moving authentication evaluators from model-impl to authentication-im…

…pl (MID-7486)
Evolveum · Dec 10, 2021 · af2164e · af2164e
1 parent 59551e7
commit af2164e
Show file tree

Hide file tree

Showing 41 changed files with 445 additions and 126 deletions.
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageAuthenticationBase.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageAuthenticationBase.java
@@ -7,7 +7,7 @@
 package com.evolveum.midpoint.web.page.login;
 
 import com.evolveum.midpoint.gui.api.page.PageBase;
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.context.NonceAuthenticationContext;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismProperty;

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageRegistrationBase.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageRegistrationBase.java
@@ -12,7 +12,7 @@
 import org.apache.wicket.spring.injection.annot.SpringBean;
 
 import com.evolveum.midpoint.gui.api.page.PageBase;
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.context.NonceAuthenticationContext;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.result.OperationResult;

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAccountActivation.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAccountActivation.java
@@ -30,7 +30,7 @@
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
 import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;

diff --git a/model/authentication-api/pom.xml b/model/authentication-api/pom.xml
@@ -81,11 +81,10 @@
             <version>4.5-SNAPSHOT</version>
             <scope>compile</scope>
         </dependency>
+        <dependency>
+            <groupId>org.jetbrains</groupId>
+            <artifactId>annotations</artifactId>
+        </dependency>
 
-        <!--<dependency>-->
-        <!--    <groupId>com.evolveum.midpoint.repo</groupId>-->
-        <!--    <artifactId>task-api</artifactId>-->
-        <!--    <version>4.5-SNAPSHOT</version>-->
-        <!--</dependency>-->
     </dependencies>
 </project>
diff --git a/...nt/model/api/AuthenticationEvaluator.java → ...thentication/AuthenticationEvaluator.java b/...nt/model/api/AuthenticationEvaluator.java → ...thentication/AuthenticationEvaluator.java
@@ -4,7 +4,7 @@
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-package com.evolveum.midpoint.model.api;
+package com.evolveum.midpoint.authentication.api.authentication;
 
 import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
 

diff --git a/...java/com/evolveum/midpoint/authentication/api/authentication/NodeAuthenticationToken.java b/...java/com/evolveum/midpoint/authentication/api/authentication/NodeAuthenticationToken.java
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2010-2019 Evolveum and contributors
+ *
+ * This work is dual-licensed under the Apache License 2.0
+ * and European Union Public License. See LICENSE file for details.
+ */
+package com.evolveum.midpoint.authentication.api.authentication;
+
+import com.evolveum.midpoint.authentication.api.IdentityProvider;
+
+import java.util.List;
+
+/**
+ * @author skublik
+ */
+
+public interface NodeAuthenticationToken{
+}
diff --git a/model/authentication-impl/pom.xml b/model/authentication-impl/pom.xml
@@ -194,11 +194,31 @@
             <groupId>org.springframework</groupId>
             <artifactId>spring-tx</artifactId>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-autoconfigure</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-common</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>javax.ws.rs</groupId>
+            <artifactId>javax.ws.rs-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-rs-client</artifactId>
+        </dependency>
+
 
         <!-- Test -->
         <dependency>
@@ -255,6 +275,13 @@
             <version>4.5-SNAPSHOT</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.evolveum.midpoint.model</groupId>
+            <artifactId>model-impl</artifactId>
+            <version>4.5-SNAPSHOT</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>com.evolveum.midpoint.repo</groupId>
             <artifactId>repo-sql-impl</artifactId>

diff --git a/.../evolveum/midpoint/authentication/impl/security/configuration/BasicWebSecurityConfig.java b/.../evolveum/midpoint/authentication/impl/security/configuration/BasicWebSecurityConfig.java
@@ -64,7 +64,7 @@
 @Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
 @Configuration
 @EnableWebSecurity
-@DependsOn("securityConfiguration")
+@DependsOn("initialSecurityConfiguration")
 public class BasicWebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired

diff --git a/...midpoint/authentication/impl/security/configuration/MidpointWebSecurityConfiguration.java b/...midpoint/authentication/impl/security/configuration/MidpointWebSecurityConfiguration.java
@@ -29,7 +29,7 @@
  */
 
 @Configuration
-@DependsOn("securityConfiguration")
+@DependsOn("initialSecurityConfiguration")
 public class MidpointWebSecurityConfiguration extends WebSecurityConfiguration {
 
     @Autowired(required = false)

diff --git a/...security/AuthenticationEvaluatorImpl.java → ...valuator/AuthenticationEvaluatorImpl.java b/...security/AuthenticationEvaluatorImpl.java → ...valuator/AuthenticationEvaluatorImpl.java
@@ -4,13 +4,14 @@
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-package com.evolveum.midpoint.model.impl.security;
+package com.evolveum.midpoint.authentication.impl.security.evaluator;
 
 import java.util.Collection;
 
 import javax.xml.datatype.Duration;
 import javax.xml.datatype.XMLGregorianCalendar;
 
