authentication evaluator refactoring

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageResetPasswordConfirmation.java

@@ -12,6 +12,7 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import com.evolveum.midpoint.model.impl.security.NonceAuthenticationContext;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.schema.result.OperationResultStatus;
@@ -117,8 +118,8 @@ private UsernamePasswordAuthenticationToken authenticateUser(String username, St
 		ConnectionEnvironment connEnv = new ConnectionEnvironment();
 		connEnv.setChannel(SchemaConstants.CHANNEL_GUI_SELF_REGISTRATION_URI);
 		try {
-			return getAuthenticationEvaluator().authenticateUserNonce(connEnv, username,
-					nonce, getResetPasswordPolicy().getNoncePolicy());
+			return getAuthenticationEvaluator().authenticate(connEnv, new NonceAuthenticationContext(username,
+					nonce, getResetPasswordPolicy().getNoncePolicy()));
 		} catch (AuthenticationException ex) {
 			getSession()
 					.error(getString(ex.getMessage()));

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageRegistrationBase.java

@@ -5,6 +5,7 @@
 
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.model.impl.security.NonceAuthenticationContext;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.task.api.Task;
@@ -22,10 +23,10 @@ public class PageRegistrationBase extends PageBase {
 	private static final String DOT_CLASS = PageRegistrationBase.class.getName() + ".";
 	private static final String OPERATION_GET_SECURITY_POLICY = DOT_CLASS + "getSecurityPolicy";
 
-	private static final Trace LOGGER = TraceManager.getTrace(PageSelfRegistration.class);
+	private static final Trace LOGGER = TraceManager.getTrace(PageRegistrationBase.class);
 
-	@SpringBean(name = "authenticationEvaluator")
-	private AuthenticationEvaluator authenticationEvaluator;
+	@SpringBean(name = "nonceAuthenticationEvaluator")
+	private AuthenticationEvaluator<NonceAuthenticationContext> authenticationEvaluator;
 
 	private ResetPolicyDto resetPasswordPolicy;
 	private SelfRegistrationDto selfRegistrationDto;
@@ -119,7 +120,7 @@ public ResetPolicyDto getResetPasswordPolicy() {
 		return resetPasswordPolicy;
 	}
 
-	public AuthenticationEvaluator getAuthenticationEvaluator() {
+	public AuthenticationEvaluator<NonceAuthenticationContext> getAuthenticationEvaluator() {
 		return authenticationEvaluator;
 	}
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageRegistrationConfirmation.java

@@ -15,6 +15,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
+import com.evolveum.midpoint.model.impl.security.NonceAuthenticationContext;
 import com.evolveum.midpoint.prism.delta.ContainerDelta;
 import com.evolveum.midpoint.prism.delta.ItemDelta;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;
@@ -117,8 +118,8 @@ private UsernamePasswordAuthenticationToken authenticateUser(String username, St
 		ConnectionEnvironment connEnv = new ConnectionEnvironment();
 		connEnv.setChannel(SchemaConstants.CHANNEL_GUI_SELF_REGISTRATION_URI);
 		try {
-			return getAuthenticationEvaluator().authenticateUserNonce(connEnv, username,
-					nonce, getSelfRegistrationConfiguration().getNoncePolicy());
+			return getAuthenticationEvaluator().authenticate(connEnv, new NonceAuthenticationContext( username,
+					nonce, getSelfRegistrationConfiguration().getNoncePolicy()));
 		} catch (AuthenticationException ex) {
 			getSession()
 					.error(getString(ex.getMessage()));

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointAuthenticationProvider.java

@@ -26,6 +26,7 @@
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
 import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.model.impl.security.PasswordAuthenticationContext;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;
@@ -41,7 +42,7 @@ public class MidPointAuthenticationProvider implements AuthenticationProvider {
 	private static final Trace LOGGER = TraceManager.getTrace(MidPointAuthenticationProvider.class);
 
 	@Autowired
-	private transient AuthenticationEvaluator authenticationEvaluator;
+	private transient AuthenticationEvaluator<PasswordAuthenticationContext> passwordAuthenticationEvaluator;
 
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
@@ -54,9 +55,9 @@ public Authentication authenticate(Authentication authentication) throws Authent
 		Authentication token;
 		if (authentication instanceof UsernamePasswordAuthenticationToken) {
 			String enteredPassword = (String) authentication.getCredentials();
-			token = authenticationEvaluator.authenticateUserPassword(connEnv, enteredUsername, enteredPassword);
+			token = passwordAuthenticationEvaluator.authenticate(connEnv, new PasswordAuthenticationContext(enteredUsername, enteredPassword));
 		} else if (authentication instanceof PreAuthenticatedAuthenticationToken) {
-			token = authenticationEvaluator.authenticateUserPreAuthenticated(connEnv, enteredUsername);
+			token = passwordAuthenticationEvaluator.authenticateUserPreAuthenticated(connEnv, enteredUsername);
 		} else {
 			LOGGER.error("Unsupported authentication {}", authentication);
 			throw new AuthenticationServiceException("web.security.provider.unavailable");

