adding support of logout for oidc auth module (MID-7488)

Evolveum · Jan 3, 2022 · 29bc4a5 · 29bc4a5
1 parent 040b97a
commit 29bc4a5
Show file tree

Hide file tree

Showing 27 changed files with 445 additions and 143 deletions.
diff --git a/...rc/main/java/com/evolveum/midpoint/authentication/api/ModuleWebSecurityConfiguration.java b/...rc/main/java/com/evolveum/midpoint/authentication/api/ModuleWebSecurityConfiguration.java
@@ -32,15 +32,15 @@ public interface ModuleWebSecurityConfiguration {
 
     List<AuthenticationProvider> getAuthenticationProviders();
 
-    String getPrefixOfSequence();
+    String getSequenceSuffix();
 
-    void setPrefixOfSequence(String prefixOfSequence);
+    void setSequenceSuffix(String sequenceSuffix);
 
     String getNameOfModule();
 
     void setNameOfModule(String nameOfModule);
 
-    String getPrefix();
+    String getPrefixOfModule();
 
     String getSpecificLoginUrl();
 

diff --git a/...evolveum/midpoint/authentication/impl/factory/module/AbstractCredentialModuleFactory.java b/...evolveum/midpoint/authentication/impl/factory/module/AbstractCredentialModuleFactory.java
@@ -40,7 +40,7 @@ public abstract class AbstractCredentialModuleFactory<C extends ModuleWebSecurit
 
     @Override
     public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType,
-            String prefixOfSequence, ServletRequest request, Map<Class<?>, Object> sharedObjects,
+            String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects,
             AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy,
             AuthenticationChannel authenticationChannel) throws Exception {
 
@@ -51,7 +51,7 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType
 
         isSupportedChannel(authenticationChannel);
 
-        C configuration = createConfiguration(moduleType, prefixOfSequence, authenticationChannel);
+        C configuration = createConfiguration(moduleType, sequenceSuffix, authenticationChannel);
 
         configuration.addAuthenticationProvider(
                 getProvider((AbstractCredentialAuthenticationModuleType) moduleType, credentialPolicy));

diff --git a/.../java/com/evolveum/midpoint/authentication/impl/factory/module/AbstractModuleFactory.java b/.../java/com/evolveum/midpoint/authentication/impl/factory/module/AbstractModuleFactory.java
@@ -52,7 +52,7 @@ public ObjectPostProcessor<Object> getObjectObjectPostProcessor() {
 
     public abstract boolean match(AbstractAuthenticationModuleType moduleType);
 
-    public abstract AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String prefixOfSequence,
+    public abstract AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix,
                                                   ServletRequest request, Map<Class<?>, Object> sharedObjects,
                                                   AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy,
                                                   AuthenticationChannel authenticationChannel) throws Exception;

diff --git a/...java/com/evolveum/midpoint/authentication/impl/factory/module/HttpBasicModuleFactory.java b/...java/com/evolveum/midpoint/authentication/impl/factory/module/HttpBasicModuleFactory.java
@@ -35,7 +35,7 @@ public boolean match(AbstractAuthenticationModuleType moduleType) {
     @Override
     protected ModuleWebSecurityConfiguration createConfiguration(AbstractAuthenticationModuleType moduleType, String prefixOfSequence, AuthenticationChannel authenticationChannel) {
         ModuleWebSecurityConfigurationImpl configuration = ModuleWebSecurityConfigurationImpl.build(moduleType,prefixOfSequence);
-        configuration.setPrefixOfSequence(prefixOfSequence);
+        configuration.setSequenceSuffix(prefixOfSequence);
         return configuration;
     }
 
@@ -57,7 +57,7 @@ protected Class<? extends CredentialPolicyType> supportedClass() {
     @Override
     protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, ModuleWebSecurityConfiguration configuration) {
         HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(AuthenticationModuleNameConstants.HTTP_BASIC);
-        moduleAuthentication.setPrefix(configuration.getPrefix());
+        moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
         moduleAuthentication.setCredentialName(((AbstractPasswordAuthenticationModuleType)moduleType).getCredentialName());
         moduleAuthentication.setCredentialType(supportedClass());
         moduleAuthentication.setNameOfModule(configuration.getNameOfModule());

diff --git a/...va/com/evolveum/midpoint/authentication/impl/factory/module/HttpClusterModuleFactory.java b/...va/com/evolveum/midpoint/authentication/impl/factory/module/HttpClusterModuleFactory.java
@@ -40,11 +40,11 @@ public boolean match(AbstractAuthenticationModuleType moduleType) {
     }
 
     @Override
-    public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String prefixOfSequence,
+    public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix,
                                          ServletRequest request, Map<Class<?>, Object> sharedObjects,
                                          AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
 