+import com.evolveum.midpoint.model.api.ModelAuditRecorder;
 import com.evolveum.midpoint.security.api.Authorization;
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;
@@ -26,6 +27,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.MessageSource;
 import org.springframework.context.MessageSourceAware;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.support.MessageSourceAccessor;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
@@ -40,7 +42,7 @@
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
 import com.evolveum.midpoint.common.Clock;
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipalManager;
 import com.evolveum.midpoint.model.api.context.AbstractAuthenticationContext;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;
@@ -69,14 +71,16 @@ public abstract class AuthenticationEvaluatorImpl<C extends AbstractCredentialTy
 
     @Autowired private Protector protector;
     @Autowired private Clock clock;
-    @Autowired private SecurityHelper securityHelper;
-
-    // Has to be package-private so the tests can manipulate it
-    @Autowired
-    GuiProfiledPrincipalManager focusProfileService;
+    @Autowired private ModelAuditRecorder securityHelper;
 
+    private GuiProfiledPrincipalManager focusProfileService;
     protected MessageSourceAccessor messages;
 
+    @Autowired
+    public void setPrincipalManager(GuiProfiledPrincipalManager focusProfileService) {
+        this.focusProfileService = focusProfileService;
+    }
+
     @Override
     public void setMessageSource(MessageSource messageSource) {
         this.messages = new MessageSourceAccessor(messageSource);

diff --git a/...rity/NodeAuthenticationEvaluatorImpl.java → ...ator/NodeAuthenticationEvaluatorImpl.java b/...rity/NodeAuthenticationEvaluatorImpl.java → ...ator/NodeAuthenticationEvaluatorImpl.java
@@ -4,13 +4,15 @@
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-package com.evolveum.midpoint.model.impl.security;
+package com.evolveum.midpoint.authentication.impl.security.evaluator;
 
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 
+import com.evolveum.midpoint.authentication.impl.security.module.authentication.NodeAuthenticationTokenImpl;
+import com.evolveum.midpoint.model.api.ModelAuditRecorder;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;
 import com.evolveum.midpoint.prism.crypto.Protector;
 import com.evolveum.midpoint.authentication.api.NodeAuthenticationEvaluator;
@@ -42,7 +44,7 @@ public class NodeAuthenticationEvaluatorImpl implements NodeAuthenticationEvalua
     @Qualifier("cacheRepositoryService")
     private RepositoryService repositoryService;
     @Autowired private TaskManager taskManager;
-    @Autowired private SecurityHelper securityHelper;
+    @Autowired private ModelAuditRecorder securityHelper;
     @Autowired private Protector protector;
 
     private static final Trace LOGGER = TraceManager.getTrace(NodeAuthenticationEvaluatorImpl.class);
@@ -94,7 +96,7 @@ public boolean authenticate(@Nullable String remoteName, String remoteAddress, @
                 }
                 if (actualNode != null) {
                     LOGGER.trace("Established authenticity for remote {}", actualNode);
-                    NodeAuthenticationToken authNtoken = new NodeAuthenticationToken(actualNode, remoteAddress,
+                    NodeAuthenticationTokenImpl authNtoken = new NodeAuthenticationTokenImpl(actualNode, remoteAddress,
                             Collections.emptyList());
                     SecurityContextHolder.getContext().setAuthentication(authNtoken);
                     securityHelper.auditLoginSuccess(actualNode.asObjectable(), connEnv);

diff --git a/...ity/NonceAuthenticationEvaluatorImpl.java → ...tor/NonceAuthenticationEvaluatorImpl.java b/...ity/NonceAuthenticationEvaluatorImpl.java → ...tor/NonceAuthenticationEvaluatorImpl.java
@@ -4,7 +4,7 @@
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-package com.evolveum.midpoint.model.impl.security;
+package com.evolveum.midpoint.authentication.impl.security.evaluator;
 
 import org.apache.commons.lang.StringUtils;
 import org.jetbrains.annotations.NotNull;
@@ -24,7 +24,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
 
 @Component("nonceAuthenticationEvaluator")
-public class NonceAuthenticationEvaluatorImpl extends AuthenticationEvaluatorImpl<NonceType, NonceAuthenticationContext>{
+public class NonceAuthenticationEvaluatorImpl extends AuthenticationEvaluatorImpl<NonceType, NonceAuthenticationContext> {
 
