Skip to content

Commit

Permalink
better inheritance - non credentials modules should not extend from c…
Browse files Browse the repository at this point in the history 
…redentials factory
  • Loading branch information
@katkav
katkav committed Jul 27, 2023
1 parent 8df1a3f commit f654ea6
Show file tree
Hide file tree
Showing 20 changed files with 467 additions and 586 deletions.
216 changes: 101 additions & 115 deletions ...evolveum/midpoint/authentication/impl/factory/module/AbstractCredentialModuleFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,126 +39,112 @@ public abstract class AbstractCredentialModuleFactory<

private static final Trace LOGGER = TraceManager.getTrace(AbstractCredentialModuleFactory.class);

@Override
public abstract boolean match(AbstractAuthenticationModuleType moduleType, AuthenticationChannel authenticationChannel);
// @Override
// public abstract boolean match(AbstractAuthenticationModuleType moduleType, AuthenticationChannel authenticationChannel);

public AuthModule<MA> createModuleFilter(
MT moduleType,
String sequenceSuffix,
ServletRequest request,
Map<Class<?>, Object> sharedObjects,
AuthenticationModulesType authenticationsPolicy,
CredentialsPolicyType credentialPolicy,
AuthenticationChannel authenticationChannel,
AuthenticationSequenceModuleType necessity)

throws Exception {

if (!(moduleType instanceof AbstractCredentialAuthenticationModuleType)) {
LOGGER.error("This factory supports only AbstractCredentialAuthenticationModuleType, but moduleType is " + moduleType);
return null;
}

isSupportedChannel(authenticationChannel);


//TODO PROVIDERS
// configuration.addAuthenticationProvider(
// getProvider((AbstractCredentialAuthenticationModuleType) moduleType, credentialPolicy));


// CA moduleConfigurer = getObjectObjectPostProcessor()
// .postProcess(createModuleConfigurer(moduleType, sequenceSuffix, authenticationChannel, getObjectObjectPostProcessor()));

// HttpSecurity http = moduleConfigurer.getNewHttpSecurity();
// http.addFilterAfter(new RefuseUnauthenticatedRequestFilter(), SwitchUserFilter.class);
// setSharedObjects(http, sharedObjects);
// public AuthModule<MA> createModuleFilter(
// MT moduleType,
// String sequenceSuffix,
// ServletRequest request,
// Map<Class<?>, Object> sharedObjects,
// AuthenticationModulesType authenticationsPolicy,
// CredentialsPolicyType credentialPolicy,
// AuthenticationChannel authenticationChannel,
// AuthenticationSequenceModuleType necessity)
//
// SecurityFilterChain filter = http.build();
// throws Exception {
//
// if (!(moduleType instanceof AbstractCredentialAuthenticationModuleType)) {
// LOGGER.error("This factory supports only AbstractCredentialAuthenticationModuleType, but moduleType is " + moduleType);
// return null;
// }
//
// MA moduleAuthentication = createEmptyModuleAuthentication(moduleType, moduleConfigurer.getConfiguration(), necessity);
// moduleAuthentication.setFocusType(moduleType.getFocusType());

// return AuthModuleImpl.build(filter, moduleConfigurer.getConfiguration(), moduleAuthentication);
return null;
}


private List<CredentialPolicyType> collectCredentialPolicies(CredentialsPolicyType credentialsPolicy) {
List<CredentialPolicyType> credentialPolicies = new ArrayList<>();
if (credentialsPolicy != null) {
credentialPolicies.add(credentialsPolicy.getPassword());
credentialPolicies.add(credentialsPolicy.getSecurityQuestions());
credentialPolicies.addAll(credentialsPolicy.getNonce());
}
return credentialPolicies;
}

private CredentialPolicyType determineUsedPolicy(List<CredentialPolicyType> credentialPolicies, String credentialName) {
CredentialPolicyType usedPolicy = null;
for (CredentialPolicyType processedPolicy : credentialPolicies) {
if (processedPolicy == null) {
continue;
}
if (StringUtils.isNotBlank(credentialName)) {
if (credentialName.equals(processedPolicy.getName())) {
usedPolicy = processedPolicy;
}
} else if (supportedClass() != null && processedPolicy.getClass().isAssignableFrom(supportedClass())) {
usedPolicy = processedPolicy;
}
}
return usedPolicy;
}

protected AuthenticationProvider getProvider(
AbstractCredentialAuthenticationModuleType moduleType,
CredentialsPolicyType credentialsPolicy) {
String credentialName = moduleType.getCredentialName();

