Package org.apache.syncope.core.spring.security

Class AuthDataAccessor

java.lang.Object

org.apache.syncope.core.spring.security.AuthDataAccessor

public class AuthDataAccessor
extends Object

Domain-sensible (via @Transactional) access to authentication / authorization data.

See Also:

JWTAuthenticationFilter, UsernamePasswordAuthenticationProvider, SyncopeAuthenticationDetails

Field Summary

Fields

Modifier and Type	Field	Description
protected AccessTokenDAO	accessTokenDAO
protected static Set<SyncopeGrantedAuthority>	ANONYMOUS_AUTHORITIES
protected AnySearchDAO	anySearchDAO
protected AuditManager	auditManager
protected ConfParamOps	confParamOps
protected ConnectorManager	connectorManager
protected DelegationDAO	delegationDAO
protected static Encryptor	ENCRYPTOR
static String	GROUP_OWNER_ROLE
protected GroupDAO	groupDAO
protected static Logger	LOG
protected MappingManager	mappingManager
protected static Set<SyncopeGrantedAuthority>	MUST_CHANGE_PASSWORD_AUTHORITIES
protected RealmDAO	realmDAO
protected RoleDAO	roleDAO
protected SecurityProperties	securityProperties
protected UserDAO	userDAO

Constructor Summary

Constructors

Constructor	Description
AuthDataAccessor(SecurityProperties securityProperties, RealmDAO realmDAO, UserDAO userDAO, GroupDAO groupDAO, AnySearchDAO anySearchDAO, AccessTokenDAO accessTokenDAO, ConfParamOps confParamOps, RoleDAO roleDAO, DelegationDAO delegationDAO, ConnectorManager connectorManager, AuditManager auditManager, MappingManager mappingManager, List<JWTSSOProvider> jwtSSOProviders)

Method Summary

Modifier and Type	Method	Description
void	audit(String username, String delegationKey, AuditElements.Result result, Object output, Object... input)
Triple<User,Boolean,String>	authenticate(String domain, Authentication authentication)	Attempts to authenticate the given credentials against internal storage and pass-through resources (if configured): the first succeeding causes global success.
protected boolean	authenticate(User user, String password)
Pair<String,Set<SyncopeGrantedAuthority>>	authenticate(JWTAuthentication authentication)
protected Set<SyncopeGrantedAuthority>	buildAuthorities(Map<String,Set<String>> entForRealms)
protected Set<SyncopeGrantedAuthority>	getAdminAuthorities()
Set<SyncopeGrantedAuthority>	getAuthorities(String username, String delegationKey)
protected Set<SyncopeGrantedAuthority>	getDelegatedAuthorities(Delegation delegation)
protected String	getDelegationKey(SyncopeAuthenticationDetails details, String delegatedKey)
JWTSSOProvider	getJWTSSOProvider(String issuer)
protected Set<? extends ExternalResource>	getPassthroughResources(User user)
protected Set<SyncopeGrantedAuthority>	getUserAuthorities(User user)
void	removeExpired(String tokenKey)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

protected static final Logger LOG

GROUP_OWNER_ROLE

public static final String GROUP_OWNER_ROLE

See Also:

Constant Field Values

ENCRYPTOR

protected static final Encryptor ENCRYPTOR

ANONYMOUS_AUTHORITIES

protected static final Set<SyncopeGrantedAuthority> ANONYMOUS_AUTHORITIES

MUST_CHANGE_PASSWORD_AUTHORITIES

protected static final Set<SyncopeGrantedAuthority> MUST_CHANGE_PASSWORD_AUTHORITIES

securityProperties

protected final SecurityProperties securityProperties

realmDAO

protected final RealmDAO realmDAO

userDAO

protected final UserDAO userDAO

groupDAO

protected final GroupDAO groupDAO

anySearchDAO

protected final AnySearchDAO anySearchDAO

accessTokenDAO

protected final AccessTokenDAO accessTokenDAO

confParamOps

protected final ConfParamOps confParamOps

roleDAO

protected final RoleDAO roleDAO

delegationDAO

protected final DelegationDAO delegationDAO

connectorManager

protected final ConnectorManager connectorManager

auditManager

protected final AuditManager auditManager

mappingManager

protected final MappingManager mappingManager

Constructor Detail

AuthDataAccessor

public AuthDataAccessor(SecurityProperties securityProperties,
                        RealmDAO realmDAO,
                        UserDAO userDAO,
                        GroupDAO groupDAO,
                        AnySearchDAO anySearchDAO,
                        AccessTokenDAO accessTokenDAO,
                        ConfParamOps confParamOps,
                        RoleDAO roleDAO,
                        DelegationDAO delegationDAO,
                        ConnectorManager connectorManager,
                        AuditManager auditManager,
                        MappingManager mappingManager,
                        List<JWTSSOProvider> jwtSSOProviders)

Method Detail

getJWTSSOProvider

public JWTSSOProvider getJWTSSOProvider(String issuer)

getDelegationKey

protected String getDelegationKey(SyncopeAuthenticationDetails details,
                                  String delegatedKey)

authenticate

@Transactional(noRollbackFor=org.springframework.security.authentication.DisabledException.class)
public Triple<User,Boolean,String> authenticate(String domain,
                                                            Authentication authentication)

Attempts to authenticate the given credentials against internal storage and pass-through resources (if configured): the first succeeding causes global success.

Parameters:

domain - domain

authentication - given credentials

Returns:

null if no matching user was found, authentication result otherwise

authenticate

protected boolean authenticate(User user,
                               String password)

getPassthroughResources

protected Set<? extends ExternalResource> getPassthroughResources(User user)

getAdminAuthorities

protected Set<SyncopeGrantedAuthority> getAdminAuthorities()

buildAuthorities

protected Set<SyncopeGrantedAuthority> buildAuthorities(Map<String,Set<String>> entForRealms)

getUserAuthorities

protected Set<SyncopeGrantedAuthority> getUserAuthorities(User user)

getDelegatedAuthorities

protected Set<SyncopeGrantedAuthority> getDelegatedAuthorities(Delegation delegation)

getAuthorities

@Transactional
public Set<SyncopeGrantedAuthority> getAuthorities(String username,
                                                   String delegationKey)

authenticate

@Transactional
public Pair<String,Set<SyncopeGrantedAuthority>> authenticate(JWTAuthentication authentication)

removeExpired

@Transactional
public void removeExpired(String tokenKey)

audit

@Transactional(readOnly=true)
public void audit(String username,
                  String delegationKey,
                  AuditElements.Result result,
                  Object output,
                  Object... input)