 
     @Override

diff --git a/.../PasswordAuthenticationEvaluatorImpl.java → .../PasswordAuthenticationEvaluatorImpl.java b/.../PasswordAuthenticationEvaluatorImpl.java → .../PasswordAuthenticationEvaluatorImpl.java
@@ -4,7 +4,7 @@
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-package com.evolveum.midpoint.model.impl.security;
+package com.evolveum.midpoint.authentication.impl.security.evaluator;
 
 import org.apache.commons.lang.StringUtils;
 import org.jetbrains.annotations.NotNull;

diff --git a/...model/impl/security/PasswordCallback.java → .../security/evaluator/PasswordCallback.java b/...model/impl/security/PasswordCallback.java → .../security/evaluator/PasswordCallback.java
@@ -4,7 +4,7 @@
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-package com.evolveum.midpoint.model.impl.security;
+package com.evolveum.midpoint.authentication.impl.security.evaluator;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;

diff --git a/...l/security/PasswordCallbackException.java → .../evaluator/PasswordCallbackException.java b/...l/security/PasswordCallbackException.java → .../evaluator/PasswordCallbackException.java
@@ -4,7 +4,7 @@
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-package com.evolveum.midpoint.model.impl.security;
+package com.evolveum.midpoint.authentication.impl.security.evaluator;
 
 import java.io.IOException;
 

diff --git a/...yQuestionAuthenticationEvaluatorImpl.java → ...yQuestionAuthenticationEvaluatorImpl.java b/...yQuestionAuthenticationEvaluatorImpl.java → ...yQuestionAuthenticationEvaluatorImpl.java
@@ -4,7 +4,7 @@
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-package com.evolveum.midpoint.model.impl.security;
+package com.evolveum.midpoint.authentication.impl.security.evaluator;
 
 import java.util.List;
 import java.util.Map;

diff --git a/...mpl/security/NodeAuthenticationToken.java → ...tication/NodeAuthenticationTokenImpl.java b/...mpl/security/NodeAuthenticationToken.java → ...tication/NodeAuthenticationTokenImpl.java
@@ -4,24 +4,26 @@
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
  */
-package com.evolveum.midpoint.model.impl.security;
+package com.evolveum.midpoint.authentication.impl.security.module.authentication;
 
 import java.util.Collection;
 
+import com.evolveum.midpoint.authentication.api.authentication.NodeAuthenticationToken;
+
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.NodeType;
 
-public class NodeAuthenticationToken extends AbstractAuthenticationToken {
+public class NodeAuthenticationTokenImpl extends AbstractAuthenticationToken implements NodeAuthenticationToken {
 
     private static final long serialVersionUID = 1L;
 
     private PrismObject<NodeType> node;
     private String remoteAddress;
 
-    public NodeAuthenticationToken(PrismObject<NodeType> node, String remoteAddress, Collection<? extends GrantedAuthority> authorities) {
+    public NodeAuthenticationTokenImpl(PrismObject<NodeType> node, String remoteAddress, Collection<? extends GrantedAuthority> authorities) {
         super(authorities);
         this.node = node;
         this.remoteAddress = remoteAddress;

diff --git a/...ain/java/com/evolveum/midpoint/authentication/impl/security/provider/ClusterProvider.java b/...ain/java/com/evolveum/midpoint/authentication/impl/security/provider/ClusterProvider.java
@@ -22,7 +22,7 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.authentication.*;
 import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
 import com.evolveum.midpoint.util.logging.Trace;

diff --git a/...n/java/com/evolveum/midpoint/authentication/impl/security/provider/MailNonceProvider.java b/...n/java/com/evolveum/midpoint/authentication/impl/security/provider/MailNonceProvider.java
@@ -30,7 +30,7 @@
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.ModelInteractionService;
 import com.evolveum.midpoint.model.api.ModelService;
 import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;

diff --git a/...idpoint/authentication/impl/security/provider/MidPointAbstractAuthenticationProvider.java b/...idpoint/authentication/impl/security/provider/MidPointAbstractAuthenticationProvider.java
@@ -27,7 +27,7 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.context.AbstractAuthenticationContext;
 import com.evolveum.midpoint.prism.PrismContext;
 import com.evolveum.midpoint.prism.PrismObject;

diff --git a/...um/midpoint/authentication/impl/security/provider/MidPointLdapAuthenticationProvider.java b/...um/midpoint/authentication/impl/security/provider/MidPointLdapAuthenticationProvider.java
@@ -36,7 +36,7 @@
 import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
 
 import com.evolveum.midpoint.common.Clock;
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.ModelAuditRecorder;
 import com.evolveum.midpoint.model.api.authentication.*;
 import com.evolveum.midpoint.model.api.util.AuthenticationEvaluatorUtil;

diff --git a/...in/java/com/evolveum/midpoint/authentication/impl/security/provider/PasswordProvider.java b/...in/java/com/evolveum/midpoint/authentication/impl/security/provider/PasswordProvider.java
@@ -19,7 +19,7 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
 import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
 import com.evolveum.midpoint.model.api.context.PreAuthenticationContext;

diff --git a/.../main/java/com/evolveum/midpoint/authentication/impl/security/provider/Saml2Provider.java b/.../main/java/com/evolveum/midpoint/authentication/impl/security/provider/Saml2Provider.java
@@ -36,7 +36,7 @@
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.util.CollectionUtils;
 
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
 import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
 import com.evolveum.midpoint.model.api.context.PreAuthenticationContext;

diff --git a/...com/evolveum/midpoint/authentication/impl/security/provider/SecurityQuestionProvider.java b/...com/evolveum/midpoint/authentication/impl/security/provider/SecurityQuestionProvider.java
@@ -20,7 +20,7 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 
-import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.authentication.api.authentication.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
 import com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext;
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;