Package io.getlime.security.powerauth.rest.api.spring.provider

Class PowerAuthAuthenticationProvider

java.lang.Object
io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProviderBase
io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProvider
@Component
public class PowerAuthAuthenticationProvider
extends PowerAuthAuthenticationProviderBase
Implementation of PowerAuth authentication provider.
Author:
Petr Dvorak, petr@wultra.com

  • Constructor Details

    • PowerAuthAuthenticationProvider

      @Autowired public PowerAuthAuthenticationProvider​(com.wultra.security.powerauth.client.PowerAuthClient powerAuthClient, ActivationStatusConverter activationStatusConverter)
      Provider constructor.
      Parameters:
      powerAuthClient - PowerAuth client.
      activationStatusConverter - Activation status converter.

  • Method Details

    • authenticate

      public org.springframework.security.core.Authentication authenticate​(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Authenticate user using the provided authentication.
      Parameters:
      authentication - Authentication used to verify the user.
      Returns:
      Authentication with the authenticated user details.
      Throws:
      org.springframework.security.core.AuthenticationException - In case authentication fails.

    • validateRequestSignature

      public PowerAuthApiAuthentication validateRequestSignature​(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException
      Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier. Make sure to accept only allowed signatures.
      Specified by:
      validateRequestSignature in class PowerAuthAuthenticationProviderBase
      Parameters:
      httpMethod - HTTP method (GET, POST, ...)
      httpBody - Body of the HTTP request.
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      allowedSignatureTypes - Allowed types of the signature.
      forcedSignatureVersion - Forced signature version, optional parameter used during upgrade.
      Returns:
      Instance of a PowerAuthApiAuthenticationImpl on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateRequestSignatureWithActivationDetails

      @Nonnull public PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails​(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException
      Description copied from class: PowerAuthAuthenticationProviderBase
      Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier. Make sure to accept only allowed signatures. Return an instance of PowerAuthApiAuthentication on both successful and failed authorization. A check of null return value cannot be used to determine the authorization result, the actual result is available in the authorization context.
      Specified by:
      validateRequestSignatureWithActivationDetails in class PowerAuthAuthenticationProviderBase
      Parameters:
      httpMethod - HTTP method (GET, POST, ...)
      httpBody - Body of the HTTP request.
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      allowedSignatureTypes - Allowed types of the signature.
      forcedSignatureVersion - Forced signature version during upgrade.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateToken

      @Nullable public PowerAuthApiAuthentication validateToken​(@Nonnull String tokenHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException
      Validate token header for simple token-based authentication.
      Specified by:
      validateToken in class PowerAuthAuthenticationProviderBase
      Parameters:
      tokenHeader - Token header.
      allowedSignatureTypes - Allowed types of the signature.
      Returns:
      Authentication object in case authentication is correctly obtained.
      Throws:
      PowerAuthAuthenticationException - In case of authentication failure.

    • validateTokenWithActivationDetails

      @Nonnull public PowerAuthApiAuthentication validateTokenWithActivationDetails​(@Nonnull String tokenHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException
      Description copied from class: PowerAuthAuthenticationProviderBase
      Validate the token digest from PowerAuth authentication header.
      Specified by:
      validateTokenWithActivationDetails in class PowerAuthAuthenticationProviderBase
      Parameters:
      tokenHeader - HTTP header with token digest.
      allowedSignatureTypes - Allowed types of the signature.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.