use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class IdpEndpoint method handleLogin.
protected org.opensaml.saml.saml2.core.Response handleLogin(AuthnRequest authnRequest, String authMethod, HttpServletRequest request, AuthObj authObj, boolean passive, boolean hasCookie) throws SecurityServiceException, WSSecurityException, SimpleSign.SignatureException, ConstraintViolationException {
LOGGER.debug("Performing login for user. passive: {}, cookie: {}", passive, hasCookie);
BaseAuthenticationToken token = null;
request.setAttribute(ContextPolicy.ACTIVE_REALM, BaseAuthenticationToken.ALL_REALM);
if (PKI.equals(authMethod)) {
LOGGER.debug("Logging user in via PKI.");
PKIHandler pkiHandler = new PKIHandler();
pkiHandler.setTokenFactory(tokenFactory);
try {
HandlerResult handlerResult = pkiHandler.getNormalizedToken(request, null, null, false);
if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
token = handlerResult.getToken();
}
} catch (ServletException e) {
LOGGER.info("Encountered an exception while checking for PKI auth info.", e);
}
} else if (USER_PASS.equals(authMethod)) {
LOGGER.debug("Logging user in via BASIC auth.");
if (authObj != null && authObj.username != null && authObj.password != null) {
token = new UPAuthenticationToken(authObj.username, authObj.password, BaseAuthenticationToken.ALL_REALM);
} else {
BasicAuthenticationHandler basicAuthenticationHandler = new BasicAuthenticationHandler();
HandlerResult handlerResult = basicAuthenticationHandler.getNormalizedToken(request, null, null, false);
if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
token = handlerResult.getToken();
}
}
} else if (SAML.equals(authMethod)) {
LOGGER.debug("Logging user in via SAML assertion.");
token = new SAMLAuthenticationToken(null, authObj.assertion, BaseAuthenticationToken.ALL_REALM);
} else if (GUEST.equals(authMethod) && guestAccess) {
LOGGER.debug("Logging user in as Guest.");
token = new GuestAuthenticationToken(BaseAuthenticationToken.ALL_REALM, request.getRemoteAddr());
} else {
throw new IllegalArgumentException("Auth method is not supported.");
}
org.w3c.dom.Element samlToken = null;
String statusCode;
if (hasCookie) {
samlToken = getSamlAssertion(request);
statusCode = StatusCode.SUCCESS;
} else {
try {
statusCode = StatusCode.AUTHN_FAILED;
Subject subject = securityManager.getSubject(token);
for (Object principal : subject.getPrincipals().asList()) {
if (principal instanceof SecurityAssertion) {
SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
samlToken = securityToken.getToken();
}
}
if (samlToken != null) {
statusCode = StatusCode.SUCCESS;
}
} catch (SecurityServiceException e) {
if (!passive) {
throw e;
} else {
statusCode = StatusCode.AUTHN_FAILED;
}
}
}
LOGGER.debug("User log in successful.");
return SamlProtocol.createResponse(SamlProtocol.createIssuer(SystemBaseUrl.constructUrl("/idp/login", true)), SamlProtocol.createStatus(statusCode), authnRequest.getID(), samlToken);
}
use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class WssBasicAuthenticationHandler method getBaseAuthenticationToken.
protected BaseAuthenticationToken getBaseAuthenticationToken(String realm, String username, String password) {
if (null == parser) {
throw new IllegalStateException("XMLParser must be configured.");
}
UsernameTokenType usernameTokenType = new UsernameTokenType();
AttributedString user = new AttributedString();
user.setValue(username);
usernameTokenType.setUsername(user);
String usernameToken = null;
// Add a password
PasswordString pass = new PasswordString();
pass.setValue(password);
pass.setType(WSConstants.PASSWORD_TEXT);
JAXBElement<PasswordString> passwordType = new JAXBElement<>(QNameConstants.PASSWORD, PasswordString.class, pass);
usernameTokenType.getAny().add(passwordType);
// Marshall the received JAXB object into a DOM Element
List<String> ctxPath = new ArrayList<>(2);
ctxPath.add(ObjectFactory.class.getPackage().getName());
ctxPath.add(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ObjectFactory.class.getPackage().getName());
ParserConfigurator configurator = parser.configureParser(ctxPath, WssBasicAuthenticationHandler.class.getClassLoader());
ByteArrayOutputStream os = new ByteArrayOutputStream();
JAXBElement<UsernameTokenType> tokenType = new JAXBElement<>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameTokenType);
try {
parser.marshal(configurator, tokenType, os);
usernameToken = os.toString("UTF-8");
} catch (ParserException | UnsupportedEncodingException ex) {
LOGGER.info("Unable to parse username token.", ex);
}
BaseAuthenticationToken baseAuthenticationToken = new BaseAuthenticationToken(null, "", usernameToken);
baseAuthenticationToken.setUseWssSts(true);
return baseAuthenticationToken;
}
use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class BasicAuthenticationHandlerTest method testIllegalStateException.
@Test(expected = IllegalStateException.class)
public void testIllegalStateException() {
BasicAuthenticationHandler handler = new BasicAuthenticationHandler();
UPAuthenticationToken result = (UPAuthenticationToken) handler.extractAuthInfo("Basic " + Base64.getEncoder().encodeToString(CREDENTIALS.getBytes()), "TestRealm");
assertNotNull(result);
assertEquals("admin", result.getUsername());
assertEquals("password", result.getPassword());
assertEquals("TestRealm", result.getRealm());
WssBasicAuthenticationHandler wssHandler = new WssBasicAuthenticationHandler(null);
BaseAuthenticationToken wssResult = wssHandler.extractAuthInfo("Basic " + Base64.getEncoder().encodeToString(CREDENTIALS.getBytes()), "TestRealm");
}
use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class BasicAuthenticationHandlerTest method testExtractAuthInfo.
@Test
public void testExtractAuthInfo() {
Parser parser = new XmlParser();
BasicAuthenticationHandler handler = new BasicAuthenticationHandler();
UPAuthenticationToken result = (UPAuthenticationToken) handler.extractAuthInfo("Basic " + Base64.getEncoder().encodeToString(CREDENTIALS.getBytes()), "TestRealm");
assertNotNull(result);
assertEquals("admin", result.getUsername());
assertEquals("password", result.getPassword());
assertEquals("TestRealm", result.getRealm());
WssBasicAuthenticationHandler wssHandler = new WssBasicAuthenticationHandler(parser);
BaseAuthenticationToken wssResult = wssHandler.extractAuthInfo("Basic " + Base64.getEncoder().encodeToString(CREDENTIALS.getBytes()), "TestRealm");
assertNotNull(wssResult);
assertEquals("", wssResult.getRealm());
result = (UPAuthenticationToken) handler.extractAuthInfo("Basic " + Base64.getEncoder().encodeToString(":password".getBytes()), "TestRealm");
assertNotNull(result);
assertEquals("", result.getUsername());
assertEquals("password", result.getPassword());
assertEquals("TestRealm", result.getRealm());
result = (UPAuthenticationToken) handler.extractAuthInfo("Basic " + Base64.getEncoder().encodeToString("user:".getBytes()), "TestRealm");
assertNotNull(result);
assertEquals("user", result.getUsername());
assertEquals("", result.getPassword());
assertEquals("TestRealm", result.getRealm());
result = (UPAuthenticationToken) handler.extractAuthInfo("Basic " + Base64.getEncoder().encodeToString("user/password".getBytes()), "TestRealm");
assertNull(result);
result = (UPAuthenticationToken) handler.extractAuthInfo("Basic " + Base64.getEncoder().encodeToString("".getBytes()), "TestRealm");
assertNull(result);
}
use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class GuestHandler method getNormalizedToken.
/**
* This method takes a guest request and attaches a username token
* to the HTTP request to allow access. The method also allows the user to
* sign-in and authenticate.
*
* @param request http request to obtain attributes from and to pass into any local filter chains required
* @param response http response to return http responses or redirects
* @param chain original filter chain (should not be called from your handler)
* @param resolve flag with true implying that credentials should be obtained, false implying return if no credentials are found.
* @return HandlerResult
*/
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, FilterChain chain, boolean resolve) {
HandlerResult result = new HandlerResult();
String realm = (String) request.getAttribute(ContextPolicy.ACTIVE_REALM);
// For guest - if credentials were provided, return them, if not, then return guest credentials
BaseAuthenticationToken authToken = getAuthToken((HttpServletRequest) request, (HttpServletResponse) response, chain);
result.setSource(realm + "-GuestHandler");
result.setStatus(HandlerResult.Status.COMPLETED);
result.setToken(authToken);
return result;
}
Aggregations