List<CredentialPolicyType> credentialPolicies = collectCredentialPolicies(credentialsPolicy);
CredentialPolicyType usedPolicy = determineUsedPolicy(credentialPolicies, credentialName);


if (usedPolicy == null) {
if (PasswordCredentialsPolicyType.class.equals(supportedClass()) || supportedClass() == null) {
return getObjectObjectPostProcessor().postProcess(createProvider(null));
}
String message = StringUtils.isBlank(credentialName)
? ("Couldn't find credential for module " + moduleType)
: ("Couldn't find credential with name " + credentialName);
IllegalArgumentException e = new IllegalArgumentException(message);
LOGGER.error(message);
throw e;
}

if (!usedPolicy.getClass().equals(supportedClass())) {
String moduleIdentifier = StringUtils.isNotEmpty(moduleType.getIdentifier()) ? moduleType.getIdentifier() : moduleType.getName();
String message = "Module " + moduleIdentifier + "support only " + supportedClass() + " type of credential";
IllegalArgumentException e = new IllegalArgumentException(message);
LOGGER.error(message);
throw e;
}

return getObjectObjectPostProcessor().postProcess(createProvider(usedPolicy));
}

private String getCredentialAuthModuleIdentifier(AbstractCredentialAuthenticationModuleType module) {
return StringUtils.isNotEmpty(module.getIdentifier()) ? module.getIdentifier() : module.getName();
}

// protected abstract MA createEmptyModuleAuthentication(
// MT moduleType, C configuration, AuthenticationSequenceModuleType sequenceModule, ServletRequest request);


// protected abstract CA createModuleConfigurer(MT moduleType,
// String sequenceSuffix,
// AuthenticationChannel authenticationChannel,
// ObjectPostProcessor<Object> objectPostProcessor, ServletRequest request);

// isSupportedChannel(authenticationChannel);
//
//
// //TODO PROVIDERS
//// configuration.addAuthenticationProvider(
//// getProvider((AbstractCredentialAuthenticationModuleType) moduleType, credentialPolicy));
//
//
//// CA moduleConfigurer = getObjectObjectPostProcessor()
//// .postProcess(createModuleConfigurer(moduleType, sequenceSuffix, authenticationChannel, getObjectObjectPostProcessor()));
//
//// HttpSecurity http = moduleConfigurer.getNewHttpSecurity();
//// http.addFilterAfter(new RefuseUnauthenticatedRequestFilter(), SwitchUserFilter.class);
//// setSharedObjects(http, sharedObjects);
////
//// SecurityFilterChain filter = http.build();
////
////
//// MA moduleAuthentication = createEmptyModuleAuthentication(moduleType, moduleConfigurer.getConfiguration(), necessity);
//// moduleAuthentication.setFocusType(moduleType.getFocusType());
//
//// return AuthModuleImpl.build(filter, moduleConfigurer.getConfiguration(), moduleAuthentication);
// return null;
// }


// private List<CredentialPolicyType> collectCredentialPolicies(CredentialsPolicyType credentialsPolicy) {
// List<CredentialPolicyType> credentialPolicies = new ArrayList<>();
// if (credentialsPolicy != null) {
// credentialPolicies.add(credentialsPolicy.getPassword());
// credentialPolicies.add(credentialsPolicy.getSecurityQuestions());
// credentialPolicies.addAll(credentialsPolicy.getNonce());
// }
// return credentialPolicies;
// }

// private CredentialPolicyType determineUsedPolicy(List<CredentialPolicyType> credentialPolicies, String credentialName) {
// CredentialPolicyType usedPolicy = null;
// for (CredentialPolicyType processedPolicy : credentialPolicies) {
// if (processedPolicy == null) {
// continue;
// }
// if (StringUtils.isNotBlank(credentialName)) {
// if (credentialName.equals(processedPolicy.getName())) {
// usedPolicy = processedPolicy;
// }
// } else if (supportedClass() != null && processedPolicy.getClass().isAssignableFrom(supportedClass())) {
// usedPolicy = processedPolicy;
// }
// }
// return usedPolicy;
// }

