attribute verification module creation

Evolveum · Dec 21, 2022 · 1cb8a50 · 1cb8a50
1 parent dfd34ab
commit 1cb8a50
Show file tree

Hide file tree

Showing 6 changed files with 75 additions and 10 deletions.
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
@@ -460,7 +460,7 @@
             </xsd:appinfo>
         </xsd:annotation>
         <xsd:complexContent>
-            <xsd:extension base="tns:AbstractAuthenticationModuleType">
+            <xsd:extension base="tns:AbstractCredentialAuthenticationModuleType">
                 <xsd:sequence>
                     <xsd:element name="path" type="t:ItemPathType" minOccurs="0" maxOccurs="unbounded">
                         <xsd:annotation>

diff --git a/...m/evolveum/midpoint/authentication/impl/evaluator/AttributeVerificationEvaluatorImpl.java b/...m/evolveum/midpoint/authentication/impl/evaluator/AttributeVerificationEvaluatorImpl.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2022 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.authentication.impl.evaluator;
+
+import com.evolveum.midpoint.model.api.context.AttributeVerificationAuthenticationContext;
+import com.evolveum.midpoint.security.api.ConnectionEnvironment;
+import com.evolveum.midpoint.security.api.MidPointPrincipal;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
+
+import org.jetbrains.annotations.NotNull;
+import org.springframework.stereotype.Component;
+
+@Component("attributeVerificationEvaluator")
+public class AttributeVerificationEvaluatorImpl extends AuthenticationEvaluatorImpl<AbstractCredentialType, AttributeVerificationAuthenticationContext> {
+
+    @Override
+    protected void checkEnteredCredentials(ConnectionEnvironment connEnv,
+            AttributeVerificationAuthenticationContext authCtx) {
+
+    }
+
+    @Override
+    protected boolean supportsAuthzCheck() {
+        return true;
+    }
+
+    @Override
+    protected SecurityQuestionsCredentialsType getCredential(CredentialsType credentials) {
+        return credentials.getSecurityQuestions();
+    }
+
+    @Override
+    protected void validateCredentialNotNull(ConnectionEnvironment connEnv,
+            @NotNull MidPointPrincipal principal, AbstractCredentialType credential) {
+
+
+    }
+
+    @Override
+    protected boolean passwordMatches(
+            ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal,
+            AbstractCredentialType passwordType, AttributeVerificationAuthenticationContext authCtx) {
+        return true;
+    }
+
+    @Override
+    protected CredentialPolicyType getEffectiveCredentialPolicy(
+            SecurityPolicyType securityPolicy, AttributeVerificationAuthenticationContext authnCtx) {
+
+        return null;
+    }
+
+    @Override
+    protected boolean supportsActivation() {
+        return true;
+    }
+
+}
diff --git a/...evolveum/midpoint/authentication/impl/factory/module/AbstractCredentialModuleFactory.java b/...evolveum/midpoint/authentication/impl/factory/module/AbstractCredentialModuleFactory.java
@@ -85,12 +85,12 @@ protected AuthenticationProvider getProvider(
                     if (credentialName.equals(processedPolicy.getName())) {
                         usedPolicy = processedPolicy;
                     }
-                } else if (processedPolicy.getClass().isAssignableFrom(supportedClass())) {
+                } else if (supportedClass() != null && processedPolicy.getClass().isAssignableFrom(supportedClass())) {
                     usedPolicy = processedPolicy;
                 }
             }
         }
-        if (usedPolicy == null && PasswordCredentialsPolicyType.class.equals(supportedClass())) {
+        if (usedPolicy == null && (PasswordCredentialsPolicyType.class.equals(supportedClass()) || supportedClass() == null)) {
             return getObjectObjectPostProcessor().postProcess(createProvider(null));
         }
         if (usedPolicy == null) {

diff --git a/...lveum/midpoint/authentication/impl/factory/module/AttributeVerificationModuleFactory.java b/...lveum/midpoint/authentication/impl/factory/module/AttributeVerificationModuleFactory.java
@@ -47,7 +47,7 @@ protected AuthenticationProvider createProvider(CredentialPolicyType usedPolicy)
 
     @Override
     protected Class<? extends CredentialPolicyType> supportedClass() {
-        return null;    //todo
+        return null;    //todo for now we don't have credentials policy for attribute verification
     }
 
     @Override

diff --git a/...m/evolveum/midpoint/authentication/impl/handler/MidPointAuthenticationSuccessHandler.java b/...m/evolveum/midpoint/authentication/impl/handler/MidPointAuthenticationSuccessHandler.java
@@ -7,6 +7,8 @@
 package com.evolveum.midpoint.authentication.impl.handler;
 
 import java.io.IOException;
+import java.util.List;
+import java.util.Objects;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -85,9 +87,11 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
                         if (processingSequence.getModule().size() != sequence.getModule().size()) {
                             continueSequence = true;
                             mpAuthentication.setSequence(sequence);
-                            mpAuthentication.setAuthModules(AuthSequenceUtil.buildModuleFilters(
+                            List<AuthModule> modules = AuthSequenceUtil.buildModuleFilters(
                                     authModuleRegistry, sequence, request, securityPolicy.getAuthentication().getModules(),
-                                    securityPolicy.getCredentials(), mpAuthentication.getSharedObjects(), mpAuthentication.getAuthenticationChannel()));
+                                    securityPolicy.getCredentials(), mpAuthentication.getSharedObjects(), mpAuthentication.getAuthenticationChannel());
+                            modules.removeIf(Objects::isNull);
+                            mpAuthentication.setAuthModules(modules);
                             mpAuthentication.setMerged(true);
                             AuthModule module = getUnauthenticatedModule(mpAuthentication);
 //                            if (module != null) {

diff --git a/...ava/com/evolveum/midpoint/authentication/impl/provider/AttributeVerificationProvider.java b/...ava/com/evolveum/midpoint/authentication/impl/provider/AttributeVerificationProvider.java
@@ -7,7 +7,7 @@
 package com.evolveum.midpoint.authentication.impl.provider;
 
 import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
-import com.evolveum.midpoint.authentication.api.config.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.impl.evaluator.AttributeVerificationEvaluatorImpl;
 import com.evolveum.midpoint.authentication.impl.module.authentication.token.AttributeVerificationToken;
 import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
 import com.evolveum.midpoint.model.api.context.AttributeVerificationAuthenticationContext;
@@ -28,11 +28,10 @@ public class AttributeVerificationProvider extends AbstractCredentialProvider<At
 
     private static final Trace LOGGER = TraceManager.getTrace(AttributeVerificationProvider.class);
 
-    @Autowired
-    private AuthenticationEvaluator<AttributeVerificationAuthenticationContext> authenticationEvaluator;
+    @Autowired public AttributeVerificationEvaluatorImpl authenticationEvaluator;
 
     @Override
-    protected AuthenticationEvaluator<AttributeVerificationAuthenticationContext> getEvaluator() {
+    protected AttributeVerificationEvaluatorImpl getEvaluator() {
         return authenticationEvaluator;
     }