-        ModuleWebSecurityConfiguration configuration = createConfiguration(moduleType, prefixOfSequence);
+        ModuleWebSecurityConfiguration configuration = createConfiguration(moduleType, sequenceSuffix);
 
         configuration.addAuthenticationProvider(createProvider());
 
@@ -59,7 +59,7 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType
 
     private ModuleWebSecurityConfiguration createConfiguration(AbstractAuthenticationModuleType moduleType, String prefixOfSequence) {
         ModuleWebSecurityConfigurationImpl configuration = ModuleWebSecurityConfigurationImpl.build(moduleType,prefixOfSequence);
-        configuration.setPrefixOfSequence(prefixOfSequence);
+        configuration.setSequenceSuffix(prefixOfSequence);
         return configuration;
     }
 
@@ -73,7 +73,7 @@ private AuthenticationProvider createProvider() {
 
     private ModuleAuthenticationImpl createEmptyModuleAuthentication(ModuleWebSecurityConfiguration configuration) {
         ModuleAuthenticationImpl moduleAuthentication = new ModuleAuthenticationImpl(AuthenticationModuleNameConstants.CLUSTER);
-        moduleAuthentication.setPrefix(configuration.getPrefix());
+        moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
         moduleAuthentication.setNameOfModule(configuration.getNameOfModule());
         return moduleAuthentication;
     }

diff --git a/...ava/com/evolveum/midpoint/authentication/impl/factory/module/HttpHeaderModuleFactory.java b/...ava/com/evolveum/midpoint/authentication/impl/factory/module/HttpHeaderModuleFactory.java
@@ -45,7 +45,7 @@ public boolean match(AbstractAuthenticationModuleType moduleType) {
     }
 
     @Override
-    public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String prefixOfSequence, ServletRequest request,
+    public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request,
                                          Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
         if (!(moduleType instanceof HttpHeaderAuthenticationModuleType)) {
             LOGGER.error("This factory support only HttpHeaderAuthenticationModuleType, but modelType is " + moduleType);
@@ -54,7 +54,7 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType
 
         isSupportedChannel(authenticationChannel);
         HttpHeaderAuthenticationModuleType httpModuleType = (HttpHeaderAuthenticationModuleType) moduleType;
-        HttpHeaderModuleWebSecurityConfiguration configuration = HttpHeaderModuleWebSecurityConfiguration.build(httpModuleType, prefixOfSequence);
+        HttpHeaderModuleWebSecurityConfiguration configuration = HttpHeaderModuleWebSecurityConfiguration.build(httpModuleType, sequenceSuffix);
         configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new PasswordProvider()));
         HttpHeaderModuleWebSecurityConfigurer<HttpHeaderModuleWebSecurityConfiguration> module =
                 getObjectObjectPostProcessor().postProcess(new HttpHeaderModuleWebSecurityConfigurer<>(configuration));
@@ -69,7 +69,7 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType
 
     private ModuleAuthenticationImpl createEmptyModuleAuthentication(ModuleWebSecurityConfigurationImpl configuration) {
         HttpHeaderModuleAuthentication moduleAuthentication = new HttpHeaderModuleAuthentication();
-        moduleAuthentication.setPrefix(configuration.getPrefix());
+        moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
         moduleAuthentication.setNameOfModule(configuration.getNameOfModule());
         return moduleAuthentication;
     }

diff --git a/...olveum/midpoint/authentication/impl/factory/module/HttpSecurityQuestionModuleFactory.java b/...olveum/midpoint/authentication/impl/factory/module/HttpSecurityQuestionModuleFactory.java
@@ -35,7 +35,7 @@ public boolean match(AbstractAuthenticationModuleType moduleType) {
     @Override
     protected ModuleWebSecurityConfiguration createConfiguration(AbstractAuthenticationModuleType moduleType, String prefixOfSequence, AuthenticationChannel authenticationChannel) {
         ModuleWebSecurityConfigurationImpl configuration = ModuleWebSecurityConfigurationImpl.build(moduleType,prefixOfSequence);
-        configuration.setPrefixOfSequence(prefixOfSequence);
+        configuration.setSequenceSuffix(prefixOfSequence);
         return configuration;
     }
 
