Search in sources :

Example 6 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class SecurityPluginTest method setupMockSubject.

private Subject setupMockSubject() {
    List<String> listOfAttributeValues = Arrays.asList(TEST_USER);
    Attribute mockAttribute = mock(Attribute.class);
    when(mockAttribute.getName()).thenReturn(SubjectOperations.EMAIL_ADDRESS_CLAIM_URI);
    when(mockAttribute.getValues()).thenReturn(listOfAttributeValues);
    List<Attribute> listOfAttributes = Arrays.asList(mockAttribute);
    AttributeStatement mockAttributeStatement = mock(AttributeStatement.class);
    when(mockAttributeStatement.getAttributes()).thenReturn(listOfAttributes);
    List<AttributeStatement> listOfAttributeStatements = Arrays.asList(mockAttributeStatement);
    Subject mockSubject = mock(Subject.class);
    PrincipalCollection mockPrincipals = mock(PrincipalCollection.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    when(mockSecurityAssertion.getAttributeStatements()).thenReturn(listOfAttributeStatements);
    when(mockPrincipals.byType(SecurityAssertion.class)).thenReturn(Collections.singletonList(mockSecurityAssertion));
    when(mockSubject.getPrincipals()).thenReturn(mockPrincipals);
    return mockSubject;
}
Also used : Attribute(ddf.security.assertion.Attribute) AttributeStatement(ddf.security.assertion.AttributeStatement) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject)

Example 7 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class SubjectUtils method getAttribute.

/**
 * Get any attribute from a subject by key.
 *
 * @param subject
 * @param key
 * @return attribute values or an empty list if not found.
 */
@Override
public List<String> getAttribute(@Nullable Subject subject, String key) {
    Validate.notNull(key);
    if (subject == null) {
        LOGGER.debug("Incoming subject was null, cannot look up {}.", key);
        return Collections.emptyList();
    }
    PrincipalCollection principals = subject.getPrincipals();
    if (principals == null) {
        LOGGER.debug("No principals located in the incoming subject, cannot look up {}.", key);
        return Collections.emptyList();
    }
    Collection<SecurityAssertion> assertions = principals.byType(SecurityAssertion.class);
    if (assertions.isEmpty()) {
        LOGGER.debug("Could not find Security Assertion, cannot look up {}.", key);
        return Collections.emptyList();
    }
    List<SecurityAssertion> assertionList = new ArrayList<>(assertions);
    assertionList.sort(new SecurityAssertionComparator());
    return assertionList.stream().map(SecurityAssertion::getAttributeStatements).flatMap(List::stream).flatMap(as -> as.getAttributes().stream()).filter(a -> a.getName().equals(key)).flatMap(a -> a.getValues().stream()).collect(Collectors.toList());
}
Also used : Arrays(java.util.Arrays) StringUtils(org.apache.commons.lang.StringUtils) X500Principal(javax.security.auth.x500.X500Principal) SortedSet(java.util.SortedSet) LoggerFactory(org.slf4j.LoggerFactory) AttributeStatement(ddf.security.assertion.AttributeStatement) BCStyle(org.bouncycastle.asn1.x500.style.BCStyle) SubjectOperations(ddf.security.SubjectOperations) TreeSet(java.util.TreeSet) ArrayList(java.util.ArrayList) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) X500Name(org.bouncycastle.asn1.x500.X500Name) Subject(org.apache.shiro.subject.Subject) StringTokenizer(java.util.StringTokenizer) Map(java.util.Map) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) Nullable(javax.annotation.Nullable) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Logger(org.slf4j.Logger) Attribute(ddf.security.assertion.Attribute) RDN(org.bouncycastle.asn1.x500.RDN) Predicate(java.util.function.Predicate) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Collection(java.util.Collection) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) List(java.util.List) Principal(java.security.Principal) GuestPrincipal(ddf.security.principal.impl.GuestPrincipal) Comparator(java.util.Comparator) Collections(java.util.Collections) Validate(org.apache.commons.lang.Validate) ArrayList(java.util.ArrayList) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) ArrayList(java.util.ArrayList) List(java.util.List) SecurityAssertion(ddf.security.assertion.SecurityAssertion)

Example 8 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class SubjectIdentityTest method getAttribute.

