java.lang.Object
- com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl<C,T>

All Implemented Interfaces:

AuthenticationEvaluator<T>, org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware

Direct Known Subclasses:

NonceAuthenticationEvaluatorImpl, PasswordAuthenticationEvaluatorImpl, SecurityQuestionAuthenticationEvaluatorImpl
```
public abstract class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext>
extends Object
implements AuthenticationEvaluator<T>, org.springframework.context.MessageSourceAware
```
Author:

semancik

Field Summary

Fields
Modifier and Type Field Description

protected org.springframework.context.support.MessageSourceAccessor messages

Constructor Summary

Constructors
Constructor Description

AuthenticationEvaluatorImpl()

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method	Description
`org.springframework.security.authentication.UsernamePasswordAuthenticationToken`	`authenticate(ConnectionEnvironment connEnv, T authnCtx)`
`org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken`	`authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, AbstractAuthenticationContext authnCtx)`
`@NotNull FocusType`	`checkCredentials(ConnectionEnvironment connEnv, T authnCtx)`
`protected abstract void`	`checkEnteredCredentials(ConnectionEnvironment connEnv, T authCtx)`
`protected boolean`	`decryptAndMatch(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, String enteredPassword)`
`String`	`getAndCheckUserPassword(ConnectionEnvironment connEnv, String username)`	Special-purpose method used for Web Service authentication based on javax.security callbacks.
`protected abstract C`	`getCredential(CredentialsType credentials)`
`protected String`	`getDecryptedValue(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString)`
`protected abstract CredentialPolicyType`	`getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, T authnCtx)`
`protected abstract boolean`	`passwordMatches(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C passwordType, T authCtx)`
`void`	`recordAuthenticationBehavior(String username, MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, String reason, Class<? extends FocusType> focusType, boolean isSuccess)`
`protected void`	`recordAuthenticationFailure(@NotNull MidPointPrincipal principal, ConnectionEnvironment connEnv, String reason)`
`protected void`	`recordAuthenticationFailure(String username, ConnectionEnvironment connEnv, String reason)`
`protected void`	`recordPasswordAuthenticationFailure(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, @NotNull AuthenticationBehavioralDataType passwordType, CredentialPolicyType credentialsPolicy, String reason, boolean audit)`
`protected void`	`recordPasswordAuthenticationSuccess(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, @NotNull AuthenticationBehavioralDataType passwordType, boolean audit)`
`void`	`setMessageSource(org.springframework.context.MessageSource messageSource)`
`protected abstract boolean`	`supportsActivation()`
`protected abstract boolean`	`supportsAuthzCheck()`
`protected abstract void`	`validateCredentialNotNull(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C credential)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

messages

protected org.springframework.context.support.MessageSourceAccessor messages

Constructor Detail
- AuthenticationEvaluatorImpl
```
public AuthenticationEvaluatorImpl()
```

Method Detail

setMessageSource
```
public void setMessageSource(org.springframework.context.MessageSource messageSource)
```
Specified by:

setMessageSource in interface org.springframework.context.MessageSourceAware

checkEnteredCredentials

protected abstract void checkEnteredCredentials(ConnectionEnvironment connEnv,
                                                T authCtx)

supportsAuthzCheck

protected abstract boolean supportsAuthzCheck()

getCredential

protected abstract C getCredential(CredentialsType credentials)

validateCredentialNotNull

protected abstract void validateCredentialNotNull(ConnectionEnvironment connEnv,
                                                  @NotNull
                                                  @NotNull MidPointPrincipal principal,
                                                  C credential)

passwordMatches

protected abstract boolean passwordMatches(ConnectionEnvironment connEnv,
                                           @NotNull
                                           @NotNull MidPointPrincipal principal,
                                           C passwordType,
                                           T authCtx)

getEffectiveCredentialPolicy

protected abstract CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy,
                                                                     T authnCtx)
                                                              throws SchemaException

Throws:: SchemaException

supportsActivation

protected abstract boolean supportsActivation()

authenticate

public org.springframework.security.authentication.UsernamePasswordAuthenticationToken authenticate(ConnectionEnvironment connEnv,
                                                                                                    T authnCtx)
                                                                                             throws org.springframework.security.authentication.BadCredentialsException,
                                                                                                    org.springframework.security.authentication.AuthenticationCredentialsNotFoundException,
                                                                                                    org.springframework.security.authentication.DisabledException,
                                                                                                    org.springframework.security.authentication.LockedException,
                                                                                                    org.springframework.security.authentication.CredentialsExpiredException,
                                                                                                    org.springframework.security.authentication.AuthenticationServiceException,
                                                                                                    org.springframework.security.access.AccessDeniedException,
                                                                                                    org.springframework.security.core.userdetails.UsernameNotFoundException

