Search in sources :

Example 61 with Subject

use of ddf.security.Subject in project ddf by codice.

the class SecurityTest method testGetSubjectInvalidUsernamePassword.

@Test
public void testGetSubjectInvalidUsernamePassword() throws Exception {
    SecurityManager sm = mock(SecurityManager.class);
    when(sm.getSubject(any())).thenThrow(new SecurityServiceException("Error"));
    configureMockForSecurityManager(sm);
    Subject subject = security.getSubject("username", "password");
    assertThat(subject, is(equalTo(null)));
}
Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) SecurityManager(ddf.security.service.SecurityManager) Subject(ddf.security.Subject) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 62 with Subject

use of ddf.security.Subject in project ddf by codice.

the class UserManagerImplTest method authenticationSuccess.

@Test
public void authenticationSuccess() throws SecurityServiceException, AuthenticationFailedException {
    UsernamePasswordAuthentication upa = mock(UsernamePasswordAuthentication.class);
    Subject subject = mock(Subject.class);
    when(upa.getUsername()).thenReturn(USER);
    when(upa.getPassword()).thenReturn(PASSWORD);
    when(securityManager.getSubject(any(Authentication.class))).thenReturn(subject);
    userManager.setKarafLocalRoles("admin,localhost");
    assertEquals(userManager.createUser(USER, subject), userManager.authenticate(upa));
}
Also used : AnonymousAuthentication(org.apache.ftpserver.usermanager.AnonymousAuthentication) Authentication(org.apache.ftpserver.ftplet.Authentication) UsernamePasswordAuthentication(org.apache.ftpserver.usermanager.UsernamePasswordAuthentication) UsernamePasswordAuthentication(org.apache.ftpserver.usermanager.UsernamePasswordAuthentication) Subject(ddf.security.Subject) Test(org.junit.Test)

Example 63 with Subject

use of ddf.security.Subject in project ddf by codice.

the class UserManagerImpl method authenticate.

/**
     * @param authentication The {@link Authentication} that proves the users identity. {@link org.apache.ftpserver.usermanager.AnonymousAuthentication} is not permitted
     * @return {@link User} upon successful authorization
     * @throws AuthenticationFailedException upon unsuccessful authorization
     */
public User authenticate(Authentication authentication) throws AuthenticationFailedException {
    UPAuthenticationToken upAuthenticationToken;
    String username;
    User user;
    if (authentication instanceof UsernamePasswordAuthentication) {
        username = ((UsernamePasswordAuthentication) authentication).getUsername();
        upAuthenticationToken = new UPAuthenticationToken(username, ((UsernamePasswordAuthentication) authentication).getPassword());
        try {
            Subject subject = securityManager.getSubject(upAuthenticationToken);
            if (subject != null) {
                if (!doesExist(username)) {
                    user = createUser(username, subject);
                } else {
                    user = getUserByName(username);
                    updateUserSubject(user, subject);
                }
                return user;
            }
        } catch (SecurityServiceException e) {
            LOGGER.info("Failure to retrieve subject.", e);
            throw new AuthenticationFailedException("Failure to retrieve subject.");
        }
    }
    throw new AuthenticationFailedException("Authentication failed");
}
Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) FtpUser(ddf.catalog.ftp.user.FtpUser) User(org.apache.ftpserver.ftplet.User) AuthenticationFailedException(org.apache.ftpserver.ftplet.AuthenticationFailedException) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken) UsernamePasswordAuthentication(org.apache.ftpserver.usermanager.UsernamePasswordAuthentication) Subject(ddf.security.Subject)

Example 64 with Subject

use of ddf.security.Subject in project ddf by codice.

the class Query method getMetacardForId.