private Attribute getAttribute(Map.Entry<String, List<String>> attribute) {
    Attribute attr = mock(Attribute.class);
    doReturn(attribute.getKey()).when(attr).getName();
    doReturn(attribute.getValue()).when(attr).getValues();
    return attr;
}
Also used : Attribute(ddf.security.assertion.Attribute)

Example 9 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class SubjectUtilsTest method getAttribute.

private Attribute getAttribute(Map.Entry<String, List<String>> attribute) {
    Attribute mockAttribute = mock(Attribute.class);
    doReturn(attribute.getKey()).when(mockAttribute).getName();
    doReturn(attribute.getValue()).when(mockAttribute).getValues();
    return mockAttribute;
}
Also used : Attribute(ddf.security.assertion.Attribute)

Example 10 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class GuestRealmTest method testDoGetAuthenticationInfo.

@Test
public void testDoGetAuthenticationInfo() {
    BaseAuthenticationToken baseAuthenticationToken = new MockBaseAuthenticationToken("principal", "credentials", "0.0.0.0");
    baseAuthenticationToken.setAllowGuest(true);
    AuthenticationInfo authenticationInfo = guestRealm.doGetAuthenticationInfo(baseAuthenticationToken);
    assertEquals(baseAuthenticationToken.getCredentials(), authenticationInfo.getCredentials());
    PrincipalCollection principals = authenticationInfo.getPrincipals();
    assertEquals(2, principals.asList().size());
    Iterator iterator = principals.iterator();
    assertEquals("Guest@0.0.0.0", iterator.next());
    Object next = iterator.next();
    assertTrue(next instanceof SecurityAssertion);
    SecurityAssertion securityAssertion = (SecurityAssertion) next;
    assertEquals(2, securityAssertion.getAttributeStatements().get(0).getAttributes().size());
    boolean claim1 = false;
    boolean claim2 = false;
    boolean claim3 = false;
    boolean claim4 = false;
    for (Attribute attribute : securityAssertion.getAttributeStatements().get(0).getAttributes()) {
        if (attribute.getName().equals("claim1")) {
            claim1 = true;
            assertEquals("value1", attribute.getValues().get(0));
        }
        if (attribute.getName().equals("claim2")) {
            claim2 = true;
            assertTrue(attribute.getValues().stream().anyMatch(v -> v.equals("value2")));
            assertTrue(attribute.getValues().stream().anyMatch(v -> v.equals("value3")));
        }
        if (attribute.getName().equals(":")) {
            claim3 = true;
        }
        if (attribute.getName().equals("bad")) {
            claim4 = true;
        }
    }
    assertTrue(claim1);
    assertTrue(claim2);
    assertFalse(claim3);
    assertFalse(claim4);
    AuthenticationInfo newAuthenticationInfo = guestRealm.doGetAuthenticationInfo(baseAuthenticationToken);
    assertNotSame(authenticationInfo, newAuthenticationInfo);
}
Also used : SecurityAssertion(ddf.security.assertion.SecurityAssertion) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) Arrays(java.util.Arrays) Attribute(ddf.security.assertion.Attribute) Iterator(java.util.Iterator) BeforeClass(org.junit.BeforeClass) SecurityLogger(ddf.security.audit.SecurityLogger) Assert.assertNotSame(org.junit.Assert.assertNotSame) Assert.assertTrue(org.junit.Assert.assertTrue) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) Test(org.junit.Test) Assert.assertFalse(org.junit.Assert.assertFalse) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken) Assert.assertEquals(org.junit.Assert.assertEquals) Mockito.mock(org.mockito.Mockito.mock) Attribute(ddf.security.assertion.Attribute) BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken) Iterator(java.util.Iterator) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) Test(org.junit.Test)

Aggregations

Attribute (ddf.security.assertion.Attribute)15 AttributeStatement (ddf.security.assertion.AttributeStatement)10 SecurityAssertion (ddf.security.assertion.SecurityAssertion)7 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)5 Principal (java.security.Principal)3 X500Principal (javax.security.auth.x500.X500Principal)3 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)3 BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)3 Test (org.junit.Test)3 Subject (ddf.security.Subject)2 AuthenticationStatement (ddf.security.assertion.AuthenticationStatement)2 AttributeDefault (ddf.security.assertion.impl.AttributeDefault)2 Claim (ddf.security.claims.Claim)2 GuestPrincipal (ddf.security.principal.impl.GuestPrincipal)2 Arrays (java.util.Arrays)2 HashSet (java.util.HashSet)2 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2 RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)2 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)2 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2