication.getPrincipal(), actualAuthentication.getCredentials(), newAuthorities); | ||
} else { | ||
return actualAuthentication; | ||
} | ||
} | ||
|
||
@Override | ||
public boolean supports(Class<?> authentication) { | ||
return AttributeVerificationToken.class.equals(authentication); | ||
} | ||
|
||
@Override | ||
public Class<? extends CredentialPolicyType> getTypeOfCredential() { | ||
return AttributeVerificationCredentialsPolicyType.class; | ||
} | ||
|
||
} |
50 changes: 50 additions & 0 deletions
50
...a/com/evolveum/midpoint/model/api/context/AttributeVerificationAuthenticationContext.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
/* | ||
* Copyright (c) 2022 Evolveum and contributors | ||
* | ||
* This work is dual-licensed under the Apache License 2.0 | ||
* and European Union Public License. See LICENSE file for details. | ||
*/ | ||
package com.evolveum.midpoint.model.api.context; | ||
|
||
import com.evolveum.midpoint.prism.path.ItemPath; | ||
import com.evolveum.midpoint.xml.ns._public.common.common_3.AttributeVerificationCredentialsPolicyType; | ||
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType; | ||
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType; | ||
|
||
import java.util.List; | ||
import java.util.Map; | ||
|
||
public class AttributeVerificationAuthenticationContext extends AbstractAuthenticationContext{ | ||
|
||
private Map<ItemPath, String> attributeValuesMap; | ||
private AttributeVerificationCredentialsPolicyType policy; | ||
|
||
public AttributeVerificationAuthenticationContext(String username, Class<? extends FocusType> principalType, Map<ItemPath, String> attributeValuesMap) { | ||
this(username, principalType, attributeValuesMap, null); | ||
} | ||
|
||
public AttributeVerificationAuthenticationContext(String username, Class<? extends FocusType> principalType, Map<ItemPath, String> attributeValuesMap, List<ObjectReferenceType> requireAssignment) { | ||
super(username, principalType, requireAssignment); | ||
this.attributeValuesMap = attributeValuesMap; | ||
} | ||
|
||
|
||
public Map<ItemPath, String> getAttributeValuesMap() { | ||
return attributeValuesMap; | ||
} | ||
|
||
@Override | ||
public Object getEnteredCredential() { | ||
return getAttributeValuesMap(); | ||
} | ||
|
||
public AttributeVerificationCredentialsPolicyType getPolicy() { | ||
return policy; | ||
} | ||
|
||
public void setPolicy(AttributeVerificationCredentialsPolicyType policy) { | ||
this.policy = policy; | ||
} | ||
|
||
|
||
} |