@Override public List<SecurityQuestionDefinitionType> run() { Task task = getTaskManager().createTaskInstance("Search user by name"); OperationResult result = task.getResult(); SecurityPolicyType securityPolicyType = null; try { SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("rest_sec_q_auth", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"))); securityPolicyType = modelInteractionService.getSecurityPolicy(user, task, result); } catch (ObjectNotFoundException | SchemaException | CommunicationException | ConfigurationException | SecurityViolationException | ExpressionEvaluationException e) { return null; } finally { SecurityContextHolder.getContext().setAuthentication(null); } if (securityPolicyType.getCredentials() != null && securityPolicyType.getCredentials().getSecurityQuestions() != null){ return securityPolicyType.getCredentials().getSecurityQuestions().getQuestion(); } return null; } });
public static NonceCredentialsPolicyType getCredentialPolicy(String policyName, SecurityPolicyType securityPolicy) throws SchemaException { CredentialsPolicyType credentialsPolicy = securityPolicy.getCredentials(); if (credentialsPolicy == null) { return null;
public static List<NonceCredentialsPolicyType> getEffectiveNonceCredentialsPolicies(SecurityPolicyType securityPolicy) { if (securityPolicy == null) { return null; } CredentialsPolicyType creds = securityPolicy.getCredentials(); if (creds == null) { return null; } if (creds.getDefault() == null) { return creds.getNonce(); } List<NonceCredentialsPolicyType> existingNoncePolicies = creds.getNonce(); List<NonceCredentialsPolicyType> newNoncePolicies = new ArrayList<>(existingNoncePolicies.size()); for(NonceCredentialsPolicyType noncePolicy: existingNoncePolicies) { NonceCredentialsPolicyType newNoncePolicy = noncePolicy.clone(); copyDefaults(creds.getDefault(), newNoncePolicy); newNoncePolicies.add(newNoncePolicy); } return newNoncePolicies; }
/** * Called from ChangeExecutor. Will modify the execution deltas to hash or remove credentials if needed. */ public <O extends ObjectType> ObjectDelta<O> transformFocusExecutionDelta(LensContext<O> context, ObjectDelta<O> focusDelta) throws SchemaException, EncryptionException { LensFocusContext<O> focusContext = context.getFocusContext(); SecurityPolicyType securityPolicy = focusContext.getSecurityPolicy(); if (securityPolicy == null) { return focusDelta; } CredentialsPolicyType credsType = securityPolicy.getCredentials(); if (credsType == null) { return focusDelta; } ObjectDelta<O> transformedDelta = focusDelta.clone(); transformFocusExecutionDeltaForPasswords(context, credsType, credsType.getPassword(), SchemaConstants.PATH_PASSWORD_VALUE, transformedDelta, "password"); // TODO: nonce and others return transformedDelta; }
private void postProcessSecurityPolicy(SecurityPolicyType securityPolicyType, Task task, OperationResult result) { CredentialsPolicyType creds = securityPolicyType.getCredentials(); if (creds != null) { PasswordCredentialsPolicyType passwd = creds.getPassword(); if (passwd != null) { postProcessPasswordCredentialPolicy(securityPolicyType, passwd, task, result); } for (NonceCredentialsPolicyType nonce: creds.getNonce()) { postProcessCredentialPolicy(securityPolicyType, nonce, "nonce credential policy", task, result); } SecurityQuestionsCredentialsPolicyType securityQuestions = creds.getSecurityQuestions(); if (securityQuestions != null) { postProcessCredentialPolicy(securityPolicyType, securityQuestions, "security questions credential policy", task, result); } } }
/** * Not very systematic. Used mostly in hacks. */ public static ValuePolicyType getPasswordPolicy(SecurityPolicyType securityPolicy) { if (securityPolicy == null) { return null; } CredentialsPolicyType creds = securityPolicy.getCredentials(); if (creds == null) { return null; } PasswordCredentialsPolicyType passd = creds.getPassword(); if (passd == null) { return null; } ObjectReferenceType valuePolicyRef = passd.getValuePolicyRef(); if (valuePolicyRef == null) { return null; } PrismObject<ValuePolicyType> policyObj = valuePolicyRef.asReferenceValue().getObject(); if (policyObj == null) { return null; } return policyObj.asObjectable(); }
public static SecurityQuestionsCredentialsPolicyType getEffectiveSecurityQuestionsCredentialsPolicy(SecurityPolicyType securityPolicy) { if (securityPolicy == null) { return null; } CredentialsPolicyType creds = securityPolicy.getCredentials(); if (creds == null) { return null; } if (creds.getDefault() == null) { return creds.getSecurityQuestions(); } SecurityQuestionsCredentialsPolicyType securityQuestionsPolicy = creds.getSecurityQuestions(); if (securityQuestionsPolicy == null) { securityQuestionsPolicy = new SecurityQuestionsCredentialsPolicyType(); } else { securityQuestionsPolicy = securityQuestionsPolicy.clone(); } copyDefaults(creds.getDefault(), securityQuestionsPolicy); return securityQuestionsPolicy; }
public static PasswordCredentialsPolicyType getEffectivePasswordCredentialsPolicy(SecurityPolicyType securityPolicy) { if (securityPolicy == null) { return null; } CredentialsPolicyType creds = securityPolicy.getCredentials(); if (creds == null) { return null; } if (creds.getDefault() == null) { return creds.getPassword(); } PasswordCredentialsPolicyType passPolicy = creds.getPassword(); if (passPolicy == null) { passPolicy = new PasswordCredentialsPolicyType(); } else { passPolicy = passPolicy.clone(); } copyDefaults(creds.getDefault(), passPolicy); return passPolicy; }
SecurityPolicyType securityPolicy = securityHelper.locateGlobalSecurityPolicy(user, systemConfigurationType.asPrismObject(), task, parentResult); if (securityPolicy != null) { policy = securityPolicy.getCredentials(); SecurityPolicyType securityPolicy = securityHelper.locateGlobalPasswordPolicy(systemConfigurationType, task, parentResult); if (securityPolicy != null) { policy = securityPolicy.getCredentials();