// protected AuthenticationProvider getProvider(
// AbstractCredentialAuthenticationModuleType moduleType,
// CredentialsPolicyType credentialsPolicy) {
// String credentialName = moduleType.getCredentialName();
//
// List<CredentialPolicyType> credentialPolicies = collectCredentialPolicies(credentialsPolicy);
// CredentialPolicyType usedPolicy = determineUsedPolicy(credentialPolicies, credentialName);
//
//
// if (usedPolicy == null) {
// if (PasswordCredentialsPolicyType.class.equals(supportedClass()) || supportedClass() == null) {
// return getObjectObjectPostProcessor().postProcess(createProvider(null));
// }
// String message = StringUtils.isBlank(credentialName)
// ? ("Couldn't find credential for module " + moduleType)
// : ("Couldn't find credential with name " + credentialName);
// IllegalArgumentException e = new IllegalArgumentException(message);
// LOGGER.error(message);
// throw e;
// }
//
// if (!usedPolicy.getClass().equals(supportedClass())) {
// String moduleIdentifier = StringUtils.isNotEmpty(moduleType.getIdentifier()) ? moduleType.getIdentifier() : moduleType.getName();
// String message = "Module " + moduleIdentifier + "support only " + supportedClass() + " type of credential";
// IllegalArgumentException e = new IllegalArgumentException(message);
// LOGGER.error(message);
// throw e;
// }
//
// return getObjectObjectPostProcessor().postProcess(createProvider(usedPolicy));
// }

protected abstract AuthenticationProvider createProvider(CredentialPolicyType usedPolicy);
// protected abstract AuthenticationProvider createProvider(CredentialPolicyType usedPolicy);

protected abstract Class<? extends CredentialPolicyType> supportedClass();
}
13 changes: 1 addition & 12 deletions ...evolveum/midpoint/authentication/impl/factory/module/ArchetypeSelectionModuleFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
import org.springframework.stereotype.Component;

@Component
public class ArchetypeSelectionModuleFactory extends AbstractCredentialModuleFactory<
public class ArchetypeSelectionModuleFactory extends AbstractModuleFactory<
LoginFormModuleWebSecurityConfiguration,
ArchetypeSelectionModuleWebSecurityConfigurer<LoginFormModuleWebSecurityConfiguration>,
ArchetypeSelectionModuleType,
Expand All @@ -41,7 +41,6 @@ protected ArchetypeSelectionModuleAuthentication createEmptyModuleAuthentication
ArchetypeSelectionModuleAuthentication moduleAuthentication = new ArchetypeSelectionModuleAuthentication(sequenceModule);
moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
moduleAuthentication.setCredentialName(moduleType.getCredentialName());
moduleAuthentication.setCredentialType(supportedClass());
moduleAuthentication.setNameOfModule(moduleType.getIdentifier());
return moduleAuthentication;
}
Expand All @@ -58,14 +57,4 @@ protected ArchetypeSelectionModuleWebSecurityConfigurer<LoginFormModuleWebSecuri
// return null;
}

@Override
protected AuthenticationProvider createProvider(CredentialPolicyType usedPolicy) {
return new ArchetypeSelectionAuthenticationProvider();
}

@Override
protected Class<? extends CredentialPolicyType> supportedClass() {
return null;
}

}
13 changes: 1 addition & 12 deletions ...lveum/midpoint/authentication/impl/factory/module/AttributeVerificationModuleFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
import org.springframework.stereotype.Component;

@Component
public class AttributeVerificationModuleFactory extends AbstractCredentialModuleFactory<
public class AttributeVerificationModuleFactory extends AbstractModuleFactory<
LoginFormModuleWebSecurityConfiguration,
AttributeVerificationModuleWebSecurityConfigurer<LoginFormModuleWebSecurityConfiguration>,
AttributeVerificationAuthenticationModuleType,
Expand All @@ -42,23 +42,12 @@ protected AttributeVerificationModuleWebSecurityConfigurer<LoginFormModuleWebSec
// return null;
}

@Override
protected AuthenticationProvider createProvider(CredentialPolicyType usedPolicy) {
return new AttributeVerificationProvider();
}

@Override
protected Class<? extends CredentialPolicyType> supportedClass() {
return null; //todo for now we don't have credentials policy for attribute verification
}

@Override
protected AttributeVerificationModuleAuthentication createEmptyModuleAuthentication(AttributeVerificationAuthenticationModuleType moduleType,
LoginFormModuleWebSecurityConfiguration configuration, AuthenticationSequenceModuleType sequenceModule, ServletRequest request) {
AttributeVerificationModuleAuthentication moduleAuthentication = new AttributeVerificationModuleAuthentication(sequenceModule);
moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
moduleAuthentication.setCredentialName(moduleType.getCredentialName());
moduleAuthentication.setCredentialType(supportedClass());
moduleAuthentication.setNameOfModule(configuration.getModuleIdentifier());
return moduleAuthentication;
}
Expand Down
12 changes: 1 addition & 11 deletions ...om/evolveum/midpoint/authentication/impl/factory/module/CorrelationModuleFactoryImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
* @author skublik
*/
@Component
public class CorrelationModuleFactoryImpl extends AbstractCredentialModuleFactory
public class CorrelationModuleFactoryImpl extends AbstractModuleFactory
<LoginFormModuleWebSecurityConfiguration,
CorrelationModuleWebSecurityConfigurer<LoginFormModuleWebSecurityConfiguration>,
CorrelationAuthenticationModuleType,
Expand All @@ -43,16 +43,6 @@ protected CorrelationModuleWebSecurityConfigurer<LoginFormModuleWebSecurityConfi
new CorrelationProvider());
}

