Class AuthDataAccessor
java.lang.Object
org.apache.syncope.core.spring.security.AuthDataAccessor
- Direct Known Subclasses:
InstrumentedAuthDataAccessor
Domain-sensible (via
@Transactional) access to authentication / authorization data.- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final recordstatic final record -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final AccessTokenDAOprotected static final Set<SyncopeGrantedAuthority> protected final AnySearchDAOprotected final AuditManagerprotected final ConfParamOpsprotected final ConnectorManagerprotected final DefaultCredentialCheckerprotected final DelegationDAOprotected final EncryptorManagerprotected final GroupDAOprotected static final Loggerprotected final MappingManagerprotected static final Set<SyncopeGrantedAuthority> protected static final Set<SyncopeGrantedAuthority> protected final RealmSearchDAOprotected final ExternalResourceDAOprotected final RoleDAOprotected final SecurityPropertiesprotected final dev.samstevens.totp.code.CodeVerifierprotected final UserDAO -
Constructor Summary
ConstructorsConstructorDescriptionAuthDataAccessor(SecurityProperties securityProperties, EncryptorManager encryptorManager, dev.samstevens.totp.code.CodeVerifier totpCodeVerifier, RealmSearchDAO realmSearchDAO, UserDAO userDAO, GroupDAO groupDAO, AnySearchDAO anySearchDAO, AccessTokenDAO accessTokenDAO, ConfParamOps confParamOps, RoleDAO roleDAO, DelegationDAO delegationDAO, ExternalResourceDAO resourceDAO, ConnectorManager connectorManager, AuditManager auditManager, MappingManager mappingManager, DefaultCredentialChecker credentialChecker, List<JWTSSOProvider> jwtSSOProviders) -
Method Summary
Modifier and TypeMethodDescriptionvoidaudit(String domain, String username, String delegationKey, OpEvent.Outcome outcome, Object output, Object... input) authenticate(Optional<Domain> domain, Authentication authentication) Attempts to authenticate the given credentials against internal storage and pass-through resources (if configured): the first succeeding causes global success.authenticate(JWTAuthentication authentication) authenticateAdmin(Optional<Domain> domain, Authentication authentication, boolean mfaEnabled) authenticateAnonymous(Authentication authentication) authenticateUser(String domain, Authentication authentication, boolean mfaEnabled, User user) protected static Set<SyncopeGrantedAuthority> buildAuthorities(Map<String, Set<String>> entForRealms) doAuthenticateAdmin(String domainKey, boolean mfaEnabled, String password, String otp, CipherAlgorithm cipherAlgorithm, String encoded, String mfaSecret) protected static Set<SyncopeGrantedAuthority> getAuthorities(String username, String delegationKey) protected static Set<SyncopeGrantedAuthority> getDelegatedAuthorities(Delegation delegation) protected StringgetDelegationKey(SyncopeAuthenticationDetails details, String delegatedKey) getJWTSSOProvider(String issuer) protected Set<ExternalResource> getPassthroughResources(User user) protected Set<SyncopeGrantedAuthority> getUserAuthorities(User user) protected static voidpopulateEntForRealms(Map<String, Set<String>> entForRealms, String entitlement, Collection<String> toAdd) voidremoveExpired(String tokenKey)
-
Field Details
-
LOG
-
ANONYMOUS_AUTHORITIES
-
MUST_CHANGE_PASSWORD_AUTHORITIES
-
MFA_ENROLL_AUTHORITIES
-
BASE_MANAGER_ENTITLEMENTS
-
USER_MANAGER_ENTITLEMENTS
-
GROUP_MANAGER_ENTITLEMENTS
-
ANYOBJECT_MANAGER_ENTITLEMENTS
-
securityProperties
-
encryptorManager
-
totpCodeVerifier
protected final dev.samstevens.totp.code.CodeVerifier totpCodeVerifier -
realmSearchDAO
-
userDAO
-
groupDAO
-
anySearchDAO
-
accessTokenDAO
-
confParamOps
-
roleDAO
-
delegationDAO
-
resourceDAO
-
connectorManager
-
auditManager
-
mappingManager
-
credentialChecker
-
-
Constructor Details
-
AuthDataAccessor
public AuthDataAccessor(SecurityProperties securityProperties, EncryptorManager encryptorManager, dev.samstevens.totp.code.CodeVerifier totpCodeVerifier, RealmSearchDAO realmSearchDAO, UserDAO userDAO, GroupDAO groupDAO, AnySearchDAO anySearchDAO, AccessTokenDAO accessTokenDAO, ConfParamOps confParamOps, RoleDAO roleDAO, DelegationDAO delegationDAO, ExternalResourceDAO resourceDAO, ConnectorManager connectorManager, AuditManager auditManager, MappingManager mappingManager, DefaultCredentialChecker credentialChecker, List<JWTSSOProvider> jwtSSOProviders)
-
-
Method Details
-
getAdminAuthorities
-
buildAuthorities
-
populateEntForRealms
-
getDelegatedAuthorities
-
getJWTSSOProvider
-
getDelegationKey
-
authenticateAnonymous
protected AuthDataAccessor.UsernamePasswordAuthResult authenticateAnonymous(Authentication authentication) -
doAuthenticateAdmin
protected AuthDataAccessor.UsernamePasswordAuthResult doAuthenticateAdmin(String domainKey, boolean mfaEnabled, String password, String otp, CipherAlgorithm cipherAlgorithm, String encoded, String mfaSecret) -
authenticateAdmin
protected AuthDataAccessor.UsernamePasswordAuthResult authenticateAdmin(Optional<Domain> domain, Authentication authentication, boolean mfaEnabled) -
getPassthroughResources
-
authenticateUser
protected AuthDataAccessor.UsernamePasswordAuthResult authenticateUser(String domain, Authentication authentication, boolean mfaEnabled, User user) -
authenticate
@Transactional(noRollbackFor=org.springframework.security.authentication.DisabledException.class) public AuthDataAccessor.UsernamePasswordAuthResult authenticate(Optional<Domain> domain, Authentication authentication) Attempts to authenticate the given credentials against internal storage and pass-through resources (if configured): the first succeeding causes global success.- Parameters:
domain- domainauthentication- given credentials- Returns:
- authentication result
-
getUserAuthorities
-
getAuthorities
@Transactional public Set<SyncopeGrantedAuthority> getAuthorities(String username, String delegationKey) -
authenticate
-
removeExpired
-
audit
@Transactional(readOnly=true) public void audit(String domain, String username, String delegationKey, OpEvent.Outcome outcome, Object output, Object... input)
-