java.lang.Object
- com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl<C,T>

All Implemented Interfaces:

AuthenticationEvaluator<T>, org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware

Direct Known Subclasses:

NonceAuthenticationEvaluatorImpl, PasswordAuthenticationEvaluatorImpl, SecurityQuestionAuthneticationEvaluatorImpl
```
public abstract class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext>
extends Object
implements AuthenticationEvaluator<T>, org.springframework.context.MessageSourceAware
```
Author:

semancik

Field Summary

Fields
Modifier and Type Field Description

protected org.springframework.context.support.MessageSourceAccessor messages

Constructor Summary

Constructors
Constructor Description

AuthenticationEvaluatorImpl()

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method	Description
`org.springframework.security.authentication.UsernamePasswordAuthenticationToken`	`authenticate(ConnectionEnvironment connEnv, T authnCtx)`
`org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken`	`authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, String enteredUsername)`
`UserType`	`checkCredentials(ConnectionEnvironment connEnv, T authnCtx)`
`protected abstract void`	`checkEnteredCredentials(ConnectionEnvironment connEnv, T authCtx)`
`protected boolean`	`decryptAndMatch(ConnectionEnvironment connEnv, MidPointPrincipal principal, ProtectedStringType protectedString, String enteredPassword)`
`String`	`getAndCheckUserPassword(ConnectionEnvironment connEnv, String enteredUsername)`	Special-purpose method used for Web Service authentication based on javax.security callbacks.
`protected abstract C`	`getCredential(CredentialsType credentials)`
`protected String`	`getDecryptedValue(ConnectionEnvironment connEnv, MidPointPrincipal principal, ProtectedStringType protectedString)`
`protected abstract CredentialPolicyType`	`getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, T authnCtx)`
`protected abstract boolean`	`passwordMatches(ConnectionEnvironment connEnv, MidPointPrincipal principal, C passwordType, T authCtx)`
`protected void`	`recordAuthenticationFailure(MidPointPrincipal principal, ConnectionEnvironment connEnv, String reason)`
`protected void`	`recordAuthenticationFailure(String username, ConnectionEnvironment connEnv, String reason)`
`void`	`recordPasswordAuthenticationFailure(MidPointPrincipal principal, ConnectionEnvironment connEnv, C passwordType, CredentialPolicyType credentialsPolicy, String reason)`
`void`	`recordPasswordAuthenticationSuccess(MidPointPrincipal principal, ConnectionEnvironment connEnv, C passwordType)`
`void`	`setMessageSource(org.springframework.context.MessageSource messageSource)`
`protected abstract boolean`	`suportsAuthzCheck()`
`protected abstract boolean`	`supportsActivation()`
`protected abstract void`	`validateCredentialNotNull(ConnectionEnvironment connEnv, MidPointPrincipal principal, C credential)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

messages

protected org.springframework.context.support.MessageSourceAccessor messages

Constructor Detail
- AuthenticationEvaluatorImpl
```
public AuthenticationEvaluatorImpl()
```

Method Detail

setMessageSource
```
public void setMessageSource(org.springframework.context.MessageSource messageSource)
```
Specified by:

setMessageSource in interface org.springframework.context.MessageSourceAware

checkEnteredCredentials

protected abstract void checkEnteredCredentials(ConnectionEnvironment connEnv,
                                                T authCtx)

suportsAuthzCheck

protected abstract boolean suportsAuthzCheck()

getCredential

protected abstract C getCredential(CredentialsType credentials)

validateCredentialNotNull

protected abstract void validateCredentialNotNull(ConnectionEnvironment connEnv,
                                                  @NotNull
                                                  MidPointPrincipal principal,
                                                  C credential)

passwordMatches

protected abstract boolean passwordMatches(ConnectionEnvironment connEnv,
                                           @NotNull
                                           MidPointPrincipal principal,
                                           C passwordType,
                                           T authCtx)

getEffectiveCredentialPolicy

protected abstract CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy,
                                                                     T authnCtx)
                                                              throws SchemaException

Throws:: SchemaException

supportsActivation

protected abstract boolean supportsActivation()

authenticate

public org.springframework.security.authentication.UsernamePasswordAuthenticationToken authenticate(ConnectionEnvironment connEnv,
                                                                                                    T authnCtx)
                                                                                             throws org.springframework.security.authentication.BadCredentialsException,
                                                                                                    org.springframework.security.authentication.AuthenticationCredentialsNotFoundException,
                                                                                                    org.springframework.security.authentication.DisabledException,
                                                                                                    org.springframework.security.authentication.LockedException,
                                                                                                    org.springframework.security.authentication.CredentialsExpiredException,
                                                                                                    org.springframework.security.authentication.AuthenticationServiceException,
                                                                                                    org.springframework.security.access.AccessDeniedException,
                                                                                                    org.springframework.security.core.userdetails.UsernameNotFoundException

