PasswordAuthenticationEvaluatorImpl.java example

Explorer
midpoint-master
package com.evolveum.midpoint.model.impl.security;

import org.apache.commons.lang.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;

import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;

@Component("passwordAuthenticationEvaluator")
public class PasswordAuthenticationEvaluatorImpl extends AuthenticationEvaluatorImpl<PasswordType, PasswordAuthenticationContext>{

	@Override
	protected void checkEnteredCredentials(ConnectionEnvironment connEnv, PasswordAuthenticationContext authCtx) {
		if (StringUtils.isBlank(authCtx.getPassword())) {
			recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided");
			throw new BadCredentialsException("web.security.provider.password.encoding");
		}
	}

	@Override
	protected boolean suportsAuthzCheck() {
		return true;
	}

	@Override
	protected PasswordType getCredential(CredentialsType credentials) {
		return credentials.getPassword();
	}

	@Override
	protected void validateCredentialNotNull(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, PasswordType credential) {
		
		ProtectedStringType protectedString = credential.getValue();
		
		if (protectedString == null) {
			recordAuthenticationFailure(principal, connEnv, "no stored password value");
			throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad");
		}
		
	}

	@Override
	protected boolean passwordMatches(ConnectionEnvironment connEnv, MidPointPrincipal principal,
			PasswordType passwordType, PasswordAuthenticationContext authCtx) {
		return decryptAndMatch(connEnv, principal, passwordType.getValue(), authCtx.getPassword());
	}


	@Override
	protected CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy,
			PasswordAuthenticationContext authnCtx) throws SchemaException {
		return SecurityUtil.getEffectivePasswordCredentialsPolicy(securityPolicy);
	}
	
	@Override
	protected boolean supportsActivation() {
		return true;
	}
	

}