Specified by:: authenticate in interface AuthenticationEvaluator<C extends AbstractCredentialType>
Throws:: org.springframework.security.authentication.BadCredentialsException; org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; org.springframework.security.authentication.DisabledException; org.springframework.security.authentication.LockedException; org.springframework.security.authentication.CredentialsExpiredException; org.springframework.security.authentication.AuthenticationServiceException; org.springframework.security.access.AccessDeniedException; org.springframework.security.core.userdetails.UsernameNotFoundException

checkCredentials

@NotNull
public @NotNull FocusType checkCredentials(ConnectionEnvironment connEnv,
                                           T authnCtx)
                                    throws org.springframework.security.authentication.BadCredentialsException,
                                           org.springframework.security.authentication.AuthenticationCredentialsNotFoundException,
                                           org.springframework.security.authentication.DisabledException,
                                           org.springframework.security.authentication.LockedException,
                                           org.springframework.security.authentication.CredentialsExpiredException,
                                           org.springframework.security.authentication.AuthenticationServiceException,
                                           org.springframework.security.access.AccessDeniedException,
                                           org.springframework.security.core.userdetails.UsernameNotFoundException

Specified by:: checkCredentials in interface AuthenticationEvaluator<C extends AbstractCredentialType>
Throws:: org.springframework.security.authentication.BadCredentialsException; org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; org.springframework.security.authentication.DisabledException; org.springframework.security.authentication.LockedException; org.springframework.security.authentication.CredentialsExpiredException; org.springframework.security.authentication.AuthenticationServiceException; org.springframework.security.access.AccessDeniedException; org.springframework.security.core.userdetails.UsernameNotFoundException

getAndCheckUserPassword

public String getAndCheckUserPassword(ConnectionEnvironment connEnv,
                                      String username)
                               throws org.springframework.security.authentication.AuthenticationCredentialsNotFoundException,
                                      org.springframework.security.authentication.DisabledException,
                                      org.springframework.security.authentication.LockedException,
                                      org.springframework.security.authentication.CredentialsExpiredException,
                                      org.springframework.security.authentication.AuthenticationServiceException,
                                      org.springframework.security.access.AccessDeniedException,
                                      org.springframework.security.core.userdetails.UsernameNotFoundException

Special-purpose method used for Web Service authentication based on javax.security callbacks. In that case there is no reasonable way how to reuse existing methods. Therefore this method is NOT part of the AuthenticationEvaluator interface. It is mostly a glue to make the old Java security code work.

Throws:: org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; org.springframework.security.authentication.DisabledException; org.springframework.security.authentication.LockedException; org.springframework.security.authentication.CredentialsExpiredException; org.springframework.security.authentication.AuthenticationServiceException; org.springframework.security.access.AccessDeniedException; org.springframework.security.core.userdetails.UsernameNotFoundException

authenticateUserPreAuthenticated

public org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken authenticateUserPreAuthenticated(ConnectionEnvironment connEnv,
                                                                                                                                    AbstractAuthenticationContext authnCtx)

Specified by:: authenticateUserPreAuthenticated in interface AuthenticationEvaluator<C extends AbstractCredentialType>

decryptAndMatch

protected boolean decryptAndMatch(ConnectionEnvironment connEnv,
                                  @NotNull
                                  @NotNull MidPointPrincipal principal,
                                  ProtectedStringType protectedString,
                                  String enteredPassword)

getDecryptedValue

protected String getDecryptedValue(ConnectionEnvironment connEnv,
                                   @NotNull
                                   @NotNull MidPointPrincipal principal,
                                   ProtectedStringType protectedString)

recordPasswordAuthenticationSuccess

protected void recordPasswordAuthenticationSuccess(@NotNull
                                                   @NotNull MidPointPrincipal principal,
                                                   @NotNull
                                                   @NotNull ConnectionEnvironment connEnv,
                                                   @NotNull
                                                   @NotNull AuthenticationBehavioralDataType passwordType,
                                                   boolean audit)

recordAuthenticationBehavior

public void recordAuthenticationBehavior(String username,
                                         MidPointPrincipal principal,
                                         @NotNull
                                         @NotNull ConnectionEnvironment connEnv,
                                         String reason,
                                         Class<? extends FocusType> focusType,
                                         boolean isSuccess)

recordPasswordAuthenticationFailure

protected void recordPasswordAuthenticationFailure(@NotNull
                                                   @NotNull MidPointPrincipal principal,
                                                   @NotNull
                                                   @NotNull ConnectionEnvironment connEnv,
                                                   @NotNull
                                                   @NotNull AuthenticationBehavioralDataType passwordType,
                                                   CredentialPolicyType credentialsPolicy,
                                                   String reason,
                                                   boolean audit)

recordAuthenticationFailure

protected void recordAuthenticationFailure(@NotNull
                                           @NotNull MidPointPrincipal principal,
                                           ConnectionEnvironment connEnv,
                                           String reason)

recordAuthenticationFailure

protected void recordAuthenticationFailure(String username,
                                           ConnectionEnvironment connEnv,
                                           String reason)

Class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,​T extends AbstractAuthenticationContext>

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

messages

Constructor Detail

AuthenticationEvaluatorImpl

Method Detail

setMessageSource

checkEnteredCredentials

supportsAuthzCheck

getCredential

validateCredentialNotNull

passwordMatches

getEffectiveCredentialPolicy

supportsActivation

authenticate

checkCredentials

getAndCheckUserPassword

authenticateUserPreAuthenticated

decryptAndMatch

getDecryptedValue

recordPasswordAuthenticationSuccess

recordAuthenticationBehavior

recordPasswordAuthenticationFailure

recordAuthenticationFailure

recordAuthenticationFailure

Class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext>