Examples with Security - org.codice.ddf.security.common.Security

Example 1 with Security

use of org.codice.ddf.security.common.Security in project ddf by codice.

the class TestApplicationService method beforeExam.

@BeforeExam
public void beforeExam() throws Exception {
    try {
        waitForSystemReady();
        Security security = Security.getInstance();
        systemSubject = security.runAsAdmin(security::getSystemSubject);
    } catch (Exception e) {
        LoggingUtils.failWithThrowableStacktrace(e, "Failed in @BeforeExam: ");
    }
}

Also used : Security(org.codice.ddf.security.common.Security) ApplicationServiceException(org.codice.ddf.admin.application.service.ApplicationServiceException) BeforeExam(org.codice.ddf.itests.common.annotations.BeforeExam)

Example 2 with Security

use of org.codice.ddf.security.common.Security in project ddf by codice.

the class RegistryMetacardHandler method processEvent.

private void processEvent(Metacard mcard, String topic) {
    try {
        Security security = Security.getInstance();
        security.runAsAdminWithException(() -> {
            if (topic.equals(EventProcessor.EVENTS_TOPIC_DELETED)) {
                processMetacardDelete(mcard);
            } else if (topic.equals(EventProcessor.EVENTS_TOPIC_CREATED) || topic.equals(EventProcessor.EVENTS_TOPIC_UPDATED)) {
                processMetacardCreateUpdate(mcard);
            }
            return null;
        });
    } catch (PrivilegedActionException e) {
        LOGGER.debug("Error processing registry metacard event.", e);
    }
}

Also used : PrivilegedActionException(java.security.PrivilegedActionException) Security(org.codice.ddf.security.common.Security)

Example 3 with Security

use of org.codice.ddf.security.common.Security in project ddf by codice.

the class RegistryStoreCleanupHandler method handleEvent.

@Override
public void handleEvent(Event event) {
    Object eventProperty = event.getProperty(EventConstants.EVENT);
    if (!cleanupRelatedMetacards || eventProperty == null || !(eventProperty instanceof ServiceEvent)) {
        return;
    }
    if (((ServiceEvent) eventProperty).getType() != ServiceEvent.UNREGISTERING) {
        return;
    }
    Object servicePid = ((ServiceEvent) event.getProperty(EventConstants.EVENT)).getServiceReference().getProperty(Constants.SERVICE_PID);
    if (servicePid == null) {
        return;
    }
    RegistryStore service = registryStorePidToServiceMap.get(servicePid);
    if (service == null) {
        return;
    }
    registryStorePidToServiceMap.remove(servicePid);
    LOGGER.info("Removing registry entries associated with remote registry {}", service.getId());
    executor.execute(() -> {
        String registryId = service.getRegistryId();
        try {
            Security security = Security.getInstance();
            List<Metacard> metacards = security.runAsAdminWithException(() -> federationAdminService.getInternalRegistryMetacards().stream().filter(m -> RegistryUtility.getStringAttribute(m, RegistryObjectMetacardType.REMOTE_REGISTRY_ID, "").equals(registryId)).collect(Collectors.toList()));
            List<String> idsToDelete = metacards.stream().map(Metacard::getId).collect(Collectors.toList());
            if (!idsToDelete.isEmpty()) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Removing {} registry entries that came from {}. Removed entries: {}", metacards.size(), service.getId(), metacards.stream().map(m -> m.getTitle() + ":" + m.getId()).collect(Collectors.joining(", ")));
                }
                security.runAsAdminWithException(() -> {
                    federationAdminService.deleteRegistryEntriesByMetacardIds(idsToDelete);
                    return null;
                });
            }
        } catch (PrivilegedActionException e) {
            LOGGER.info("Unable to clean up registry metacards after registry store {} was deleted", service.getId(), e);
        }
    });
}

Also used : Metacard(ddf.catalog.data.Metacard) RegistryStore(org.codice.ddf.registry.api.internal.RegistryStore) PrivilegedActionException(java.security.PrivilegedActionException) ServiceEvent(org.osgi.framework.ServiceEvent) Security(org.codice.ddf.security.common.Security)

Example 4 with Security

use of org.codice.ddf.security.common.Security in project ddf by codice.

the class GuestInterceptor method internalHandleMessage.

private void internalHandleMessage(SoapMessage message, SOAPMessage soapMessage) throws Fault {
    //Check if security header exists; if not, execute GuestInterceptor logic
    String actor = (String) getOption(WSHandlerConstants.ACTOR);
    if (actor == null) {
        actor = (String) message.getContextualProperty(SecurityConstants.ACTOR);
    }
    Element existingSecurityHeader = null;
    try {
        LOGGER.debug("Checking for security header.");
        existingSecurityHeader = WSSecurityUtil.getSecurityHeader(soapMessage.getSOAPPart(), actor);
    } catch (WSSecurityException e1) {
        LOGGER.debug("Issue with getting security header", e1);
    }
    if (existingSecurityHeader != null) {
        LOGGER.debug("SOAP message contains security header, no action taken by the GuestInterceptor.");
        return;
    }
    LOGGER.debug("Current request has no security header, continuing with GuestInterceptor");
    AssertionInfoMap assertionInfoMap = message.get(AssertionInfoMap.class);
    boolean hasAddressingAssertion = assertionInfoMap.entrySet().stream().flatMap(p -> p.getValue().stream()).filter(info -> MetadataConstants.ADDRESSING_ASSERTION_QNAME.equals(info.getAssertion().getName())).findFirst().isPresent();
    if (hasAddressingAssertion) {
        createAddressing(message, soapMessage);
    }
    LOGGER.debug("Creating guest security token.");
    HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);
    SecurityToken securityToken = createSecurityToken(request.getRemoteAddr());
    message.put(SecurityConstants.TOKEN, securityToken);
    if (!MessageUtils.isRequestor(message)) {
        try {
            message.put(Message.REQUESTOR_ROLE, true);
            policyBasedWss4jOutInterceptor.handleMessage(message);
        } finally {
            message.remove(Message.REQUESTOR_ROLE);
        }
    } else {
        policyBasedWss4jOutInterceptor.handleMessage(message);
    }
}

Also used : WSSecurityUtil(org.apache.wss4j.dom.util.WSSecurityUtil) StringUtils(org.apache.commons.lang.StringUtils) EndpointReferenceType(org.apache.cxf.ws.addressing.EndpointReferenceType) MetadataConstants(org.apache.cxf.ws.addressing.policy.MetadataConstants) SOAPException(javax.xml.soap.SOAPException) STSClientConfiguration(ddf.security.sts.client.configuration.STSClientConfiguration) LoggerFactory(org.slf4j.LoggerFactory) XMLUtils(org.codice.ddf.platform.util.XMLUtils) SoapBindingConstants(org.apache.cxf.binding.soap.SoapBindingConstants) AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties) AbstractHTTPDestination(org.apache.cxf.transport.http.AbstractHTTPDestination) SOAPElement(javax.xml.soap.SOAPElement) HttpServletRequest(javax.servlet.http.HttpServletRequest) WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap) Fault(org.apache.cxf.interceptor.Fault) AttributedURIType(org.apache.cxf.ws.addressing.AttributedURIType) PolicyBasedWSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) EncryptionService(ddf.security.encryption.EncryptionService) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) Phase(org.apache.cxf.phase.Phase) SAAJInInterceptor(org.apache.cxf.binding.soap.saaj.SAAJInInterceptor) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) PolicyBasedWSS4JOutInterceptor(org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Logger(org.slf4j.Logger) Security(org.codice.ddf.security.common.Security) Message(org.apache.cxf.message.Message) WSHandlerConstants(org.apache.wss4j.dom.handler.WSHandlerConstants) Set(java.util.Set) Subject(ddf.security.Subject) UUID(java.util.UUID) SecurityConstants(org.apache.cxf.ws.security.SecurityConstants) TimeUnit(java.util.concurrent.TimeUnit) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Element(org.w3c.dom.Element) MessageUtils(org.apache.cxf.message.MessageUtils) AbstractWSS4JInterceptor(org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor) CacheBuilder(com.google.common.cache.CacheBuilder) SOAPMessage(javax.xml.soap.SOAPMessage) Cache(com.google.common.cache.Cache) SecurityManager(ddf.security.service.SecurityManager) SOAPFactory(javax.xml.soap.SOAPFactory) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SOAPElement(javax.xml.soap.SOAPElement) Element(org.w3c.dom.Element) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 5 with Security

use of org.codice.ddf.security.common.Security in project ddf by codice.

the class IdentityNodeInitialization method init.

public void init() {
    try {
        Security security = Security.getInstance();
        security.runAsAdminWithException(() -> {
            Optional<Metacard> optional = federationAdminService.getLocalRegistryIdentityMetacard();
            if (optional.isPresent()) {
                Metacard metacard = optional.get();
                System.setProperty(RegistryConstants.REGISTRY_ID_PROPERTY, RegistryUtility.getRegistryId(metacard));
                if (!metacard.getTitle().equals(SystemInfo.getSiteName())) {
                    updateIdentityNodeName(metacard);
                }
            }
            if (!optional.isPresent()) {
                createIdentityNode();
            }
            return null;
        });
    } catch (PrivilegedActionException e) {
        LOGGER.debug("Error checking for local registry identity node. Will try again later");
        executorService.schedule(this::init, RETRY_INTERVAL, TimeUnit.SECONDS);
    }
}

Also used : Metacard(ddf.catalog.data.Metacard) PrivilegedActionException(java.security.PrivilegedActionException) Security(org.codice.ddf.security.common.Security)

Aggregations

Security (org.codice.ddf.security.common.Security)12 Metacard (ddf.catalog.data.Metacard)5 Subject (ddf.security.Subject)4 PrivilegedActionException (java.security.PrivilegedActionException)4 CatalogFramework (ddf.catalog.CatalogFramework)2 MetacardType (ddf.catalog.data.MetacardType)2 CreateRequest (ddf.catalog.operation.CreateRequest)2 CreateResponse (ddf.catalog.operation.CreateResponse)2 Context (org.codice.alliance.video.stream.mpegts.Context)2 UdpStreamProcessor (org.codice.alliance.video.stream.mpegts.netty.UdpStreamProcessor)2 Before (org.junit.Before)2 Cache (com.google.common.cache.Cache)1 CacheBuilder (com.google.common.cache.CacheBuilder)1 CreateStorageRequest (ddf.catalog.content.operation.CreateStorageRequest)1 Attribute (ddf.catalog.data.Attribute)1 AttributeDescriptor (ddf.catalog.data.AttributeDescriptor)1 AttributeImpl (ddf.catalog.data.impl.AttributeImpl)1 EventException (ddf.catalog.event.EventException)1 Update (ddf.catalog.operation.Update)1 UpdateResponse (ddf.catalog.operation.UpdateResponse)1