Examples with AttributeStatement ddf.security.assertion.AttributeStatement used on opensource projects

Search in sources :

Example 6 with AttributeStatement

use of ddf.security.assertion.AttributeStatement in project ddf by codice.

the class SubjectIdentityTest method getSubjectWithAttributes.

private Subject getSubjectWithAttributes(Map<String, List<String>> attributes) {
    Subject subject = mock(Subject.class);
    PrincipalCollection pc = mock(PrincipalCollection.class);
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    AttributeStatement as = mock(AttributeStatement.class);
    List<Attribute> attrs = attributes.entrySet().stream().map(this::getAttribute).collect(Collectors.toList());
    doReturn(pc).when(subject).getPrincipals();
    doReturn(Collections.singletonList(assertion)).when(pc).byType(SecurityAssertion.class);
    doReturn(ImmutableList.of(assertion)).when(pc).byType(SecurityAssertion.class);
    doReturn(Collections.singletonList(as)).when(assertion).getAttributeStatements();
    doReturn(attrs).when(as).getAttributes();
    return subject;
}
Also used : Attribute(ddf.security.assertion.Attribute) AttributeStatement(ddf.security.assertion.AttributeStatement) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject)

Example 7 with AttributeStatement

use of ddf.security.assertion.AttributeStatement in project ddf by codice.

the class SecurityPluginTest method setupMockSubject.

private Subject setupMockSubject() {
    List<String> listOfAttributeValues = Arrays.asList(TEST_USER);
    Attribute mockAttribute = mock(Attribute.class);
    when(mockAttribute.getName()).thenReturn(SubjectOperations.EMAIL_ADDRESS_CLAIM_URI);
    when(mockAttribute.getValues()).thenReturn(listOfAttributeValues);
    List<Attribute> listOfAttributes = Arrays.asList(mockAttribute);
    AttributeStatement mockAttributeStatement = mock(AttributeStatement.class);
    when(mockAttributeStatement.getAttributes()).thenReturn(listOfAttributes);
    List<AttributeStatement> listOfAttributeStatements = Arrays.asList(mockAttributeStatement);
    Subject mockSubject = mock(Subject.class);
    PrincipalCollection mockPrincipals = mock(PrincipalCollection.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    when(mockSecurityAssertion.getAttributeStatements()).thenReturn(listOfAttributeStatements);
    when(mockPrincipals.byType(SecurityAssertion.class)).thenReturn(Collections.singletonList(mockSecurityAssertion));
    when(mockSubject.getPrincipals()).thenReturn(mockPrincipals);
    return mockSubject;
}
Also used : Attribute(ddf.security.assertion.Attribute) AttributeStatement(ddf.security.assertion.AttributeStatement) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject)

Example 8 with AttributeStatement

use of ddf.security.assertion.AttributeStatement in project ddf by codice.

the class PKIRealm method createPrincipalCollectionFromCertificate.

private SimplePrincipalCollection createPrincipalCollectionFromCertificate(X500Principal principal) {
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
    AttributeStatement attributeStatement = new AttributeStatementDefault();
    HashMap<String, Object> properties = createProperties(principal);
    for (ClaimsHandler claimsHandler : claimsHandlers) {
        ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(principal, Collections.singleton(principal), properties));
        mergeClaimsToAttributes(attributeStatement, claims);
    }
    final Instant now = Instant.now();
    SecurityAssertion assertion = assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(principal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours))).tokenType(PKI_TOKEN_TYPE).build();
    principals.add(assertion, "PKI");
    return principals;
}
Also used : ClaimsHandler(ddf.security.claims.ClaimsHandler) DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) AttributeStatement(ddf.security.assertion.AttributeStatement) AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault) Instant(java.time.Instant) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ClaimsCollection(ddf.security.claims.ClaimsCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion)

Example 9 with AttributeStatement

use of ddf.security.assertion.AttributeStatement in project ddf by codice.

the class UsernamePasswordRealm method createPrincipalCollectionFromSubject.

