Class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext>
- java.lang.Object
-
- com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl<C,T>
-
- All Implemented Interfaces:
AuthenticationEvaluator<T>
,org.springframework.beans.factory.Aware
,org.springframework.context.MessageSourceAware
- Direct Known Subclasses:
NonceAuthenticationEvaluatorImpl
,PasswordAuthenticationEvaluatorImpl
,SecurityQuestionAuthneticationEvaluatorImpl
public abstract class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext> extends Object implements AuthenticationEvaluator<T>, org.springframework.context.MessageSourceAware
- Author:
- semancik
-
-
Field Summary
Fields Modifier and Type Field Description protected org.springframework.context.support.MessageSourceAccessor
messages
-
Constructor Summary
Constructors Constructor Description AuthenticationEvaluatorImpl()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description org.springframework.security.authentication.UsernamePasswordAuthenticationToken
authenticate(ConnectionEnvironment connEnv, T authnCtx)
org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, String enteredUsername)
UserType
checkCredentials(ConnectionEnvironment connEnv, T authnCtx)
protected abstract void
checkEnteredCredentials(ConnectionEnvironment connEnv, T authCtx)
protected boolean
decryptAndMatch(ConnectionEnvironment connEnv, MidPointPrincipal principal, ProtectedStringType protectedString, String enteredPassword)
String
getAndCheckUserPassword(ConnectionEnvironment connEnv, String enteredUsername)
Special-purpose method used for Web Service authentication based on javax.security callbacks.protected abstract C
getCredential(CredentialsType credentials)
protected String
getDecryptedValue(ConnectionEnvironment connEnv, MidPointPrincipal principal, ProtectedStringType protectedString)
protected abstract CredentialPolicyType
getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, T authnCtx)
protected abstract boolean
passwordMatches(ConnectionEnvironment connEnv, MidPointPrincipal principal, C passwordType, T authCtx)
protected void
recordAuthenticationFailure(MidPointPrincipal principal, ConnectionEnvironment connEnv, String reason)
protected void
recordAuthenticationFailure(String username, ConnectionEnvironment connEnv, String reason)
void
recordPasswordAuthenticationFailure(MidPointPrincipal principal, ConnectionEnvironment connEnv, C passwordType, CredentialPolicyType credentialsPolicy, String reason)
void
recordPasswordAuthenticationSuccess(MidPointPrincipal principal, ConnectionEnvironment connEnv, C passwordType)
void
setMessageSource(org.springframework.context.MessageSource messageSource)
protected abstract boolean
suportsAuthzCheck()
protected abstract boolean
supportsActivation()
protected abstract void
validateCredentialNotNull(ConnectionEnvironment connEnv, MidPointPrincipal principal, C credential)
-
-
-
Method Detail
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource)
- Specified by:
setMessageSource
in interfaceorg.springframework.context.MessageSourceAware
-
checkEnteredCredentials
protected abstract void checkEnteredCredentials(ConnectionEnvironment connEnv, T authCtx)
-
suportsAuthzCheck
protected abstract boolean suportsAuthzCheck()
-
getCredential
protected abstract C getCredential(CredentialsType credentials)
-
validateCredentialNotNull
protected abstract void validateCredentialNotNull(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C credential)
-
passwordMatches
protected abstract boolean passwordMatches(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C passwordType, T authCtx)
-
getEffectiveCredentialPolicy
protected abstract CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, T authnCtx) throws SchemaException
- Throws:
SchemaException
-
supportsActivation
protected abstract boolean supportsActivation()
-
authenticate
public org.springframework.security.authentication.UsernamePasswordAuthenticationToken authenticate(ConnectionEnvironment connEnv, T authnCtx) throws org.springframework.security.authentication.BadCredentialsException, org.springframework.security.authentication.AuthenticationCredentialsNotFoundException, org.springframework.security.authentication.DisabledException, org.springframework.security.authentication.LockedException, org.springframework.security.authentication.CredentialsExpiredException, org.springframework.security.authentication.AuthenticationServiceException, org.springframework.security.access.AccessDeniedException, org.springframework.security.core.userdetails.UsernameNotFoundException
- Specified by:
authenticate
in interfaceAuthenticationEvaluator<C extends AbstractCredentialType>
- Throws:
org.springframework.security.authentication.BadCredentialsException
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
org.springframework.security.authentication.DisabledException
org.springframework.security.authentication.LockedException
org.springframework.security.authentication.CredentialsExpiredException
org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.access.AccessDeniedException
org.springframework.security.core.userdetails.UsernameNotFoundException
-
checkCredentials
@NotNull public UserType checkCredentials(ConnectionEnvironment connEnv, T authnCtx) throws org.springframework.security.authentication.BadCredentialsException, org.springframework.security.authentication.AuthenticationCredentialsNotFoundException, org.springframework.security.authentication.DisabledException, org.springframework.security.authentication.LockedException, org.springframework.security.authentication.CredentialsExpiredException, org.springframework.security.authentication.AuthenticationServiceException, org.springframework.security.access.AccessDeniedException, org.springframework.security.core.userdetails.UsernameNotFoundException
- Specified by:
checkCredentials
in interfaceAuthenticationEvaluator<C extends AbstractCredentialType>
- Throws:
org.springframework.security.authentication.BadCredentialsException
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
org.springframework.security.authentication.DisabledException
org.springframework.security.authentication.LockedException
org.springframework.security.authentication.CredentialsExpiredException
org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.access.AccessDeniedException
org.springframework.security.core.userdetails.UsernameNotFoundException
-
getAndCheckUserPassword
public String getAndCheckUserPassword(ConnectionEnvironment connEnv, String enteredUsername) throws org.springframework.security.authentication.AuthenticationCredentialsNotFoundException, org.springframework.security.authentication.DisabledException, org.springframework.security.authentication.LockedException, org.springframework.security.authentication.CredentialsExpiredException, org.springframework.security.authentication.AuthenticationServiceException, org.springframework.security.access.AccessDeniedException, org.springframework.security.core.userdetails.UsernameNotFoundException
Special-purpose method used for Web Service authentication based on javax.security callbacks. In that case there is no reasonable way how to reuse existing methods. Therefore this method is NOT part of the AuthenticationEvaluator interface. It is mostly a glue to make the old Java security code work.- Throws:
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
org.springframework.security.authentication.DisabledException
org.springframework.security.authentication.LockedException
org.springframework.security.authentication.CredentialsExpiredException
org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.access.AccessDeniedException
org.springframework.security.core.userdetails.UsernameNotFoundException
-
authenticateUserPreAuthenticated
public org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, String enteredUsername)
- Specified by:
authenticateUserPreAuthenticated
in interfaceAuthenticationEvaluator<C extends AbstractCredentialType>
-
decryptAndMatch
protected boolean decryptAndMatch(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, String enteredPassword)
-
getDecryptedValue
protected String getDecryptedValue(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString)
-
recordPasswordAuthenticationSuccess
public void recordPasswordAuthenticationSuccess(MidPointPrincipal principal, ConnectionEnvironment connEnv, C passwordType)
-
recordPasswordAuthenticationFailure
public void recordPasswordAuthenticationFailure(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, @NotNull C passwordType, CredentialPolicyType credentialsPolicy, String reason)
-
recordAuthenticationFailure
protected void recordAuthenticationFailure(@NotNull MidPointPrincipal principal, ConnectionEnvironment connEnv, String reason)
-
recordAuthenticationFailure
protected void recordAuthenticationFailure(String username, ConnectionEnvironment connEnv, String reason)
-
-