fix for null sequence id while ldap authentication

Evolveum · Mar 24, 2023 · 288b4b1 · 288b4b1
1 parent 96b3c45
commit 288b4b1
Showing 1 changed file with 29 additions and 34 deletions.
diff --git a/...volveum/midpoint/authentication/impl/provider/MidPointAbstractAuthenticationProvider.java b/...volveum/midpoint/authentication/impl/provider/MidPointAbstractAuthenticationProvider.java
@@ -1,14 +1,24 @@
 /*
- * Copyright (C) 2010-2023 Evolveum and contributors
+ * Copyright (c) 2010-2017 Evolveum and contributors
  *
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
+
 package com.evolveum.midpoint.authentication.impl.provider;
 
 import java.util.Collection;
 import java.util.List;
 
+import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
+import com.evolveum.midpoint.security.api.ConnectionEnvironment;
+import com.evolveum.midpoint.security.api.MidPointPrincipal;
+import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
+import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
+import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
+
+import com.evolveum.midpoint.security.api.SecurityUtil;
+
 import org.jetbrains.annotations.NotNull;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -18,21 +28,14 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
 import com.evolveum.midpoint.authentication.api.config.AuthenticationEvaluator;
-import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
-import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
-import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
 import com.evolveum.midpoint.model.api.context.AbstractAuthenticationContext;
 import com.evolveum.midpoint.prism.PrismContext;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.delta.ItemDelta;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;
 import com.evolveum.midpoint.prism.equivalence.ParameterizedEquivalenceStrategy;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
-import com.evolveum.midpoint.security.api.ConnectionEnvironment;
-import com.evolveum.midpoint.security.api.MidPointPrincipal;
-import com.evolveum.midpoint.security.api.SecurityUtil;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
@@ -44,8 +47,7 @@
  * @author Radovan Semancik
  * @author skublik
  */
-public abstract class MidPointAbstractAuthenticationProvider<T extends AbstractAuthenticationContext>
-        implements AuthenticationProvider {
+public abstract class MidPointAbstractAuthenticationProvider<T extends AbstractAuthenticationContext> implements AuthenticationProvider {//}, MessageSourceAware {
 
     private static final Trace LOGGER = TraceManager.getTrace(MidPointAbstractAuthenticationProvider.class);
 
@@ -58,7 +60,7 @@ public Authentication authenticate(Authentication originalAuthentication) throws
         try {
             Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
             Authentication processingAuthentication = originalAuthentication;
-            if (isAnonymous(originalAuthentication)) {
+            if (isAnonymous(originalAuthentication)){
                 return originalAuthentication; // hack for specific situation when user is anonymous, but accessDecisionManager resolve it
             }
             processingAuthentication = initAuthRequirements(processingAuthentication, originalAuthentication, actualAuthentication,
@@ -71,8 +73,7 @@ public Authentication authenticate(Authentication originalAuthentication) throws
                 ModuleAuthenticationImpl moduleAuthentication = (ModuleAuthenticationImpl) getProcessingModule(mpAuthentication);
                 if (token.getPrincipal() instanceof MidPointPrincipal) {
                     MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
-                    token = createNewAuthenticationToken(token,
-                            mpAuthentication.getAuthenticationChannel().resolveAuthorities(principal.getAuthorities()));
+                    token = createNewAuthenticationToken(token, mpAuthentication.getAuthenticationChannel().resolveAuthorities(principal.getAuthorities()));
                 } else {
                     token = createNewAuthenticationToken(token, token.getAuthorities());
                 }
@@ -82,12 +83,10 @@ public Authentication authenticate(Authentication originalAuthentication) throws
             }
 
             return token;
-        } catch (AuthenticationException e) {
-            LOGGER.debug("Authentication error", e);
-            throw e;
+
         } catch (RuntimeException | Error e) {
             // Make sure to explicitly log all runtime errors here. Spring security is doing very poor job and does not log this properly.
-            LOGGER.error("Unexpected exception during authentication: {}", e.getMessage(), e);
+            LOGGER.error("Authentication (runtime) error: {}", e.getMessage(), e);
             throw e;
         }
     }
@@ -107,8 +106,7 @@ private Authentication initAuthRequirements(Authentication processingAuthenticat
             MidpointAuthentication mpAuthentication = (MidpointAuthentication) originalAuthentication;
             ModuleAuthentication moduleAuthentication = getProcessingModule(mpAuthentication);
             if (moduleAuthentication.getFocusType() != null) {
-                authRequirements.focusType = PrismContext.get().getSchemaRegistry()
-                        .determineCompileTimeClass(moduleAuthentication.getFocusType());
+                authRequirements.focusType = PrismContext.get().getSchemaRegistry().determineCompileTimeClass(moduleAuthentication.getFocusType());
             }
             authRequirements.requireAssignment = mpAuthentication.getSequence().getRequireAssignmentTarget();
             authRequirements.channel = mpAuthentication.getAuthenticationChannel();
@@ -117,17 +115,15 @@ private Authentication initAuthRequirements(Authentication processingAuthenticat
             MidpointAuthentication mpAuthentication = (MidpointAuthentication) actualAuthentication;
             ModuleAuthentication moduleAuthentication = getProcessingModule(mpAuthentication);
             if (moduleAuthentication != null && moduleAuthentication.getFocusType() != null) {
-                authRequirements.focusType = PrismContext.get().getSchemaRegistry()
-                        .determineCompileTimeClass(moduleAuthentication.getFocusType());
+                authRequirements.focusType = PrismContext.get().getSchemaRegistry().determineCompileTimeClass(moduleAuthentication.getFocusType());
             }
             authRequirements.requireAssignment = mpAuthentication.getSequence().getRequireAssignmentTarget();
             authRequirements.channel = mpAuthentication.getAuthenticationChannel();
         }
         return processingAuthentication;
     }
 
-    protected void writeAuthentication(Authentication originalAuthentication, MidpointAuthentication mpAuthentication,
-            ModuleAuthenticationImpl moduleAuthentication, Authentication token) {
+    protected void writeAuthentication(Authentication originalAuthentication, MidpointAuthentication mpAuthentication, ModuleAuthenticationImpl moduleAuthentication, Authentication token) {
         Object principal = token.getPrincipal();
         if (principal instanceof MidPointPrincipal) {
             mpAuthentication.setPrincipal(principal);
@@ -163,12 +159,10 @@ protected ConnectionEnvironment createEnvironment(AuthenticationChannel channel,
         return connEnv;
     }
 
-    protected abstract Authentication internalAuthentication(
-            Authentication authentication, List<ObjectReferenceType> requireAssignment,
+    protected abstract Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> requireAssignment,
             AuthenticationChannel channel, Class<? extends FocusType> focusType) throws AuthenticationException;
 
-    protected abstract Authentication createNewAuthenticationToken(
-            Authentication actualAuthentication, Collection<? extends GrantedAuthority> newAuthorities);
+    protected abstract Authentication createNewAuthenticationToken(Authentication actualAuthentication, Collection<? extends GrantedAuthority> newAuthorities);
 
     public boolean supports(Class<?> authenticationClass, Authentication authentication) {
         if (!(authentication instanceof MidpointAuthentication)) {
@@ -201,8 +195,7 @@ public boolean equals(Object obj) {
     }
 
     protected Collection<? extends ItemDelta<?, ?>> computeModifications(@NotNull FocusType before, @NotNull FocusType after) {
-        ObjectDelta<? extends FocusType> delta = ((PrismObject<FocusType>) before.asPrismObject())
-                .diff((PrismObject<FocusType>) after.asPrismObject(), ParameterizedEquivalenceStrategy.LITERAL);
+        ObjectDelta<? extends FocusType> delta = ((PrismObject<FocusType>) before.asPrismObject()).diff((PrismObject<FocusType>) after.asPrismObject(), ParameterizedEquivalenceStrategy.LITERAL);
         assert delta.isModify();
         return delta.getModifications();
     }
@@ -215,8 +208,7 @@ private static class AuthenticationRequirements {
 
     protected String getChannel() {
         Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
-        if (actualAuthentication instanceof MidpointAuthentication
-                && ((MidpointAuthentication) actualAuthentication).getAuthenticationChannel() != null) {
+        if (actualAuthentication instanceof MidpointAuthentication && ((MidpointAuthentication) actualAuthentication).getAuthenticationChannel() != null) {
             return ((MidpointAuthentication) actualAuthentication).getAuthenticationChannel().getChannelId();
         } else {
             return SchemaConstants.CHANNEL_USER_URI;
@@ -226,9 +218,12 @@ protected String getChannel() {
     protected ConnectionEnvironment createConnectEnvironment(String channel) {
         ConnectionEnvironment env = ConnectionEnvironment.create(channel);
         Authentication actualAuthentication = SecurityContextHolder.getContext().getAuthentication();
-        if (actualAuthentication instanceof MidpointAuthentication
-                && ((MidpointAuthentication) actualAuthentication).getSessionId() != null) {
-            env.setSessionIdOverride(((MidpointAuthentication) actualAuthentication).getSessionId());
+        if (actualAuthentication instanceof MidpointAuthentication) {
+            MidpointAuthentication mpAuthentication = (MidpointAuthentication) actualAuthentication;
+            if (mpAuthentication.getSessionId() != null) {
+                env.setSessionIdOverride(((MidpointAuthentication) actualAuthentication).getSessionId());
+            }
+            env.setSequenceIdentifier(mpAuthentication.getSequenceIdentifier());
         }
         return env;
     }