Merge branch 'feature/forgot-username' of github.com:Evolveum/midpoin…

…t into feature/forgot-username

* 'feature/forgot-username' of github.com:Evolveum/midpoint:
  adding comments for authentication module

model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/ModuleWebSecurityConfiguration.java

@@ -11,7 +11,8 @@
 import org.springframework.security.authentication.AuthenticationProvider;
 
 /**
- * Define configuration for authentication module
+ * Define configuration for authentication module, contains all variables which we need for creating authentication filters
+ * for module and all component which authentication modules uses.
  *
  * @author skublik
  */

model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/config/MidpointAuthentication.java

@@ -37,7 +37,10 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
 
 /**
- * wrapper for all authentication modules, basic authentication token
+ * Authentication token on top of hierarchy.
+ * Wrapper for all authentication modules.
+ * Contains method and variables for finding out the current status of authentication.
+ * Also contains method and variables for easy recovery of authentication flow.
  *
  * @author skublik
  */

model/authentication-api/src/main/java/com/evolveum/midpoint/authentication/api/config/ModuleAuthentication.java

@@ -18,9 +18,14 @@
 import javax.xml.namespace.QName;
 
 /**
- * Wrapper for authentication module, provide all information about actual state
+ * Wrapper for authentication module, provide all information about actual state and
+ * contains method that help during authentication and maybe specific for current authentication module.
  *
- * wrapps authentication sequence module and add attributes such as state
+ * This class contains {@link Authentication} that can be token that define midPoint or token defined by spring security.
+ * This token is generated by providers and contains basic information about authenticated object
+ * for current authentication module, in most cases we need this token for logout.
+ *
+ * This class wraps necessity sequence module and add attributes such as state.
  *
  * @author skublik
  */

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/configuration/InitialSecurityConfiguration.java

@@ -19,6 +19,9 @@
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.core.session.SessionRegistry;
 
+/**
+ * Class with configuration that we need before we start creating of authentication filters.
+ */
 @Configuration
 public class InitialSecurityConfiguration {
 

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/configuration/MidpointWebSecurityConfigurerAdapter.java → model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/configuration/SecurityConfigurer.java

@@ -59,13 +59,16 @@
 import java.util.Map;
 
 /**
+ * Class with basic components for authentication filters.
+ * Also this class contains configuration for path which ignore authentication.
+ *
  * @author skublik
  */
 @Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
 @Configuration
 @EnableWebSecurity
 @DependsOn("initialSecurityConfiguration")
-public class MidpointWebSecurityConfigurerAdapter {//extends WebSecurityConfigurerAdapter {
+public class SecurityConfigurer {
 
     @Autowired
     private AuthChannelRegistryImpl authChannelRegistry;
@@ -79,20 +82,14 @@ public class MidpointWebSecurityConfigurerAdapter {//extends WebSecurityConfigur
     private ObjectPostProcessor<Object> objectObjectPostProcessor;
     private ContentNegotiationStrategy contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
 
-//    public MidpointWebSecurityConfigurerAdapter() {
-//        super(true);
-//    }
-
     @Autowired(required = false)
     void setContentNegotiationStrategy(ContentNegotiationStrategy contentNegotiationStrategy) {
         this.contentNegotiationStrategy = contentNegotiationStrategy;
     }
 
-//    @Override
     @Autowired
     public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
         this.objectObjectPostProcessor = objectPostProcessor;
-//        super.setObjectPostProcessor(objectPostProcessor);
     }
 
     @Bean
@@ -130,7 +127,6 @@ public AuthenticationEntryPoint authenticationEntryPoint() {
     }
 
 
-//    @Override
     @Bean
     @SessionAndRequestScope
     protected MidpointProviderManager authenticationManager() throws Exception {
@@ -161,29 +157,6 @@ public WebSecurityCustomizer webSecurityCustomizer() {
         };
     }
 
-//    @Override
-//    public void configure(WebSecurity web) throws Exception {
-//        super.configure(web);
-//        // Web (SOAP) services
-//        web.ignoring().antMatchers("/model/**");
-//
-//        // Special intra-cluster service to download and delete report outputs
-//        web.ignoring().antMatchers("/report");
-//
-//        web.ignoring().antMatchers("/js/**");
-//        web.ignoring().antMatchers("/css/**");
-//        web.ignoring().antMatchers("/img/**");
-//        web.ignoring().antMatchers("/fonts/**");
-//
-//        web.ignoring().antMatchers("/static/**");
-//        web.ignoring().antMatchers("/static-web/**");
-//        web.ignoring().antMatchers("/less/**");
-//
-//        web.ignoring().antMatchers("/wicket/resource/**");
-//
-//        web.ignoring().antMatchers("/favicon.ico");
-//    }
-
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.setSharedObject(AuthenticationTrustResolverImpl.class, new MidpointAuthenticationTrustResolverImpl());
@@ -217,22 +190,6 @@ private Map<Class<?>, Object> createSharedObjects() {
         return sharedObjects;
     }
 
