From e93501be05abad22496cb77abe650e503c49a681 Mon Sep 17 00:00:00 2001 From: Yuriy Movchan Date: Mon, 29 Apr 2024 11:59:57 +0300 Subject: [PATCH] feat(jans-auth): add utility methods for external authenticators (#8397) Signed-off-by: Yuriy Movchan --- .../as/server/service/AppInitializer.java | 2 +- .../server/service/AuthenticationService.java | 142 ++++++++++-------- 2 files changed, 78 insertions(+), 66 deletions(-) diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AppInitializer.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AppInitializer.java index 8c8781c6ada..fae1cc5c613 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AppInitializer.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AppInitializer.java @@ -355,7 +355,7 @@ private void reloadConfiguration() { * Utility method which can be used in custom scripts */ public PersistenceEntryManager createPersistenceAuthEntryManager(GluuLdapConfiguration persistenceAuthConfig) { - PersistenceEntryManagerFactory persistenceEntryManagerFactory = applicationFactory.getPersistenceEntryManagerFactory(); + PersistenceEntryManagerFactory persistenceEntryManagerFactory = applicationFactory.getPersistenceEntryManagerFactory(LdapEntryManagerFactory.class); Properties persistenceConnectionProperties = prepareAuthConnectionProperties(persistenceAuthConfig, persistenceEntryManagerFactory.getPersistenceType()); PersistenceEntryManager persistenceAuthEntryManager = diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AuthenticationService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AuthenticationService.java index bb41e48ecad..e8e43c479b8 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AuthenticationService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AuthenticationService.java @@ -127,9 +127,7 @@ public class AuthenticationService { public boolean authenticate(String userName, String password) { log.debug("Authenticating user with LDAP: username: '{}', credentials: '{}'", userName, System.identityHashCode(credentials)); - boolean authenticated = false; - boolean protectionServiceEnabled = authenticationProtectionService.isEnabled(); com.codahale.metrics.Timer.Context timerContext = null; timerContext = metricService @@ -138,31 +136,13 @@ public boolean authenticate(String userName, String password) { if ((this.ldapAuthConfigs == null) || (this.ldapAuthConfigs.size() == 0)) { authenticated = localAuthenticate(userName, password); } else { - authenticated = externalAuthenticate(userName, password); + authenticated = externalAuthenticateInternal(userName, password); } } finally { timerContext.stop(); } - - String userId = userName; - if ((identity.getUser() != null) && StringHelper.isNotEmpty(identity.getUser().getUserId())) { - userId = identity.getUser().getUserId(); - } - setAuthenticatedUserSessionAttribute(userId, authenticated); - - MetricType metricType; - if (authenticated) { - metricType = MetricType.USER_AUTHENTICATION_SUCCESS; - } else { - metricType = MetricType.USER_AUTHENTICATION_FAILURES; - } - - metricService.incCounter(metricType); - - if (protectionServiceEnabled) { - authenticationProtectionService.storeAttempt(userId, authenticated); - authenticationProtectionService.doDelayIfNeeded(userId); - } + + configureUserAfterAuthenticate(userName, authenticated); return authenticated; } @@ -282,56 +262,89 @@ private Pair localAuthenticate(String nameValue, String password, return new Pair(false, null); } - private boolean externalAuthenticate(String keyValue, String password) { - for (int i = 0; i < this.ldapAuthConfigs.size(); i++) { - GluuLdapConfiguration ldapAuthConfig = this.ldapAuthConfigs.get(i); - PersistenceEntryManager ldapAuthEntryManager = this.ldapAuthEntryManagers.get(i); - - String primaryKey = "uid"; - if (StringHelper.isNotEmpty(ldapAuthConfig.getPrimaryKey())) { - primaryKey = ldapAuthConfig.getPrimaryKey(); - } - - String localPrimaryKey = "uid"; - if (StringHelper.isNotEmpty(ldapAuthConfig.getLocalPrimaryKey())) { - localPrimaryKey = ldapAuthConfig.getLocalPrimaryKey(); - } + private boolean externalAuthenticateInternal(String keyValue, String password) { + return externalAuthenticate(ldapAuthConfigs, ldapAuthEntryManagers, keyValue, password, false, false); + } - boolean authenticated = authenticate(ldapAuthConfig, ldapAuthEntryManager, keyValue, password, primaryKey, - localPrimaryKey, false); - if (authenticated) { - return authenticated; - } + private boolean externalAuthenticate(List ldapAuthConfigs, List ldapAuthEntryManagers, String