use of ddf.security.Subject in project ddf by codice.
the class SecurityTest method testGetSubjectInvalidUsernamePassword.
@Test
public void testGetSubjectInvalidUsernamePassword() throws Exception {
SecurityManager sm = mock(SecurityManager.class);
when(sm.getSubject(any())).thenThrow(new SecurityServiceException("Error"));
configureMockForSecurityManager(sm);
Subject subject = security.getSubject("username", "password");
assertThat(subject, is(equalTo(null)));
}
use of ddf.security.Subject in project ddf by codice.
the class UserManagerImplTest method authenticationSuccess.
@Test
public void authenticationSuccess() throws SecurityServiceException, AuthenticationFailedException {
UsernamePasswordAuthentication upa = mock(UsernamePasswordAuthentication.class);
Subject subject = mock(Subject.class);
when(upa.getUsername()).thenReturn(USER);
when(upa.getPassword()).thenReturn(PASSWORD);
when(securityManager.getSubject(any(Authentication.class))).thenReturn(subject);
userManager.setKarafLocalRoles("admin,localhost");
assertEquals(userManager.createUser(USER, subject), userManager.authenticate(upa));
}
use of ddf.security.Subject in project ddf by codice.
the class UserManagerImpl method authenticate.
/**
* @param authentication The {@link Authentication} that proves the users identity. {@link org.apache.ftpserver.usermanager.AnonymousAuthentication} is not permitted
* @return {@link User} upon successful authorization
* @throws AuthenticationFailedException upon unsuccessful authorization
*/
public User authenticate(Authentication authentication) throws AuthenticationFailedException {
UPAuthenticationToken upAuthenticationToken;
String username;
User user;
if (authentication instanceof UsernamePasswordAuthentication) {
username = ((UsernamePasswordAuthentication) authentication).getUsername();
upAuthenticationToken = new UPAuthenticationToken(username, ((UsernamePasswordAuthentication) authentication).getPassword());
try {
Subject subject = securityManager.getSubject(upAuthenticationToken);
if (subject != null) {
if (!doesExist(username)) {
user = createUser(username, subject);
} else {
user = getUserByName(username);
updateUserSubject(user, subject);
}
return user;
}
} catch (SecurityServiceException e) {
LOGGER.info("Failure to retrieve subject.", e);
throw new AuthenticationFailedException("Failure to retrieve subject.");
}
}
throw new AuthenticationFailedException("Authentication failed");
}
use of ddf.security.Subject in project ddf by codice.
the class Query method getMetacardForId.
/**
* @param searchPhrase The search phrase used to query for the metacard.
* @param proxyTicket The CAS proxy ticket that will be used by the STS to get a SAML assertion.
* @return
*/
private String getMetacardForId(String searchPhrase, String proxyTicket) {
Filter filter = filterBuilder.attribute(Metacard.ANY_TEXT).is().like().text(searchPhrase);
LOGGER.info("Query filter: {}", filter.toString());
String queryError = "Unable to perform query " + filter.toString() + ".";
QueryRequest request = new QueryRequestImpl(new QueryImpl(filter), true);
StringBuilder responseString = new StringBuilder();
try {
Subject subject = securityManager.getSubject(new CasAuthenticationToken(proxyTicket));
LOGGER.info("Adding {} property with value {} to request", SecurityConstants.SECURITY_SUBJECT, subject);
request.getProperties().put(SecurityConstants.SECURITY_SUBJECT, subject);
} catch (SecurityServiceException se) {
LOGGER.error("Could not retrieve subject from securitymanager.", se);
return queryError;
}
try {
LOGGER.debug("About to query the catalog framework with query {}", filter.toString());
QueryResponse queryResponse = catalogFramework.query(request, null);
LOGGER.debug("Got query response from catalog framework for query {}", filter.toString());
List<Result> results = queryResponse.getResults();
if (results != null) {
String message = "The query for " + filter.toString() + " returned " + results.size() + " results.";
responseString.append(message);
LOGGER.debug(message);
for (Result curResult : results) {
Metacard metacard = curResult.getMetacard();
LOGGER.debug("Transforming the metacard with id [{}] to xml.", metacard.getId());
BinaryContent content = catalogFramework.transform(metacard, "xml", null);
StringWriter writer = new StringWriter();
IOUtils.copy(content.getInputStream(), writer, "UTF8");
LOGGER.debug("Formatting xml for metacard with id [{}].", metacard.getId());
responseString.append(format(writer.toString()));
}
} else {
String message = "The query for " + filter.toString() + " returned a null result.";
responseString.append(message);
LOGGER.warn(message);
}
} catch (SourceUnavailableException e) {
LOGGER.error(queryError, e);
} catch (UnsupportedQueryException e) {
LOGGER.error(queryError, e);
} catch (FederationException e) {
LOGGER.error(queryError, e);
} catch (CatalogTransformerException e) {
LOGGER.error(queryError, e);
} catch (IOException e) {
LOGGER.error(queryError, e);
}
return responseString.toString();
}
use of ddf.security.Subject in project ddf by codice.
the class IdpEndpointTest method testPassiveLoginPkiUnsupportedPost.
@Test
public void testPassiveLoginPkiUnsupportedPost() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException {
String samlRequest = authNRequestPassivePkiPost;
HttpServletRequest request = mock(HttpServletRequest.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
Subject subject = mock(Subject.class);
PrincipalCollection principalCollection = mock(PrincipalCollection.class);
SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
SecurityToken securityToken = mock(SecurityToken.class);
SecurityManager securityManager = mock(SecurityManager.class);
when(subject.getPrincipals()).thenReturn(principalCollection);
when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
//this mock element is what will cause the signature error
when(securityToken.getToken()).thenReturn(mock(Element.class));
when(securityManager.getSubject(anyObject())).thenReturn(subject);
idpEndpoint.setSecurityManager(securityManager);
idpEndpoint.setStrictSignature(false);
when(request.isSecure()).thenReturn(true);
when(request.getRequestURL()).thenReturn(requestURL);
when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
//dummy cert
when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)).thenReturn(new X509Certificate[] { x509Certificate });
when(x509Certificate.getEncoded()).thenReturn(new byte[48]);
Response response = idpEndpoint.showPostLogin(samlRequest, relayState, request);
String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse\" value=\"", "\" />");
responseStr = new String(Base64.getDecoder().decode(responseStr));
//the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp
assertThat(responseStr, containsString("status:RequestUnsupported"));
}
Aggregations