private SimplePrincipalCollection createPrincipalCollectionFromSubject(Subject subject) {
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
    AttributeStatement attributeStatement = new AttributeStatementDefault();
    Principal userPrincipal = subject.getPrincipals().stream().filter(p -> p instanceof UserPrincipal).findFirst().orElseThrow(AuthenticationException::new);
    Set<Principal> rolePrincipals = subject.getPrincipals().stream().filter(p -> p instanceof RolePrincipal).collect(Collectors.toSet());
    for (ClaimsHandler claimsHandler : claimsHandlers) {
        ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(userPrincipal, rolePrincipals, new HashMap<>()));
        mergeClaimsToAttributes(attributeStatement, claims);
    }
    final Instant now = Instant.now();
    assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(userPrincipal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours)));
    for (Principal principal : rolePrincipals) {
        assertionBuilder.addPrincipal(principal);
    }
    assertionBuilder.tokenType(USER_PASS_TOKEN_TYPE);
    SecurityAssertion assertion = assertionBuilder.build();
    principals.add(assertion, "UP");
    return principals;
}
Also used : LoginException(javax.security.auth.login.LoginException) NamePasswordCallbackHandler(org.apache.wss4j.common.NamePasswordCallbackHandler) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder) AttributeStatement(ddf.security.assertion.AttributeStatement) LoginContext(javax.security.auth.login.LoginContext) ArrayList(java.util.ArrayList) JaasRealm(org.apache.karaf.jaas.config.JaasRealm) CallbackHandler(javax.security.auth.callback.CallbackHandler) Duration(java.time.Duration) AuthenticationTokenType(org.codice.ddf.security.handler.AuthenticationTokenType) Bundle(org.osgi.framework.Bundle) ClaimsHandler(ddf.security.claims.ClaimsHandler) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ServiceReference(org.osgi.framework.ServiceReference) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Claim(ddf.security.claims.Claim) SecurityAssertion(ddf.security.assertion.SecurityAssertion) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) Logger(org.slf4j.Logger) Attribute(ddf.security.assertion.Attribute) AttributeDefault(ddf.security.assertion.impl.AttributeDefault) Set(java.util.Set) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) Subject(javax.security.auth.Subject) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) ClaimsCollection(ddf.security.claims.ClaimsCollection) Base64(java.util.Base64) List(java.util.List) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal) AuthenticationException(org.apache.shiro.authc.AuthenticationException) AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault) AuthenticatingRealm(org.apache.shiro.realm.AuthenticatingRealm) BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken) FrameworkUtil(org.osgi.framework.FrameworkUtil) CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList) ClaimsHandler(ddf.security.claims.ClaimsHandler) DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder) AuthenticationException(org.apache.shiro.authc.AuthenticationException) HashMap(java.util.HashMap) Instant(java.time.Instant) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) AttributeStatement(ddf.security.assertion.AttributeStatement) AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault) ClaimsCollection(ddf.security.claims.ClaimsCollection) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal)

Example 10 with AttributeStatement

use of ddf.security.assertion.AttributeStatement in project ddf by codice.

the class DefaultSecurityAssertionBuilderTest method testDefaultSecurityAssertionBuilder.

@Test
public void testDefaultSecurityAssertionBuilder() {
    Principal principal = mock(Principal.class);
    AttributeStatement attributeStatement = mock(AttributeStatement.class);
    AuthenticationStatement authenticationStatement = mock(AuthenticationStatement.class);
    Object token = new Object();
    Date notBefore = Date.from(Instant.now());
    Date notOnOrAfter = Date.from(Instant.now().plus(Duration.ofMinutes(1)));
    DefaultSecurityAssertionBuilder builder = new DefaultSecurityAssertionBuilder();
    SecurityAssertion assertion = builder.userPrincipal(principal).addPrincipal(principal).issuer("test").addAttributeStatement(attributeStatement).addAuthnStatement(authenticationStatement).addSubjectConfirmation("subjectConfirmation").tokenType("testToken").token(token).notBefore(notBefore).notOnOrAfter(notOnOrAfter).weight(7).build();
    assertThat(assertion.getPrincipal(), is(principal));
    assertThat(assertion.getPrincipals(), hasItem(principal));
    assertThat(assertion.getIssuer(), is("test"));
    assertThat(assertion.getAttributeStatements(), hasItem(attributeStatement));
    assertThat(assertion.getSubjectConfirmations(), hasItem("subjectConfirmation"));
    assertThat(assertion.getTokenType(), is("testToken"));
    assertThat(assertion.getToken(), is(token));
    assertThat(assertion.getNotBefore(), is(notBefore));
    assertThat(assertion.getNotOnOrAfter(), is(notOnOrAfter));
    assertThat(assertion.getWeight(), is(7));
}
Also used : AttributeStatement(ddf.security.assertion.AttributeStatement) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Principal(java.security.Principal) AuthenticationStatement(ddf.security.assertion.AuthenticationStatement) Date(java.util.Date) Test(org.junit.Test)

Aggregations

AttributeStatement (ddf.security.assertion.AttributeStatement)13 Attribute (ddf.security.assertion.Attribute)10 SecurityAssertion (ddf.security.assertion.SecurityAssertion)9 Principal (java.security.Principal)4 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)4 AuthenticationStatement (ddf.security.assertion.AuthenticationStatement)3 HashSet (java.util.HashSet)3 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3 BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)3 Subject (ddf.security.Subject)2 AttributeStatementDefault (ddf.security.assertion.impl.AttributeStatementDefault)2 DefaultSecurityAssertionBuilder (ddf.security.assertion.impl.DefaultSecurityAssertionBuilder)2 ClaimsCollection (ddf.security.claims.ClaimsCollection)2 ClaimsHandler (ddf.security.claims.ClaimsHandler)2 ClaimsParametersImpl (ddf.security.claims.impl.ClaimsParametersImpl)2 Instant (java.time.Instant)2 Date (java.util.Date)2 HashMap (java.util.HashMap)2 Set (java.util.Set)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial