Class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext>
- java.lang.Object
-
- com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl<C,T>
-
- All Implemented Interfaces:
AuthenticationEvaluator<T>
,org.springframework.beans.factory.Aware
,org.springframework.context.MessageSourceAware
- Direct Known Subclasses:
NonceAuthenticationEvaluatorImpl
,PasswordAuthenticationEvaluatorImpl
,SecurityQuestionAuthenticationEvaluatorImpl
public abstract class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext> extends Object implements AuthenticationEvaluator<T>, org.springframework.context.MessageSourceAware
- Author:
- semancik
-
-
Field Summary
Fields Modifier and Type Field Description protected org.springframework.context.support.MessageSourceAccessor
messages
-
Constructor Summary
Constructors Constructor Description AuthenticationEvaluatorImpl()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description org.springframework.security.authentication.UsernamePasswordAuthenticationToken
authenticate(ConnectionEnvironment connEnv, T authnCtx)
org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, AbstractAuthenticationContext authnCtx)
@NotNull FocusType
checkCredentials(ConnectionEnvironment connEnv, T authnCtx)
protected abstract void
checkEnteredCredentials(ConnectionEnvironment connEnv, T authCtx)
protected boolean
checkRequiredAssignment(List<AssignmentType> assignments, List<ObjectReferenceType> requireAssignments)
protected boolean
decryptAndMatch(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, String enteredPassword)
String
getAndCheckUserPassword(ConnectionEnvironment connEnv, String username)
Special-purpose method used for Web Service authentication based on javax.security callbacks.protected abstract C
getCredential(CredentialsType credentials)
protected String
getDecryptedValue(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString)
protected abstract CredentialPolicyType
getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, T authnCtx)
protected abstract boolean
passwordMatches(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C passwordType, T authCtx)
protected void
recordAuthenticationFailure(@NotNull MidPointPrincipal principal, ConnectionEnvironment connEnv, String reason)
protected void
recordAuthenticationFailure(String username, ConnectionEnvironment connEnv, String reason)
void
recordPasswordAuthenticationFailure(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, C passwordType, CredentialPolicyType credentialsPolicy, String reason)
void
recordPasswordAuthenticationSuccess(MidPointPrincipal principal, ConnectionEnvironment connEnv, C passwordType)
void
setMessageSource(org.springframework.context.MessageSource messageSource)
protected abstract boolean
supportsActivation()
protected abstract boolean
supportsAuthzCheck()
protected abstract void
validateCredentialNotNull(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C credential)
-
-
-
Method Detail
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource)
- Specified by:
setMessageSource
in interfaceorg.springframework.context.MessageSourceAware
-
checkEnteredCredentials
protected abstract void checkEnteredCredentials(ConnectionEnvironment connEnv, T authCtx)
-
supportsAuthzCheck
protected abstract boolean supportsAuthzCheck()
-
getCredential
protected abstract C getCredential(CredentialsType credentials)
-
validateCredentialNotNull
protected abstract void validateCredentialNotNull(ConnectionEnvironment connEnv, @NotNull @NotNull MidPointPrincipal principal, C credential)
-
passwordMatches
protected abstract boolean passwordMatches(ConnectionEnvironment connEnv, @NotNull @NotNull MidPointPrincipal principal, C passwordType, T authCtx)
-
getEffectiveCredentialPolicy
protected abstract CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, T authnCtx) throws SchemaException
- Throws:
SchemaException
-
supportsActivation
protected abstract boolean supportsActivation()
-
authenticate
public org.springframework.security.authentication.UsernamePasswordAuthenticationToken authenticate(ConnectionEnvironment connEnv, T authnCtx) throws org.springframework.security.authentication.BadCredentialsException, org.springframework.security.authentication.AuthenticationCredentialsNotFoundException, org.springframework.security.authentication.DisabledException, org.springframework.security.authentication.LockedException, org.springframework.security.authentication.CredentialsExpiredException, org.springframework.security.authentication.AuthenticationServiceException, org.springframework.security.access.AccessDeniedException, org.springframework.security.core.userdetails.UsernameNotFoundException
- Specified by:
authenticate
in interfaceAuthenticationEvaluator<C extends AbstractCredentialType>
- Throws:
org.springframework.security.authentication.BadCredentialsException
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
org.springframework.security.authentication.DisabledException
org.springframework.security.authentication.LockedException
org.springframework.security.authentication.CredentialsExpiredException
org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.access.AccessDeniedException
org.springframework.security.core.userdetails.UsernameNotFoundException
-
checkRequiredAssignment
protected boolean checkRequiredAssignment(List<AssignmentType> assignments, List<ObjectReferenceType> requireAssignments)
-
checkCredentials
@NotNull public @NotNull FocusType checkCredentials(ConnectionEnvironment connEnv, T authnCtx) throws org.springframework.security.authentication.BadCredentialsException, org.springframework.security.authentication.AuthenticationCredentialsNotFoundException, org.springframework.security.authentication.DisabledException, org.springframework.security.authentication.LockedException, org.springframework.security.authentication.CredentialsExpiredException, org.springframework.security.authentication.AuthenticationServiceException, org.springframework.security.access.AccessDeniedException, org.springframework.security.core.userdetails.UsernameNotFoundException
- Specified by:
checkCredentials
in interfaceAuthenticationEvaluator<C extends AbstractCredentialType>
- Throws:
org.springframework.security.authentication.BadCredentialsException
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
org.springframework.security.authentication.DisabledException
org.springframework.security.authentication.LockedException
org.springframework.security.authentication.CredentialsExpiredException
org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.access.AccessDeniedException
org.springframework.security.core.userdetails.UsernameNotFoundException
-
getAndCheckUserPassword
public String getAndCheckUserPassword(ConnectionEnvironment connEnv, String username) throws org.springframework.security.authentication.AuthenticationCredentialsNotFoundException, org.springframework.security.authentication.DisabledException, org.springframework.security.authentication.LockedException, org.springframework.security.authentication.CredentialsExpiredException, org.springframework.security.authentication.AuthenticationServiceException, org.springframework.security.access.AccessDeniedException, org.springframework.security.core.userdetails.UsernameNotFoundException
Special-purpose method used for Web Service authentication based on javax.security callbacks. In that case there is no reasonable way how to reuse existing methods. Therefore this method is NOT part of the AuthenticationEvaluator interface. It is mostly a glue to make the old Java security code work.- Throws:
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
org.springframework.security.authentication.DisabledException
org.springframework.security.authentication.LockedException
org.springframework.security.authentication.CredentialsExpiredException
org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.access.AccessDeniedException
org.springframework.security.core.userdetails.UsernameNotFoundException
-
authenticateUserPreAuthenticated
public org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, AbstractAuthenticationContext authnCtx)
- Specified by:
authenticateUserPreAuthenticated
in interfaceAuthenticationEvaluator<C extends AbstractCredentialType>
-
decryptAndMatch
protected boolean decryptAndMatch(ConnectionEnvironment connEnv, @NotNull @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, String enteredPassword)
-
getDecryptedValue
protected String getDecryptedValue(ConnectionEnvironment connEnv, @NotNull @NotNull MidPointPrincipal principal, ProtectedStringType protectedString)
-
recordPasswordAuthenticationSuccess
public void recordPasswordAuthenticationSuccess(MidPointPrincipal principal, ConnectionEnvironment connEnv, C passwordType)
-
recordPasswordAuthenticationFailure
public void recordPasswordAuthenticationFailure(@NotNull @NotNull MidPointPrincipal principal, @NotNull @NotNull ConnectionEnvironment connEnv, @NotNull C passwordType, CredentialPolicyType credentialsPolicy, String reason)
-
recordAuthenticationFailure
protected void recordAuthenticationFailure(@NotNull @NotNull MidPointPrincipal principal, ConnectionEnvironment connEnv, String reason)
-
recordAuthenticationFailure
protected void recordAuthenticationFailure(String username, ConnectionEnvironment connEnv, String reason)
-
-