-//    @Override
-//    protected void configure(HttpSecurity http) throws Exception {
-//        http.setSharedObject(AuthenticationTrustResolverImpl.class, new MidpointAuthenticationTrustResolverImpl());
-//        http.addFilter(new WebAsyncManagerIntegrationFilter())
-//                .sessionManagement().and()
-//                .securityContext();
-//        http.apply(new AuthFilterConfigurer());
-//
-//        createSessionContextRepository(http);
-//
-//        http.sessionManagement()
-//                .maximumSessions(-1)
-//                .sessionRegistry(sessionRegistry)
-//                .maxSessionsPreventsLogin(true);
-//    }
-
     private void createSessionContextRepository(HttpSecurity http) {
         HttpSessionSecurityContextRepository httpSecurityRepository = new HttpSessionSecurityContextRepository() {
             @Override

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/entry/point/HttpAuthenticationEntryPoint.java

@@ -52,7 +52,7 @@ public void commence(
 
     private String getRealmForHeader(ModuleAuthentication moduleAuthentication, AuthenticationException authException) {
         if (moduleAuthentication instanceof HttpModuleAuthentication) {
-            return ((HttpModuleAuthentication) moduleAuthentication).getRealmFroHeader(authException);
+            return ((HttpModuleAuthentication) moduleAuthentication).getRealmFromHeader(authException);
         }
         return moduleAuthentication.getModuleTypeName() +" realm=\"" + DEFAULT_REALM + "\"";
     }

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/factory/module/OidcClientModuleFactory.java

@@ -65,7 +65,6 @@ protected ModuleAuthenticationImpl createEmptyModuleAuthentication(OidcAuthentic
                     request, configuration, client.getClientName());
             providers.add(provider);
         }
-        moduleAuthentication.setClientsRepository(configuration.getClientRegistrationRepository());
         moduleAuthentication.setProviders(providers);
         moduleAuthentication.setNameOfModule(configuration.getModuleIdentifier());
         moduleAuthentication.setPrefix(configuration.getPrefixOfModule());

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/authentication/HttpModuleAuthentication.java

@@ -59,7 +59,7 @@ protected void clone(ModuleAuthenticationImpl module) {
         super.clone(module);
     }
 
-    public String getRealmFroHeader(AuthenticationException authException) {
+    public String getRealmFromHeader(AuthenticationException authException) {
         String realm = StringUtils.isNotBlank(getRealm()) ? getRealm() : HttpAuthenticationEntryPoint.DEFAULT_REALM;
         return AuthUtil.resolveTokenTypeByModuleType(getModuleTypeName()) +" realm=\"" + realm + "\"";
     }

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/authentication/OidcClientModuleAuthenticationImpl.java

@@ -31,26 +31,15 @@
 
 public class OidcClientModuleAuthenticationImpl extends RemoteModuleAuthenticationImpl implements RemoteModuleAuthentication, Serializable {
 
-    private InMemoryClientRegistrationRepository clientsRepository;
-
     public OidcClientModuleAuthenticationImpl(AuthenticationSequenceModuleType sequenceModule) {
         super(AuthenticationModuleNameConstants.OIDC, sequenceModule);
         setType(ModuleType.REMOTE);
         setState(AuthenticationModuleState.LOGIN_PROCESSING);
     }
 
-    public InMemoryClientRegistrationRepository getClientsRepository() {
-        return clientsRepository;
-    }
-
-    public void setClientsRepository(InMemoryClientRegistrationRepository clientsRepository) {
-        this.clientsRepository = clientsRepository;
-    }
-
     @Override
     public ModuleAuthenticationImpl clone() {
         OidcClientModuleAuthenticationImpl module = new OidcClientModuleAuthenticationImpl(this.getSequenceModule());
-        module.setClientsRepository(this.getClientsRepository());
         module.setProviders(this.getProviders());
         Authentication actualAuth = SecurityContextHolder.getContext().getAuthentication();
         Authentication newAuthentication = this.getAuthentication();

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/authentication/OidcResourceServerModuleAuthentication.java

@@ -8,8 +8,6 @@
 
 import com.evolveum.midpoint.authentication.api.util.AuthenticationModuleNameConstants;
 
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleNecessityType;
-
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
 
 import org.springframework.security.core.AuthenticationException;
@@ -37,7 +35,7 @@ public ModuleAuthenticationImpl clone() {
         return module;
     }
 
-    public String getRealmFroHeader(AuthenticationException authException) {
+    public String getRealmFromHeader(AuthenticationException authException) {
         Map<String, String> parameters = new LinkedHashMap<>();
         if (authException instanceof OAuth2AuthenticationException) {
             OAuth2Error error = ((OAuth2AuthenticationException)authException).getError();
@@ -57,7 +55,7 @@ public String getRealmFroHeader(AuthenticationException authException) {
                 }
             }
         }
-        StringBuilder wwwAuthenticate = new StringBuilder(super.getRealmFroHeader(authException));
+        StringBuilder wwwAuthenticate = new StringBuilder(super.getRealmFromHeader(authException));
         if (!parameters.isEmpty()) {
             parameters.forEach((key, value) -> {
                 wwwAuthenticate.append(", ");

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/ModuleWebSecurityConfigurer.java

@@ -51,6 +51,10 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
 
 /**
+ * Configurer uses {@link ModuleWebSecurityConfiguration} for direct or indirect creation of authentication filter.
+ * Indirectly, because contains method {@link ModuleWebSecurityConfigurer#configure(HttpSecurity)} that,
+ * in addition to creating filters directly, create configurers for creating filter during building of {@link HttpSecurity}.
+ *
  * @author skublik
  */