Examples with Subject ddf.security.Subject used on opensource projects

Example 61 with Subject

use of ddf.security.Subject in project ddf by codice.

the class SecurityTest method testGetSubjectInvalidUsernamePassword.

@Test
public void testGetSubjectInvalidUsernamePassword() throws Exception {
    SecurityManager sm = mock(SecurityManager.class);
    when(sm.getSubject(any())).thenThrow(new SecurityServiceException("Error"));
    configureMockForSecurityManager(sm);
    Subject subject = security.getSubject("username", "password");
    assertThat(subject, is(equalTo(null)));
}

Example 62 with Subject

use of ddf.security.Subject in project ddf by codice.

the class UserManagerImplTest method authenticationSuccess.

@Test
public void authenticationSuccess() throws SecurityServiceException, AuthenticationFailedException {
    UsernamePasswordAuthentication upa = mock(UsernamePasswordAuthentication.class);
    Subject subject = mock(Subject.class);
    when(upa.getUsername()).thenReturn(USER);
    when(upa.getPassword()).thenReturn(PASSWORD);
    when(securityManager.getSubject(any(Authentication.class))).thenReturn(subject);
    userManager.setKarafLocalRoles("admin,localhost");
    assertEquals(userManager.createUser(USER, subject), userManager.authenticate(upa));
}

Example 63 with Subject

use of ddf.security.Subject in project ddf by codice.

the class UserManagerImpl method authenticate.

/**
     * @param authentication The {@link Authentication} that proves the users identity. {@link org.apache.ftpserver.usermanager.AnonymousAuthentication} is not permitted
     * @return {@link User} upon successful authorization
     * @throws AuthenticationFailedException upon unsuccessful authorization
     */
public User authenticate(Authentication authentication) throws AuthenticationFailedException {
    UPAuthenticationToken upAuthenticationToken;
    String username;
    User user;
    if (authentication instanceof UsernamePasswordAuthentication) {
        username = ((UsernamePasswordAuthentication) authentication).getUsername();
        upAuthenticationToken = new UPAuthenticationToken(username, ((UsernamePasswordAuthentication) authentication).getPassword());
        try {
            Subject subject = securityManager.getSubject(upAuthenticationToken);
            if (subject != null) {
                if (!doesExist(username)) {
                    user = createUser(username, subject);
                } else {
                    user = getUserByName(username);
                    updateUserSubject(user, subject);
                }
                return user;
            }
        } catch (SecurityServiceException e) {
            LOGGER.info("Failure to retrieve subject.", e);
            throw new AuthenticationFailedException("Failure to retrieve subject.");
        }
    }
    throw new AuthenticationFailedException("Authentication failed");
}

Example 64 with Subject

use of ddf.security.Subject in project ddf by codice.

the class Query method getMetacardForId.

/**
     * @param searchPhrase The search phrase used to query for the metacard.
     * @param proxyTicket  The CAS proxy ticket that will be used by the STS to get a SAML assertion.
     * @return
     */
private String getMetacardForId(String searchPhrase, String proxyTicket) {
    Filter filter = filterBuilder.attribute(Metacard.ANY_TEXT).is().like().text(searchPhrase);
    LOGGER.info("Query filter: {}", filter.toString());
    String queryError = "Unable to perform query " + filter.toString() + ".";
    QueryRequest request = new QueryRequestImpl(new QueryImpl(filter), true);
    StringBuilder responseString = new StringBuilder();
    try {
        Subject subject = securityManager.getSubject(new CasAuthenticationToken(proxyTicket));
        LOGGER.info("Adding {} property with value {} to request", SecurityConstants.SECURITY_SUBJECT, subject);
        request.getProperties().put(SecurityConstants.SECURITY_SUBJECT, subject);
    } catch (SecurityServiceException se) {
        LOGGER.error("Could not retrieve subject from securitymanager.", se);
        return queryError;
    }
    try {
        LOGGER.debug("About to query the catalog framework with query {}", filter.toString());
        QueryResponse queryResponse = catalogFramework.query(request, null);
        LOGGER.debug("Got query response from catalog framework for query {}", filter.toString());
        List<Result> results = queryResponse.getResults();
        if (results != null) {
            String message = "The query for " + filter.toString() + " returned " + results.size() + " results.";
            responseString.append(message);
            LOGGER.debug(message);
            for (Result curResult : results) {
                Metacard metacard = curResult.getMetacard();
                LOGGER.debug("Transforming the metacard with id [{}] to xml.", metacard.getId());
                BinaryContent content = catalogFramework.transform(metacard, "xml", null);
                StringWriter writer = new StringWriter();
                IOUtils.copy(content.getInputStream(), writer, "UTF8");
                LOGGER.debug("Formatting xml for metacard with id [{}].", metacard.getId());
                responseString.append(format(writer.toString()));
            }
        } else {
            String message = "The query for " + filter.toString() + " returned a null result.";
            responseString.append(message);
            LOGGER.warn(message);
        }
    } catch (SourceUnavailableException e) {
        LOGGER.error(queryError, e);
    } catch (UnsupportedQueryException e) {
        LOGGER.error(queryError, e);
    } catch (FederationException e) {
        LOGGER.error(queryError, e);
    } catch (CatalogTransformerException e) {
        LOGGER.error(queryError, e);
    } catch (IOException e) {
        LOGGER.error(queryError, e);
    }
    return responseString.toString();
}

Example 65 with Subject

use of ddf.security.Subject in project ddf by codice.

the class IdpEndpointTest method testPassiveLoginPkiUnsupportedPost.

@Test
public void testPassiveLoginPkiUnsupportedPost() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException {
    String samlRequest = authNRequestPassivePkiPost;
    HttpServletRequest request = mock(HttpServletRequest.class);
    X509Certificate x509Certificate = mock(X509Certificate.class);
    Subject subject = mock(Subject.class);
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    SecurityManager securityManager = mock(SecurityManager.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
    when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
    //this mock element is what will cause the signature error
    when(securityToken.getToken()).thenReturn(mock(Element.class));
    when(securityManager.getSubject(anyObject())).thenReturn(subject);
    idpEndpoint.setSecurityManager(securityManager);
    idpEndpoint.setStrictSignature(false);
    when(request.isSecure()).thenReturn(true);
    when(request.getRequestURL()).thenReturn(requestURL);
    when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
    //dummy cert
    when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)).thenReturn(new X509Certificate[] { x509Certificate });
    when(x509Certificate.getEncoded()).thenReturn(new byte[48]);
    Response response = idpEndpoint.showPostLogin(samlRequest, relayState, request);
    String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse\" value=\"", "\" />");
    responseStr = new String(Base64.getDecoder().decode(responseStr));
    //the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp
    assertThat(responseStr, containsString("status:RequestUnsupported"));
}