/**
     * @param searchPhrase The search phrase used to query for the metacard.
     * @param proxyTicket  The CAS proxy ticket that will be used by the STS to get a SAML assertion.
     * @return
     */
private String getMetacardForId(String searchPhrase, String proxyTicket) {
    Filter filter = filterBuilder.attribute(Metacard.ANY_TEXT).is().like().text(searchPhrase);
    LOGGER.info("Query filter: {}", filter.toString());
    String queryError = "Unable to perform query " + filter.toString() + ".";
    QueryRequest request = new QueryRequestImpl(new QueryImpl(filter), true);
    StringBuilder responseString = new StringBuilder();
    try {
        Subject subject = securityManager.getSubject(new CasAuthenticationToken(proxyTicket));
        LOGGER.info("Adding {} property with value {} to request", SecurityConstants.SECURITY_SUBJECT, subject);
        request.getProperties().put(SecurityConstants.SECURITY_SUBJECT, subject);
    } catch (SecurityServiceException se) {
        LOGGER.error("Could not retrieve subject from securitymanager.", se);
        return queryError;
    }
    try {
        LOGGER.debug("About to query the catalog framework with query {}", filter.toString());
        QueryResponse queryResponse = catalogFramework.query(request, null);
        LOGGER.debug("Got query response from catalog framework for query {}", filter.toString());
        List<Result> results = queryResponse.getResults();
        if (results != null) {
            String message = "The query for " + filter.toString() + " returned " + results.size() + " results.";
            responseString.append(message);
            LOGGER.debug(message);
            for (Result curResult : results) {
                Metacard metacard = curResult.getMetacard();
                LOGGER.debug("Transforming the metacard with id [{}] to xml.", metacard.getId());
                BinaryContent content = catalogFramework.transform(metacard, "xml", null);
                StringWriter writer = new StringWriter();
                IOUtils.copy(content.getInputStream(), writer, "UTF8");
                LOGGER.debug("Formatting xml for metacard with id [{}].", metacard.getId());
                responseString.append(format(writer.toString()));
            }
        } else {
            String message = "The query for " + filter.toString() + " returned a null result.";
            responseString.append(message);
            LOGGER.warn(message);
        }
    } catch (SourceUnavailableException e) {
        LOGGER.error(queryError, e);
    } catch (UnsupportedQueryException e) {
        LOGGER.error(queryError, e);
    } catch (FederationException e) {
        LOGGER.error(queryError, e);
    } catch (CatalogTransformerException e) {
        LOGGER.error(queryError, e);
    } catch (IOException e) {
        LOGGER.error(queryError, e);
    }
    return responseString.toString();
}
Also used : SourceUnavailableException(ddf.catalog.source.SourceUnavailableException) SecurityServiceException(ddf.security.service.SecurityServiceException) QueryRequest(ddf.catalog.operation.QueryRequest) CasAuthenticationToken(ddf.security.service.impl.cas.CasAuthenticationToken) UnsupportedQueryException(ddf.catalog.source.UnsupportedQueryException) CatalogTransformerException(ddf.catalog.transform.CatalogTransformerException) IOException(java.io.IOException) BinaryContent(ddf.catalog.data.BinaryContent) FederationException(ddf.catalog.federation.FederationException) Subject(ddf.security.Subject) Result(ddf.catalog.data.Result) QueryImpl(ddf.catalog.operation.impl.QueryImpl) Metacard(ddf.catalog.data.Metacard) StringWriter(java.io.StringWriter) Filter(org.opengis.filter.Filter) QueryRequestImpl(ddf.catalog.operation.impl.QueryRequestImpl) QueryResponse(ddf.catalog.operation.QueryResponse)

Example 65 with Subject

use of ddf.security.Subject in project ddf by codice.

the class IdpEndpointTest method testPassiveLoginPkiUnsupportedPost.

@Test
public void testPassiveLoginPkiUnsupportedPost() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException {
    String samlRequest = authNRequestPassivePkiPost;
    HttpServletRequest request = mock(HttpServletRequest.class);
    X509Certificate x509Certificate = mock(X509Certificate.class);
    Subject subject = mock(Subject.class);
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    SecurityManager securityManager = mock(SecurityManager.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
    when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
    //this mock element is what will cause the signature error
    when(securityToken.getToken()).thenReturn(mock(Element.class));
    when(securityManager.getSubject(anyObject())).thenReturn(subject);
    idpEndpoint.setSecurityManager(securityManager);
    idpEndpoint.setStrictSignature(false);
    when(request.isSecure()).thenReturn(true);
    when(request.getRequestURL()).thenReturn(requestURL);
    when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
    //dummy cert
    when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)).thenReturn(new X509Certificate[] { x509Certificate });
    when(x509Certificate.getEncoded()).thenReturn(new byte[48]);
    Response response = idpEndpoint.showPostLogin(samlRequest, relayState, request);
    String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse\" value=\"", "\" />");
    responseStr = new String(Base64.getDecoder().decode(responseStr));
    //the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp
    assertThat(responseStr, containsString("status:RequestUnsupported"));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Response(javax.ws.rs.core.Response) SecurityManager(ddf.security.service.SecurityManager) Element(org.w3c.dom.Element) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) Matchers.containsString(org.hamcrest.Matchers.containsString) Matchers.anyString(org.mockito.Matchers.anyString) SecurityAssertion(ddf.security.assertion.SecurityAssertion) X509Certificate(java.security.cert.X509Certificate) Subject(ddf.security.Subject) Test(org.junit.Test)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8