keyValue, String password, boolean updateMetrics, boolean configureUser) { + boolean authenticated = false; + com.codahale.metrics.Timer.Context timerContext = null; + if (updateMetrics) { + timerContext = metricService + .getTimer(MetricType.USER_AUTHENTICATION_RATE).time(); + } + try { + if ((ldapAuthConfigs != null) && (ldapAuthEntryManagers != null)) { + for (int i = 0; i < this.ldapAuthConfigs.size(); i++) { + GluuLdapConfiguration ldapAuthConfig = ldapAuthConfigs.get(i); + PersistenceEntryManager ldapAuthEntryManager = ldapAuthEntryManagers.get(i); + + String primaryKey = "uid"; + if (StringHelper.isNotEmpty(ldapAuthConfig.getPrimaryKey())) { + primaryKey = ldapAuthConfig.getPrimaryKey(); + } + + String localPrimaryKey = "uid"; + if (StringHelper.isNotEmpty(ldapAuthConfig.getLocalPrimaryKey())) { + localPrimaryKey = ldapAuthConfig.getLocalPrimaryKey(); + } + + authenticated = authenticate(ldapAuthConfig, ldapAuthEntryManager, keyValue, password, primaryKey, + localPrimaryKey, false); + if (authenticated) { + break; + } + } + } + } finally { + if (timerContext != null) { + timerContext.stop(); + } + } + + if (configureUser) { + configureUserAfterAuthenticate(keyValue, authenticated); } - return false; + return authenticated; } - public boolean authenticate(String keyValue, String password, String primaryKey, String localPrimaryKey) { - if (this.ldapAuthConfigs == null) { - return authenticate(null, ldapEntryManager, keyValue, password, primaryKey, localPrimaryKey); - } + public boolean externalAuthenticate(String keyValue, String password) { + return externalAuthenticate(ldapAuthConfigs, ldapAuthEntryManagers, keyValue, password, true, true); + } + public boolean externalAuthenticate(List ldapAuthConfigs, List ldapAuthEntryManagers, String keyValue, String password) { + return externalAuthenticate(ldapAuthConfigs, ldapAuthEntryManagers, keyValue, password, true, true); + } + + public boolean externalAuthenticate(String keyValue, String password, String primaryKey, String localPrimaryKey) { boolean authenticated = false; - boolean protectionServiceEnabled = authenticationProtectionService.isEnabled(); com.codahale.metrics.Timer.Context timerContext = metricService .getTimer(MetricType.USER_AUTHENTICATION_RATE).time(); try { - for (int i = 0; i < this.ldapAuthConfigs.size(); i++) { - GluuLdapConfiguration ldapAuthConfig = this.ldapAuthConfigs.get(i); - PersistenceEntryManager ldapAuthEntryManager = this.ldapAuthEntryManagers.get(i); - - authenticated = authenticate(ldapAuthConfig, ldapAuthEntryManager, keyValue, password, primaryKey, - localPrimaryKey, false); - if (authenticated) { - break; - } - } + if (this.ldapAuthConfigs != null) { + for (int i = 0; i < this.ldapAuthConfigs.size(); i++) { + GluuLdapConfiguration ldapAuthConfig = this.ldapAuthConfigs.get(i); + PersistenceEntryManager ldapAuthEntryManager = this.ldapAuthEntryManagers.get(i); + + authenticated = authenticate(ldapAuthConfig, ldapAuthEntryManager, keyValue, password, primaryKey, + localPrimaryKey, false); + if (authenticated) { + break; + } + } + } } finally { timerContext.stop(); } - String userId = null; + + configureUserAfterAuthenticate(keyValue, authenticated); + + return authenticated; + } + + private void configureUserAfterAuthenticate(String userId, boolean authenticated) { if ((identity.getUser() != null) && StringHelper.isNotEmpty(identity.getUser().getUserId())) { userId = identity.getUser().getUserId(); } @@ -346,13 +359,12 @@ public boolean authenticate(String keyValue, String password, String primaryKey, metricService.incCounter(metricType); + boolean protectionServiceEnabled = authenticationProtectionService.isEnabled(); if (protectionServiceEnabled) { - authenticationProtectionService.storeAttempt(keyValue, authenticated); - authenticationProtectionService.doDelayIfNeeded(keyValue); + authenticationProtectionService.storeAttempt(userId, authenticated); + authenticationProtectionService.doDelayIfNeeded(userId); } - - return authenticated; - } + } /* * Utility method which can be used in custom scripts @@ -436,7 +448,7 @@ private boolean authenticateImpl(GluuLdapConfiguration ldapAuthConfig, Persisten if (user != null) { String userDn = user.getDn(); log.debug("Attempting to authenticate userDN: {}", userDn); - if (ldapAuthEntryManager.authenticate(userDn, password)) { + if (ldapAuthEntryManager.authenticate(userDn, User.class, password)) { log.debug("User authenticated: {}", userDn); log.debug("Attempting to find userDN by local primary key: {}", localPrimaryKey);