use of ddf.security.assertion.impl.AttributeStatementDefault in project ddf by codice.
the class PKIRealm method createPrincipalCollectionFromCertificate.
private SimplePrincipalCollection createPrincipalCollectionFromCertificate(X500Principal principal) {
SimplePrincipalCollection principals = new SimplePrincipalCollection();
DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
AttributeStatement attributeStatement = new AttributeStatementDefault();
HashMap<String, Object> properties = createProperties(principal);
for (ClaimsHandler claimsHandler : claimsHandlers) {
ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(principal, Collections.singleton(principal), properties));
mergeClaimsToAttributes(attributeStatement, claims);
}
final Instant now = Instant.now();
SecurityAssertion assertion = assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(principal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours))).tokenType(PKI_TOKEN_TYPE).build();
principals.add(assertion, "PKI");
return principals;
}
use of ddf.security.assertion.impl.AttributeStatementDefault in project ddf by codice.
the class UsernamePasswordRealm method createPrincipalCollectionFromSubject.
private SimplePrincipalCollection createPrincipalCollectionFromSubject(Subject subject) {
SimplePrincipalCollection principals = new SimplePrincipalCollection();
DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
AttributeStatement attributeStatement = new AttributeStatementDefault();
Principal userPrincipal = subject.getPrincipals().stream().filter(p -> p instanceof UserPrincipal).findFirst().orElseThrow(AuthenticationException::new);
Set<Principal> rolePrincipals = subject.getPrincipals().stream().filter(p -> p instanceof RolePrincipal).collect(Collectors.toSet());
for (ClaimsHandler claimsHandler : claimsHandlers) {
ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(userPrincipal, rolePrincipals, new HashMap<>()));
mergeClaimsToAttributes(attributeStatement, claims);
}
final Instant now = Instant.now();
assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(userPrincipal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours)));
for (Principal principal : rolePrincipals) {
assertionBuilder.addPrincipal(principal);
}
assertionBuilder.tokenType(USER_PASS_TOKEN_TYPE);
SecurityAssertion assertion = assertionBuilder.build();
principals.add(assertion, "UP");
return principals;
}
use of ddf.security.assertion.impl.AttributeStatementDefault in project ddf by codice.
the class GuestRealm method createPrincipalFromToken.
private SimplePrincipalCollection createPrincipalFromToken(BaseAuthenticationToken token) {
SimplePrincipalCollection principals = new SimplePrincipalCollection();
DefaultSecurityAssertionBuilder defaultSecurityAssertionBuilder = new DefaultSecurityAssertionBuilder();
Set<Map.Entry<URI, List<String>>> entries = claimsMap.entrySet();
AttributeStatementDefault attributeStatement = new AttributeStatementDefault();
for (Map.Entry<URI, List<String>> entry : entries) {
AttributeDefault attribute = new AttributeDefault();
attribute.setName(entry.getKey().toString());
for (String value : entry.getValue()) {
attribute.addValue(value);
}
attributeStatement.addAttribute(attribute);
}
defaultSecurityAssertionBuilder.addAttributeStatement(attributeStatement);
defaultSecurityAssertionBuilder.userPrincipal(new GuestPrincipal(token.getIpAddress()));
defaultSecurityAssertionBuilder.issuer("local");
defaultSecurityAssertionBuilder.notBefore(new Date());
// We don't really care how long it is "valid" for
defaultSecurityAssertionBuilder.notOnOrAfter(new Date(new Date().getTime() + 14400000L));
defaultSecurityAssertionBuilder.token(token);
defaultSecurityAssertionBuilder.tokenType(GUEST_TOKEN_TYPE);
SecurityAssertion securityAssertion = defaultSecurityAssertionBuilder.build();
Principal principal = securityAssertion.getPrincipal();
if (principal != null) {
principals.add(principal.getName(), getName());
}
principals.add(securityAssertion, getName());
return principals;
}
Aggregations