Class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext>
- java.lang.Object
-
- com.evolveum.midpoint.model.impl.security.AuthenticationEvaluatorImpl<C,T>
-
- All Implemented Interfaces:
AuthenticationEvaluator<T>
,org.springframework.beans.factory.Aware
,org.springframework.context.MessageSourceAware
- Direct Known Subclasses:
NonceAuthenticationEvaluatorImpl
,PasswordAuthenticationEvaluatorImpl
,SecurityQuestionAuthenticationEvaluatorImpl
public abstract class AuthenticationEvaluatorImpl<C extends AbstractCredentialType,T extends AbstractAuthenticationContext> extends Object implements AuthenticationEvaluator<T>, org.springframework.context.MessageSourceAware
- Author:
- semancik
-
-
Field Summary
Fields Modifier and Type Field Description protected org.springframework.context.support.MessageSourceAccessor
messages
-
Constructor Summary
Constructors Constructor Description AuthenticationEvaluatorImpl()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description org.springframework.security.authentication.UsernamePasswordAuthenticationToken
authenticate(ConnectionEnvironment connEnv, T authnCtx)
org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, AbstractAuthenticationContext authnCtx)
@NotNull FocusType
checkCredentials(ConnectionEnvironment connEnv, T authnCtx)
protected abstract void
checkEnteredCredentials(ConnectionEnvironment connEnv, T authCtx)
protected boolean
decryptAndMatch(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, String enteredPassword)
protected @NotNull MidPointPrincipal
getAndCheckPrincipal(ConnectionEnvironment connEnv, String enteredUsername, Class<? extends FocusType> clazz, boolean supportsActivationCheck)
String
getAndCheckUserPassword(ConnectionEnvironment connEnv, String username)
Special-purpose method used for Web Service authentication based on javax.security callbacks.protected abstract C
getCredential(CredentialsType credentials)
protected String
getDecryptedValue(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString)
protected abstract CredentialPolicyType
getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, T authnCtx)
protected boolean
hasAnyAuthorization(MidPointPrincipal principal)
protected abstract boolean
passwordMatches(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C passwordType, T authCtx)
void
recordAuthenticationBehavior(String username, MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, String reason, Class<? extends FocusType> focusType, boolean isSuccess)
protected void
recordAuthenticationFailure(@NotNull MidPointPrincipal principal, ConnectionEnvironment connEnv, String reason)
protected void
recordAuthenticationFailure(String username, ConnectionEnvironment connEnv, String reason)
protected void
recordPasswordAuthenticationSuccess(@NotNull MidPointPrincipal principal, @NotNull ConnectionEnvironment connEnv, @NotNull AuthenticationBehavioralDataType passwordType, boolean audit)
void
setMessageSource(org.springframework.context.MessageSource messageSource)
protected abstract boolean
supportsActivation()
protected abstract boolean
supportsAuthzCheck()
protected abstract void
validateCredentialNotNull(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, C credential)
-
-
-
Method Detail
-
setMessageSource
public void setMessageSource(org.springframework.context.MessageSource messageSource)
- Specified by:
setMessageSource
in interfaceorg.springframework.context.MessageSourceAware
-
checkEnteredCredentials
protected abstract void checkEnteredCredentials(ConnectionEnvironment connEnv, T authCtx)
-
supportsAuthzCheck
protected abstract boolean supportsAuthzCheck()
-
getCredential
protected abstract C getCredential(CredentialsType credentials)
-
validateCredentialNotNull
protected abstract void validateCredentialNotNull(ConnectionEnvironment connEnv, @NotNull @NotNull MidPointPrincipal principal, C credential)
-
passwordMatches
protected abstract boolean passwordMatches(ConnectionEnvironment connEnv, @NotNull @NotNull MidPointPrincipal principal, C passwordType, T authCtx)
-
getEffectiveCredentialPolicy
protected abstract CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, T authnCtx) throws SchemaException
- Throws:
SchemaException
-
supportsActivation
protected abstract boolean supportsActivation()
-
authenticate
public org.springframework.security.authentication.UsernamePasswordAuthenticationToken authenticate(ConnectionEnvironment connEnv, T authnCtx) throws org.springframework.security.authentication.BadCredentialsException, org.springframework.security.authentication.AuthenticationCredentialsNotFoundException, org.springframework.security.authentication.DisabledException, org.springframework.security.authentication.LockedException, org.springframework.security.authentication.CredentialsExpiredException, org.springframework.security.authentication.AuthenticationServiceException, org.springframework.security.access.AccessDeniedException, org.springframework.security.core.userdetails.UsernameNotFoundException
