/** * Instantiates a new handler result. * * @param source the source * @param metaData the meta data * @param p the p * @param warnings the warnings */ public DefaultAuthenticationHandlerExecutionResult(final AuthenticationHandler source, final CredentialMetaData metaData, final Principal p, final @NonNull List<MessageDescriptor> warnings) { this(StringUtils.isBlank(source.getName()) ? source.getClass().getSimpleName() : source.getName(), metaData, p, warnings); }
@Override public boolean supports(final Credential credential) { return this.authenticationHandler.supports(credential); } }
@Override public Set<AuthenticationHandler> resolve(final Set<AuthenticationHandler> candidateHandlers, final AuthenticationTransaction transaction) { val finalHandlers = new LinkedHashSet<AuthenticationHandler>(); val upcs = transaction.getCredentialsOfType(UsernamePasswordCredential.class); candidateHandlers .stream() .filter(handler -> handler.supports(UsernamePasswordCredential.class)) .filter(handler -> { val handlerName = handler.getName(); LOGGER.debug("Evaluating authentication handler [{}] for eligibility", handlerName); return upcs.stream().anyMatch(c -> { LOGGER.debug("Comparing credential source [{}] against authentication handler [{}]", c.getSource(), handlerName); return StringUtils.isNotBlank(c.getSource()) && c.getSource().equalsIgnoreCase(handlerName); }); }) .forEach(finalHandlers::add); return finalHandlers; } }
val result = handler.authenticate(credential); val authenticationHandlerName = handler.getName(); builder.addSuccess(authenticationHandlerName, result); LOGGER.debug("Authentication handler [{}] successfully authenticated [{}]", authenticationHandlerName, credential);
while (proceedWithNextHandler && itHandlers.hasNext()) { val handler = itHandlers.next(); if (handler.supports(credential)) { try { val resolver = getPrincipalResolverLinkedToHandlerIfAny(handler, transaction); LOGGER.debug("Attempting authentication of [{}] using [{}]", credential.getId(), handler.getName()); authenticateAndResolvePrincipal(builder, credential, resolver, handler); val authnResult = builder.build(); + "the authentication event.", credential, credential.getClass().getSimpleName()); handleAuthenticationException(e, handler.getName(), builder); proceedWithNextHandler = true; LOGGER.debug("Authentication handler [{}] does not support the credential type [{}]. Trying next...", handler.getName(), credential);
@Override public void registerAuthenticationHandlerWithPrincipalResolver(final AuthenticationHandler handler, final PrincipalResolver principalResolver) { if (principalResolver == null) { LOGGER.trace("Registering handler [{}] with no principal resolver into the execution plan", handler.getName()); } else { LOGGER.trace("Registering handler [{}] principal resolver [{}] into the execution plan", handler.getName(), principalResolver.getName()); } this.authenticationHandlerPrincipalResolverMap.put(handler, principalResolver); }
@Override public void populateAttributes(final AuthenticationBuilder builder, final AuthenticationTransaction transaction) { if (builder.hasAttribute(AuthenticationManager.AUTHENTICATION_METHOD_ATTRIBUTE, obj -> obj.toString().equals(this.authenticationHandler.getName()))) { builder.mergeAttribute(this.authenticationContextAttribute, this.authenticationContextAttributeValue); } }
@ConditionalOnMissingBean(name = "ldapAuthenticationEventExecutionPlanConfigurer") @Bean public AuthenticationEventExecutionPlanConfigurer ldapAuthenticationEventExecutionPlanConfigurer() { return plan -> ldapAuthenticationHandlers().forEach(handler -> { LOGGER.info("Registering LDAP authentication for [{}]", handler.getName()); plan.registerAuthenticationHandlerWithPrincipalResolver(handler, defaultPrincipalResolver.getIfAvailable()); }); } }
@Override public Set<AuthenticationHandler> resolve(final Set<AuthenticationHandler> candidateHandlers, final AuthenticationTransaction transaction) { val service = transaction.getService(); val registeredService = this.servicesManager.findServiceBy(service); val requiredHandlers = registeredService.getRequiredHandlers(); LOGGER.debug("Authentication transaction requires [{}] for service [{}]", requiredHandlers, service); val handlerSet = new LinkedHashSet<AuthenticationHandler>(candidateHandlers); LOGGER.info("Candidate authentication handlers examined this transaction are [{}]", handlerSet); val it = handlerSet.iterator(); while (it.hasNext()) { val handler = it.next(); val handlerName = handler.getName(); if (!(handler instanceof HttpBasedServiceCredentialsAuthenticationHandler) && !requiredHandlers.contains(handlerName)) { LOGGER.debug("Authentication handler [{}] is not required for this transaction and is removed", handlerName); it.remove(); } } LOGGER.debug("Authentication handlers for this transaction are [{}]", handlerSet); return handlerSet; } }
/** * Resolve principal. * * @param handler the handler name * @param resolver the resolver * @param credential the credential * @param principal the current authenticated principal from a handler, if any. * @return the principal */ protected Principal resolvePrincipal(final AuthenticationHandler handler, final PrincipalResolver resolver, final Credential credential, final Principal principal) { if (resolver.supports(credential)) { try { val p = resolver.resolve(credential, Optional.ofNullable(principal), Optional.ofNullable(handler)); LOGGER.debug("[{}] resolved [{}] from [{}]", resolver, p, credential); return p; } catch (final Exception e) { LOGGER.error("[{}] failed to resolve principal from [{}]", resolver, credential, e); } } else { LOGGER.warn( "[{}] is configured to use [{}] but it does not support [{}], which suggests a configuration problem.", handler.getName(), resolver, credential); } return null; }