@@ -57,7 +57,7 @@ protected Class<? extends CredentialPolicyType> supportedClass() {
     @Override
     protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType, ModuleWebSecurityConfiguration configuration) {
         HttpModuleAuthentication moduleAuthentication = new HttpModuleAuthentication(AuthenticationModuleNameConstants.SECURITY_QUESTIONS);
-        moduleAuthentication.setPrefix(configuration.getPrefix());
+        moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
         moduleAuthentication.setCredentialName(((AbstractCredentialAuthenticationModuleType)moduleType).getCredentialName());
         moduleAuthentication.setCredentialType(supportedClass());
         moduleAuthentication.setNameOfModule(configuration.getNameOfModule());

diff --git a/...main/java/com/evolveum/midpoint/authentication/impl/factory/module/LdapModuleFactory.java b/...main/java/com/evolveum/midpoint/authentication/impl/factory/module/LdapModuleFactory.java
@@ -24,13 +24,11 @@
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.security.ldap.authentication.BindAuthenticator;
 import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
-import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.stereotype.Component;
 
@@ -63,7 +61,7 @@ public boolean match(AbstractAuthenticationModuleType moduleType) {
     }
 
     @Override
-    public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String prefixOfSequence,
+    public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix,
             ServletRequest request, Map<Class<?>, Object> sharedObjects,
             AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
 
@@ -74,8 +72,8 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType
 
         isSupportedChannel(authenticationChannel);
 
-        LdapModuleWebSecurityConfiguration configuration = LdapModuleWebSecurityConfiguration.build(moduleType, prefixOfSequence);
-        configuration.setPrefixOfSequence(prefixOfSequence);
+        LdapModuleWebSecurityConfiguration configuration = LdapModuleWebSecurityConfiguration.build(moduleType, sequenceSuffix);
+        configuration.setSequenceSuffix(sequenceSuffix);
 
         configuration.addAuthenticationProvider(getProvider((LdapAuthenticationModuleType)moduleType));
 
@@ -128,7 +126,7 @@ private LdapWebSecurityConfigurer<LdapModuleWebSecurityConfiguration> createModu
     protected ModuleAuthenticationImpl createEmptyModuleAuthentication(LdapAuthenticationModuleType moduleType,
                                                                    ModuleWebSecurityConfiguration configuration) {
         LdapModuleAuthentication moduleAuthentication = new LdapModuleAuthentication();
-        moduleAuthentication.setPrefix(configuration.getPrefix());
+        moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
         if (moduleType.getSearch() != null) {
             moduleAuthentication.setNamingAttribute(moduleType.getSearch().getNamingAttr());
         }

diff --git a/.../com/evolveum/midpoint/authentication/impl/factory/module/LoginFormModuleFactoryImpl.java b/.../com/evolveum/midpoint/authentication/impl/factory/module/LoginFormModuleFactoryImpl.java
@@ -33,7 +33,7 @@ public boolean match(AbstractAuthenticationModuleType moduleType) {
     @Override
     protected LoginFormModuleWebSecurityConfiguration createConfiguration(AbstractAuthenticationModuleType moduleType, String prefixOfSequence, AuthenticationChannel authenticationChannel) {
         LoginFormModuleWebSecurityConfiguration configuration = LoginFormModuleWebSecurityConfiguration.build(moduleType,prefixOfSequence);
-        configuration.setPrefixOfSequence(prefixOfSequence);
+        configuration.setSequenceSuffix(prefixOfSequence);
         return configuration;
     }
 
@@ -56,7 +56,7 @@ protected Class<? extends CredentialPolicyType> supportedClass() {
     protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType,
             LoginFormModuleWebSecurityConfiguration configuration) {
         LoginFormModuleAuthenticationImpl moduleAuthentication = new LoginFormModuleAuthenticationImpl();
-        moduleAuthentication.setPrefix(configuration.getPrefix());
+        moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
         moduleAuthentication.setCredentialName(((AbstractCredentialAuthenticationModuleType)moduleType).getCredentialName());
         moduleAuthentication.setCredentialType(supportedClass());
         moduleAuthentication.setNameOfModule(configuration.getNameOfModule());

diff --git a/...java/com/evolveum/midpoint/authentication/impl/factory/module/MailNonceModuleFactory.java b/...java/com/evolveum/midpoint/authentication/impl/factory/module/MailNonceModuleFactory.java
@@ -34,7 +34,7 @@ public boolean match(AbstractAuthenticationModuleType moduleType) {
     @Override
     protected ModuleWebSecurityConfiguration createConfiguration(AbstractAuthenticationModuleType moduleType, String prefixOfSequence, AuthenticationChannel authenticationChannel) {
         ModuleWebSecurityConfigurationImpl configuration = ModuleWebSecurityConfigurationImpl.build(moduleType,prefixOfSequence);
-        configuration.setPrefixOfSequence(prefixOfSequence);
+        configuration.setSequenceSuffix(prefixOfSequence);
         configuration.setSpecificLoginUrl(authenticationChannel.getSpecificLoginUrl());
         return configuration;
     }
@@ -59,7 +59,7 @@ protected Class<? extends CredentialPolicyType> supportedClass() {
     protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType moduleType,
                                                                    ModuleWebSecurityConfiguration configuration) {
         MailNonceModuleAuthenticationImpl moduleAuthentication = new MailNonceModuleAuthenticationImpl();
-        moduleAuthentication.setPrefix(configuration.getPrefix());
+        moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
         moduleAuthentication.setCredentialName(((AbstractCredentialAuthenticationModuleType)moduleType).getCredentialName());
         moduleAuthentication.setCredentialType(supportedClass());
         moduleAuthentication.setNameOfModule(configuration.getNameOfModule());