- Specified by:
authenticate
in interfaceAuthenticationEvaluator<C extends AbstractCredentialType>
- Throws:
org.springframework.security.authentication.BadCredentialsException
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
org.springframework.security.authentication.DisabledException
org.springframework.security.authentication.LockedException
org.springframework.security.authentication.CredentialsExpiredException
org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.access.AccessDeniedException
org.springframework.security.core.userdetails.UsernameNotFoundException
-
checkCredentials
@NotNull public @NotNull FocusType checkCredentials(ConnectionEnvironment connEnv, T authnCtx) throws org.springframework.security.authentication.BadCredentialsException, org.springframework.security.authentication.AuthenticationCredentialsNotFoundException, org.springframework.security.authentication.DisabledException, org.springframework.security.authentication.LockedException, org.springframework.security.authentication.CredentialsExpiredException, org.springframework.security.authentication.AuthenticationServiceException, org.springframework.security.access.AccessDeniedException, org.springframework.security.core.userdetails.UsernameNotFoundException
- Specified by:
checkCredentials
in interfaceAuthenticationEvaluator<C extends AbstractCredentialType>
- Throws:
org.springframework.security.authentication.BadCredentialsException
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
org.springframework.security.authentication.DisabledException
org.springframework.security.authentication.LockedException
org.springframework.security.authentication.CredentialsExpiredException
org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.access.AccessDeniedException
org.springframework.security.core.userdetails.UsernameNotFoundException
-
getAndCheckUserPassword
public String getAndCheckUserPassword(ConnectionEnvironment connEnv, String username) throws org.springframework.security.authentication.AuthenticationCredentialsNotFoundException, org.springframework.security.authentication.DisabledException, org.springframework.security.authentication.LockedException, org.springframework.security.authentication.CredentialsExpiredException, org.springframework.security.authentication.AuthenticationServiceException, org.springframework.security.access.AccessDeniedException, org.springframework.security.core.userdetails.UsernameNotFoundException
Special-purpose method used for Web Service authentication based on javax.security callbacks. In that case there is no reasonable way how to reuse existing methods. Therefore this method is NOT part of the AuthenticationEvaluator interface. It is mostly a glue to make the old Java security code work.- Throws:
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
org.springframework.security.authentication.DisabledException
org.springframework.security.authentication.LockedException
org.springframework.security.authentication.CredentialsExpiredException
org.springframework.security.authentication.AuthenticationServiceException
org.springframework.security.access.AccessDeniedException
org.springframework.security.core.userdetails.UsernameNotFoundException
-
authenticateUserPreAuthenticated
public org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken authenticateUserPreAuthenticated(ConnectionEnvironment connEnv, AbstractAuthenticationContext authnCtx)
- Specified by:
authenticateUserPreAuthenticated
in interfaceAuthenticationEvaluator<C extends AbstractCredentialType>
-
getAndCheckPrincipal
@NotNull protected @NotNull MidPointPrincipal getAndCheckPrincipal(ConnectionEnvironment connEnv, String enteredUsername, Class<? extends FocusType> clazz, boolean supportsActivationCheck)
-
hasAnyAuthorization
protected boolean hasAnyAuthorization(MidPointPrincipal principal)
-
decryptAndMatch
protected boolean decryptAndMatch(ConnectionEnvironment connEnv, @NotNull @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, String enteredPassword)
-
getDecryptedValue
protected String getDecryptedValue(ConnectionEnvironment connEnv, @NotNull @NotNull MidPointPrincipal principal, ProtectedStringType protectedString)
-
recordPasswordAuthenticationSuccess
protected void recordPasswordAuthenticationSuccess(@NotNull @NotNull MidPointPrincipal principal, @NotNull @NotNull ConnectionEnvironment connEnv, @NotNull @NotNull AuthenticationBehavioralDataType passwordType, boolean audit)
-
recordAuthenticationBehavior
public void recordAuthenticationBehavior(String username, MidPointPrincipal principal, @NotNull @NotNull ConnectionEnvironment connEnv, String reason, Class<? extends FocusType> focusType, boolean isSuccess)
-
recordAuthenticationFailure
protected void recordAuthenticationFailure(@NotNull @NotNull MidPointPrincipal principal, ConnectionEnvironment connEnv, String reason)
-
recordAuthenticationFailure
protected void recordAuthenticationFailure(String username, ConnectionEnvironment connEnv, String reason)
-
-