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java

@@ -58,7 +58,6 @@
  * @author semancik
  *
  */
-@Component("authenticationEvaluator")
 public abstract class AuthenticationEvaluatorImpl<C extends AbstractCredentialType, T extends AbstractAuthenticationContext> implements AuthenticationEvaluator<T> {
 
 	private static final Trace LOGGER = TraceManager.getTrace(AuthenticationEvaluatorImpl.class);

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticationHandler.java

@@ -24,14 +24,10 @@
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 
-import com.evolveum.midpoint.model.impl.util.RestServiceUtil;
-import com.evolveum.midpoint.prism.PrismObject;
-
 import org.apache.commons.lang.StringUtils;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
-import org.apache.http.protocol.RequestContent;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
@@ -46,6 +42,8 @@
 import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.ModelService;
 import com.evolveum.midpoint.model.impl.ModelRestService;
+import com.evolveum.midpoint.model.impl.util.RestServiceUtil;
+import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.result.OperationResult;
 import com.evolveum.midpoint.security.api.AuthorizationConstants;
@@ -72,7 +70,7 @@ public class MidpointRestAuthenticationHandler implements ContainerRequestFilter
 	private static final Trace LOGGER = TraceManager.getTrace(MidpointRestAuthenticationHandler.class);
 
 	@Autowired(required=true)
-	private AuthenticationEvaluator authenticationEvaluator;
+	private AuthenticationEvaluator<PasswordAuthenticationContext> passwordAuthenticationEvaluator;
 
 	@Autowired(required = true)
 	private SecurityEnforcer securityEnforcer;
@@ -112,7 +110,7 @@ public void handleRequest(Message m, ContainerRequestContext requestCtx) {
         String enteredPassword = policy.getPassword();
         UsernamePasswordAuthenticationToken token;
         try {
-        	token = authenticationEvaluator.authenticateUserPassword(connEnv, enteredUsername, enteredPassword);
+        	token = passwordAuthenticationEvaluator.authenticate(connEnv, new PasswordAuthenticationContext(enteredUsername, enteredPassword));
         } catch (UsernameNotFoundException | BadCredentialsException e) {
         	LOGGER.trace("Exception while authenticating username '{}' to REST service: {}", enteredUsername, e.getMessage(), e);
         	requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic authentication failed. Cannot authenticate user.").build());

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/NonceAuthenticationEvaluatorImpl.java

@@ -3,6 +3,7 @@
 import org.apache.commons.lang.StringUtils;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.stereotype.Component;
 
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;
@@ -14,6 +15,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
 
+@Component("nonceAuthenticationEvaluator")
 public class NonceAuthenticationEvaluatorImpl extends AuthenticationEvaluatorImpl<NonceType, NonceAuthenticationContext>{
 
 

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/PasswordAuthenticationEvaluatorImpl.java

@@ -4,6 +4,7 @@
 import org.jetbrains.annotations.NotNull;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.stereotype.Component;
 
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;
@@ -15,6 +16,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
+@Component("passwordAuthenticationEvaluator")
 public class PasswordAuthenticationEvaluatorImpl extends AuthenticationEvaluatorImpl<PasswordType, PasswordAuthenticationContext>{
 
 	@Override

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/PasswordCallback.java

@@ -36,10 +36,10 @@ public class PasswordCallback implements CallbackHandler {
 
 	private static final Trace LOGGER = TraceManager.getTrace(PasswordCallback.class);
 
-    private AuthenticationEvaluatorImpl authenticationEvaluatorImpl;
+    private PasswordAuthenticationEvaluatorImpl passwordAuthenticationEvaluatorImpl;
 
-    public PasswordCallback(AuthenticationEvaluatorImpl authenticationEvaluatorImpl) {
-        this.authenticationEvaluatorImpl = authenticationEvaluatorImpl;
+    public PasswordCallback(PasswordAuthenticationEvaluatorImpl passwordAuthenticationEvaluatorImpl) {
+        this.passwordAuthenticationEvaluatorImpl = passwordAuthenticationEvaluatorImpl;
     }
 
     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
@@ -53,7 +53,7 @@ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallback
         try {
         	ConnectionEnvironment connEnv = new ConnectionEnvironment();
         	connEnv.setChannel(SchemaConstants.CHANNEL_WEB_SERVICE_URI);
-        	pc.setPassword(authenticationEvaluatorImpl.getAndCheckUserPassword(connEnv, username));
+        	pc.setPassword(passwordAuthenticationEvaluatorImpl.getAndCheckUserPassword(connEnv, username));
         } catch (Exception e) {
         	LOGGER.trace("Exception in password callback: {}: {}", e.getClass().getSimpleName(), e.getMessage(), e);
         	throw new PasswordCallbackException("Authentication failed");

model/model-impl/src/main/resources/ctx-model.xml

@@ -453,7 +453,7 @@
     </bean>
 
     <bean id="passwordCallback" class="com.evolveum.midpoint.model.impl.security.PasswordCallback">
-        <constructor-arg name="authenticationEvaluatorImpl" ref="authenticationEvaluator"/>
+        <constructor-arg name="passwordAuthenticationEvaluatorImpl" ref="passwordAuthenticationEvaluator"/>
     </bean>
 
     <!--Example of authorization for WS-->