diff --git a/...main/java/com/evolveum/midpoint/authentication/impl/factory/module/OidcModuleFactory.java b/...main/java/com/evolveum/midpoint/authentication/impl/factory/module/OidcModuleFactory.java
@@ -42,7 +42,7 @@ public boolean match(AbstractAuthenticationModuleType moduleType) {
     }
 
     @Override
-    public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String prefixOfSequence, ServletRequest request,
+    public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request,
                                          Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
         if (!(moduleType instanceof OidcAuthenticationModuleType)) {
             LOGGER.error("This factory support only OidcAuthenticationModuleType, but modelType is " + moduleType);
@@ -53,8 +53,8 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType
 
         OidcModuleWebSecurityConfiguration.setProtector(getProtector());
         OidcModuleWebSecurityConfiguration configuration = OidcModuleWebSecurityConfiguration.build(
-                (OidcAuthenticationModuleType)moduleType, prefixOfSequence, getPublicUrlPrefix(request), request);
-        configuration.setPrefixOfSequence(prefixOfSequence);
+                (OidcAuthenticationModuleType)moduleType, sequenceSuffix, getPublicUrlPrefix(request), request);
+        configuration.setSequenceSuffix(sequenceSuffix);
         configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new OidcProvider()));
 
         OidcModuleWebSecurityConfigurer<OidcModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(
@@ -74,7 +74,7 @@ public ModuleAuthenticationImpl createEmptyModuleAuthentication(OidcModuleWebSec
         List<IdentityProvider> providers = new ArrayList<>();
         configuration.getClientRegistrationRepository().forEach(
                 client -> {
-                    String authRequestPrefixUrl = "/midpoint" + configuration.getPrefix() + OidcModuleAuthenticationImpl.AUTHORIZATION_REQUEST_PROCESSING_URL_SUFFIX_WITH_REG_ID;
+                    String authRequestPrefixUrl = "/midpoint" + configuration.getPrefixOfModule() + OidcModuleAuthenticationImpl.AUTHORIZATION_REQUEST_PROCESSING_URL_SUFFIX_WITH_REG_ID;
                     IdentityProvider mp = new IdentityProvider()
                                 .setLinkText(client.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())
                                 .setRedirectLink(authRequestPrefixUrl.replace("{registrationId}", client.getRegistrationId()));
@@ -84,7 +84,7 @@ public ModuleAuthenticationImpl createEmptyModuleAuthentication(OidcModuleWebSec
         moduleAuthentication.setClientsRepository(configuration.getClientRegistrationRepository());
         moduleAuthentication.setProviders(providers);
         moduleAuthentication.setNameOfModule(configuration.getNameOfModule());
-        moduleAuthentication.setPrefix(configuration.getPrefix());
+        moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
         return moduleAuthentication;
     }
 }
diff --git a/...ain/java/com/evolveum/midpoint/authentication/impl/factory/module/OtherModuleFactory.java b/...ain/java/com/evolveum/midpoint/authentication/impl/factory/module/OtherModuleFactory.java
@@ -37,7 +37,7 @@ public boolean match(AbstractAuthenticationModuleType module) {
     }
 
     @Override
-    public AuthModule createModuleFilter(AbstractAuthenticationModuleType module, String prefixOfSequence, ServletRequest request,
+    public AuthModule createModuleFilter(AbstractAuthenticationModuleType module, String sequenceSuffix, ServletRequest request,
             Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy,
             CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
 
@@ -53,7 +53,7 @@ public AuthModule createModuleFilter(AbstractAuthenticationModuleType module, St
         Class<AbstractModuleFactory> factoryClazz = (Class) Class.forName(factoryClass);
         AbstractModuleFactory factory = applicationContext.getBean(factoryClazz);
 
-        return factory.createModuleFilter(module, prefixOfSequence, request, sharedObjects,
+        return factory.createModuleFilter(module, sequenceSuffix, request, sharedObjects,
                 authenticationsPolicy, credentialPolicy, authenticationChannel);
     }
 }