Specified by:: authenticate in interface AuthenticationEvaluator<C extends AbstractCredentialType>
Throws:: org.springframework.security.authentication.BadCredentialsException; org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; org.springframework.security.authentication.DisabledException; org.springframework.security.authentication.LockedException; org.springframework.security.authentication.CredentialsExpiredException; org.springframework.security.authentication.AuthenticationServiceException; org.springframework.security.access.AccessDeniedException; org.springframework.security.core.userdetails.UsernameNotFoundException

checkCredentials

@NotNull
public UserType checkCredentials(ConnectionEnvironment connEnv,
                                 T authnCtx)
                          throws org.springframework.security.authentication.BadCredentialsException,
                                 org.springframework.security.authentication.AuthenticationCredentialsNotFoundException,
                                 org.springframework.security.authentication.DisabledException,
                                 org.springframework.security.authentication.LockedException,
                                 org.springframework.security.authentication.CredentialsExpiredException,
                                 org.springframework.security.authentication.AuthenticationServiceException,
                                 org.springframework.security.access.AccessDeniedException,
                                 org.springframework.security.core.userdetails.UsernameNotFoundException

Specified by:: checkCredentials in interface AuthenticationEvaluator<C extends AbstractCredentialType>
Throws:: org.springframework.security.authentication.BadCredentialsException; org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; org.springframework.security.authentication.DisabledException; org.springframework.security.authentication.LockedException; org.springframework.security.authentication.CredentialsExpiredException; org.springframework.security.authentication.AuthenticationServiceException; org.springframework.security.access.AccessDeniedException; org.springframework.security.core.userdetails.UsernameNotFoundException

getAndCheckUserPassword

public String getAndCheckUserPassword(ConnectionEnvironment connEnv,
                                      String enteredUsername)
                               throws org.springframework.security.authentication.AuthenticationCredentialsNotFoundException,
                                      org.springframework.security.authentication.DisabledException,
                                      org.springframework.security.authentication.LockedException,
                                      org.springframework.security.authentication.CredentialsExpiredException,
                                      org.springframework.security.authentication.AuthenticationServiceException,
                                      org.springframework.security.access.AccessDeniedException,
                                      org.springframework.security.core.userdetails.UsernameNotFoundException

Special-purpose method used for Web Service authentication based on javax.security callbacks. In that case there is no reasonable way how to reuse existing methods. Therefore this method is NOT part of the AuthenticationEvaluator interface. It is mostly a glue to make the old Java security code work.

Throws:: org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; org.springframework.security.authentication.DisabledException; org.springframework.security.authentication.LockedException; org.springframework.security.authentication.CredentialsExpiredException; org.springframework.security.authentication.AuthenticationServiceException; org.springframework.security.access.AccessDeniedException; org.springframework.security.core.userdetails.UsernameNotFoundException

authenticateUserPreAuthenticated

public org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken authenticateUserPreAuthenticated(ConnectionEnvironment connEnv,
                                                                                                                                    String enteredUsername)

Specified by:: authenticateUserPreAuthenticated in interface AuthenticationEvaluator<C extends AbstractCredentialType>

decryptAndMatch

protected boolean decryptAndMatch(ConnectionEnvironment connEnv,
                                  @NotNull
                                  MidPointPrincipal principal,
                                  ProtectedStringType protectedString,
                                  String enteredPassword)

getDecryptedValue

protected String getDecryptedValue(ConnectionEnvironment connEnv,
                                   @NotNull
                                   MidPointPrincipal principal,
                                   ProtectedStringType protectedString)

recordPasswordAuthenticationSuccess

public void recordPasswordAuthenticationSuccess(MidPointPrincipal principal,
                                                ConnectionEnvironment connEnv,
                                                C passwordType)

recordPasswordAuthenticationFailure

public void recordPasswordAuthenticationFailure(@NotNull
                                                MidPointPrincipal principal,
                                                @NotNull
                                                ConnectionEnvironment connEnv,
                                                @NotNull
                                                C passwordType,
                                                CredentialPolicyType credentialsPolicy,
                                                String reason)

recordAuthenticationFailure

protected void recordAuthenticationFailure(@NotNull
                                           MidPointPrincipal principal,
                                           ConnectionEnvironment connEnv,
                                           String reason)

recordAuthenticationFailure

protected void recordAuthenticationFailure(String username,
                                           ConnectionEnvironment connEnv,
                                           String reason)

Class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,​T extends AbstractAuthenticationContext>

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

messages

Constructor Detail

AuthenticationEvaluatorImpl

Method Detail

setMessageSource

checkEnteredCredentials

suportsAuthzCheck

getCredential

validateCredentialNotNull

passwordMatches

getEffectiveCredentialPolicy

supportsActivation

authenticate

checkCredentials

getAndCheckUserPassword

authenticateUserPreAuthenticated

decryptAndMatch

getDecryptedValue

recordPasswordAuthenticationSuccess

recordPasswordAuthenticationFailure

recordAuthenticationFailure

recordAuthenticationFailure

Class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext>