Examples with ApiKeyEntry - com.walmartlabs.concord.server.security.apikey.ApiKeyEntry

Example 1 with ApiKeyEntry

use of com.walmartlabs.concord.server.security.apikey.ApiKeyEntry in project concord by walmartlabs.

the class SecretManager method assertApiKey.

public ApiKeyEntry assertApiKey(AccessScope accessScope, UUID orgId, String secretName, String password) {
    DecryptedSecret secret = getSecret(accessScope, orgId, secretName, password, SecretType.DATA);
    BinaryDataSecret data = (BinaryDataSecret) secret.getSecret();
    ApiKeyEntry result = apiKeyDao.find(new String(data.getData()));
    if (result == null) {
        throw new ConcordApplicationException("Api key from secret '" + secretName + "' not found", Status.NOT_FOUND);
    }
    return result;
}

Also used : ApiKeyEntry(com.walmartlabs.concord.server.security.apikey.ApiKeyEntry) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException) BinaryDataSecret(com.walmartlabs.concord.common.secret.BinaryDataSecret)

Example 2 with ApiKeyEntry

use of com.walmartlabs.concord.server.security.apikey.ApiKeyEntry in project concord by walmartlabs.

the class TriggerScheduler method getInitiator.

private Initiator getInitiator(TriggerSchedulerEntry t) throws Exception {
    TriggerRunAs runAs = t.runAs();
    if (runAs == null) {
        return CRON;
    }
    ApiKeyEntry apiKey = processSecurityContext.runAs(CRON.id(), () -> secretManager.assertApiKey(SecretManager.AccessScope.project(t.getProjectId()), t.getOrgId(), runAs.secretName(), null));
    UserEntry u = userManager.get(apiKey.getUserId()).orElse(null);
    if (u == null) {
        throw new RuntimeException("Can't find user with API token from secret '" + runAs.secretName() + "'");
    }
    if (u.isDisabled()) {
        throw new RuntimeException("User '" + u.getName() + "' (" + u.getId() + ") disabled");
    }
    return Initiator.of(u.getId(), u.getName());
}

Also used : ApiKeyEntry(com.walmartlabs.concord.server.security.apikey.ApiKeyEntry) UserEntry(com.walmartlabs.concord.server.user.UserEntry)

Example 3 with ApiKeyEntry

use of com.walmartlabs.concord.server.security.apikey.ApiKeyEntry in project concord by walmartlabs.

the class ConcordAuthenticationHandler method createFromAuthHeader.

private AuthenticationToken createFromAuthHeader(HttpServletRequest req) {
    // check the 'remember me' status
    boolean rememberMe = Boolean.parseBoolean(req.getHeader(REMEMBER_ME_HEADER));
    String h = req.getHeader(HttpHeaders.AUTHORIZATION);
    if (h.startsWith(BASIC_AUTH_PREFIX)) {
        // enable sessions
        req.setAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED, Boolean.TRUE);
        return parseBasicAuth(h, rememberMe);
    } else {
        boolean enableSessions = Boolean.parseBoolean(req.getHeader(ENABLE_HTTP_SESSION));
        req.setAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED, enableSessions);
        if (h.startsWith(BEARER_AUTH_PREFIX)) {
            h = h.substring(BEARER_AUTH_PREFIX.length());
        }
        validateApiKey(h);
        ApiKeyEntry apiKey = apiKeyDao.find(h);
        if (apiKey == null) {
            return new UsernamePasswordToken();
        }
        return new ApiKey(apiKey.getId(), apiKey.getUserId(), h, rememberMe);
    }
}

Also used : ApiKeyEntry(com.walmartlabs.concord.server.security.apikey.ApiKeyEntry) ApiKey(com.walmartlabs.concord.server.security.apikey.ApiKey) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)

Example 4 with ApiKeyEntry

use of com.walmartlabs.concord.server.security.apikey.ApiKeyEntry in project concord by walmartlabs.

the class WebSocketCreator method createWebSocket.

@Override
public Object createWebSocket(ServletUpgradeRequest req, ServletUpgradeResponse resp) {
    if (channelManager.isShutdown()) {
        sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE, "Server is in the maintenance mode", resp);
        return null;
    }
    String auth = req.getHeader(HttpHeaders.AUTHORIZATION);
    if (auth == null) {
        sendError(HttpServletResponse.SC_UNAUTHORIZED, "Missing " + HttpHeaders.AUTHORIZATION + " header", resp);
        return null;
    }
    if (invalidApiKey(auth)) {
        sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid API key: '" + auth + "'", resp);
        return null;
    }
    ApiKeyEntry apiKey = apiKeyDao.find(auth);
    if (apiKey == null) {
        sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid API key or user not found", resp);
        return null;
    }
    UUID channelId = UUID.randomUUID();
    String agentId = req.getHeader(QueueClient.AGENT_ID);
    String userAgent = req.getHeader(QueueClient.AGENT_UA);
    return new WebSocketListener(channelManager, channelId, agentId, userAgent);
}

Also used : ApiKeyEntry(com.walmartlabs.concord.server.security.apikey.ApiKeyEntry) UUID(java.util.UUID)

Aggregations

ApiKeyEntry (com.walmartlabs.concord.server.security.apikey.ApiKeyEntry)4 BinaryDataSecret (com.walmartlabs.concord.common.secret.BinaryDataSecret)1 ConcordApplicationException (com.walmartlabs.concord.server.sdk.ConcordApplicationException)1 ApiKey (com.walmartlabs.concord.server.security.apikey.ApiKey)1 UserEntry (com.walmartlabs.concord.server.user.UserEntry)1 UUID (java.util.UUID)1 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)1