@Override
protected AuthenticationProvider createProvider(CredentialPolicyType usedPolicy) {
return new CorrelationProvider();
}

@Override
protected Class<? extends CredentialPolicyType> supportedClass() {
return null;
}

@Override
protected CorrelationModuleAuthentication createEmptyModuleAuthentication(CorrelationAuthenticationModuleType moduleType,
LoginFormModuleWebSecurityConfiguration configuration, AuthenticationSequenceModuleType sequenceModule, ServletRequest request) {
Expand Down
17 changes: 2 additions & 15 deletions ...eum/midpoint/authentication/impl/factory/module/FocusIdentificationModuleFactoryImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
* @author skublik
*/
@Component
public class FocusIdentificationModuleFactoryImpl extends AbstractCredentialModuleFactory<
public class FocusIdentificationModuleFactoryImpl extends AbstractModuleFactory<
LoginFormModuleWebSecurityConfiguration,
FocusIdentificationModuleWebSecurityConfigurer<LoginFormModuleWebSecurityConfiguration>,
FocusIdentificationAuthenticationModuleType,
Expand All @@ -40,27 +40,14 @@ protected FocusIdentificationModuleWebSecurityConfigurer<LoginFormModuleWebSecur
new FocusIdentificationProvider());
}

@Override
protected AuthenticationProvider createProvider(CredentialPolicyType usedPolicy) {
return new FocusIdentificationProvider();
}

@Override
protected Class<? extends CredentialPolicyType> supportedClass() {
return null;
}

@Override
protected FocusIdentificationModuleAuthentication createEmptyModuleAuthentication(FocusIdentificationAuthenticationModuleType moduleType,
LoginFormModuleWebSecurityConfiguration configuration, AuthenticationSequenceModuleType sequenceModule, ServletRequest request) {
FocusIdentificationModuleAuthentication moduleAuthentication = new FocusIdentificationModuleAuthentication(sequenceModule);
moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
moduleAuthentication.setCredentialName(moduleType.getCredentialName());
moduleAuthentication.setCredentialType(supportedClass());
moduleAuthentication.setNameOfModule(configuration.getModuleIdentifier());
if (moduleType instanceof FocusIdentificationAuthenticationModuleType) {
moduleAuthentication.setModuleConfiguration(moduleType.getItem());
}
moduleAuthentication.setModuleConfiguration(moduleType.getItem());
return moduleAuthentication;
}

Expand Down
13 changes: 1 addition & 12 deletions ...veum/midpoint/authentication/impl/factory/module/HintAuthenticationModuleFactoryImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
import com.evolveum.midpoint.xml.ns._public.common.common_3.*;

@Component
public class HintAuthenticationModuleFactoryImpl extends AbstractCredentialModuleFactory<
public class HintAuthenticationModuleFactoryImpl extends AbstractModuleFactory<
LoginFormModuleWebSecurityConfiguration,
HintModuleWebSecurityConfigurer<LoginFormModuleWebSecurityConfiguration>,
HintAuthenticationModuleType,
Expand All @@ -37,23 +37,12 @@ protected HintModuleWebSecurityConfigurer<LoginFormModuleWebSecurityConfiguratio
new HintAuthenticationProvider());
}

@Override
protected AuthenticationProvider createProvider(CredentialPolicyType usedPolicy) {
return new HintAuthenticationProvider();
}

@Override
protected Class<? extends CredentialPolicyType> supportedClass() {
return null;
}

@Override
protected HintAuthenticationModuleAuthentication createEmptyModuleAuthentication(HintAuthenticationModuleType moduleType,
LoginFormModuleWebSecurityConfiguration configuration, AuthenticationSequenceModuleType sequenceModule, ServletRequest request) {
HintAuthenticationModuleAuthentication moduleAuthentication = new HintAuthenticationModuleAuthentication(sequenceModule);
moduleAuthentication.setPrefix(configuration.getPrefixOfModule());
moduleAuthentication.setCredentialName(moduleType.getCredentialName());
moduleAuthentication.setCredentialType(supportedClass());
moduleAuthentication.setNameOfModule(configuration.getModuleIdentifier());
return moduleAuthentication;
}
Expand Down

0 comments on commit f654ea6

Please sign in to comment.