Example 6 with SecurityAssertionImpl
use of ddf.security.assertion.impl.SecurityAssertionImpl in project ddf by codice.
the class SecurityManagerImpl method createPrincipalFromToken.
/**
* Creates a new principal object from an incoming security token.
*
* @param token SecurityToken that contains the principals.
* @return new SimplePrincipalCollection
*/
private SimplePrincipalCollection createPrincipalFromToken(SecurityToken token) {
SimplePrincipalCollection principals = new SimplePrincipalCollection();
for (Realm curRealm : realms) {
LOGGER.debug("Configuring settings for realm name: {} type: {}", curRealm.getName(), curRealm.getClass().toString());
LOGGER.debug("Is authorizer: {}, is AuthorizingRealm: {}", curRealm instanceof Authorizer, curRealm instanceof AuthorizingRealm);
SecurityAssertion securityAssertion = null;
try {
securityAssertion = new SecurityAssertionImpl(token, usernameAttributeList);
Principal principal = securityAssertion.getPrincipal();
if (principal != null) {
principals.add(principal.getName(), curRealm.getName());
}
} catch (Exception e) {
LOGGER.warn("Encountered error while trying to get the Principal for the SecurityToken. Security functions may not work properly.", e);
}
if (securityAssertion != null) {
principals.add(securityAssertion, curRealm.getName());
}
}
return principals;
}
Also used :
Authorizer(org.apache.shiro.authz.Authorizer)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Realm(org.apache.shiro.realm.Realm)
AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
Principal(java.security.Principal)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)
Example 7 with SecurityAssertionImpl
use of ddf.security.assertion.impl.SecurityAssertionImpl in project ddf by codice.
the class IdpEndpoint method hasValidCookie.
private boolean hasValidCookie(HttpServletRequest request, boolean forceAuthn) {
Cookie cookie = getCookie(request);
if (cookie != null) {
LOGGER.debug("Retrieving cookie {}:{} from cache.", cookie.getValue(), cookie.getName());
String key = cookie.getValue();
LOGGER.debug("Retrieving SAML Token from cookie.");
Element samlToken = cookieCache.getSamlAssertion(key);
if (samlToken != null) {
String assertionId = samlToken.getAttribute("ID");
SecurityToken securityToken = new SecurityToken(assertionId, samlToken, null);
SecurityAssertionImpl assertion = new SecurityAssertionImpl(securityToken);
if (forceAuthn || !assertion.isPresentlyValid()) {
cookieCache.removeSamlAssertion(key);
return false;
}
return true;
}
}
return false;
}
Also used :
NewCookie(javax.ws.rs.core.NewCookie)
Cookie(javax.servlet.http.Cookie)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SOAPElement(javax.xml.soap.SOAPElement)
SOAPHeaderElement(javax.xml.soap.SOAPHeaderElement)
Element(org.w3c.dom.Element)
SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)
Example 8 with SecurityAssertionImpl
use of ddf.security.assertion.impl.SecurityAssertionImpl in project ddf by codice.
the class AbstractStsRealm method doGetAuthenticationInfo.
/**
* Perform authentication based on the supplied token.
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
String method = "doGetAuthenticationInfo( AuthenticationToken token )";
Object credential;
if (token instanceof SAMLAuthenticationToken) {
credential = token.getCredentials();
} else if (token instanceof BaseAuthenticationToken) {
credential = ((BaseAuthenticationToken) token).getCredentialsAsXMLString();
} else {
credential = token.getCredentials().toString();
}
if (credential == null) {
String msg = "Unable to authenticate credential. A NULL credential was provided in the supplied authentication token. This may be due to an error with the SSO server that created the token.";
LOGGER.info(msg);
throw new AuthenticationException(msg);
} else {
//removed the credentials from the log message for now, I don't think we should be dumping user/pass into log
LOGGER.debug("Received credentials.");
}
SecurityToken securityToken;
if (token instanceof SAMLAuthenticationToken && credential instanceof SecurityToken) {
securityToken = renewSecurityToken((SecurityToken) credential);
} else {
securityToken = requestSecurityToken(credential);
}
LOGGER.debug("Creating token authentication information with SAML.");
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
SimplePrincipalCollection principals = new SimplePrincipalCollection();
SecurityAssertion assertion = new SecurityAssertionImpl(securityToken);
principals.add(assertion.getPrincipal(), NAME);
principals.add(assertion, NAME);
simpleAuthenticationInfo.setPrincipals(principals);
simpleAuthenticationInfo.setCredentials(credential);
return simpleAuthenticationInfo;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken)
SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)
Example 9 with SecurityAssertionImpl
use of ddf.security.assertion.impl.SecurityAssertionImpl in project ddf by codice.
the class SAMLAssertionHandler method getNormalizedToken.
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, FilterChain chain, boolean resolve) {
HandlerResult handlerResult = new HandlerResult();
String realm = (String) request.getAttribute(ContextPolicy.ACTIVE_REALM);
SecurityToken securityToken;
HttpServletRequest httpRequest = (HttpServletRequest) request;
String authHeader = ((HttpServletRequest) request).getHeader(SecurityConstants.SAML_HEADER_NAME);
// check for full SAML assertions coming in (federated requests, etc.)
if (authHeader != null) {
String[] tokenizedAuthHeader = authHeader.split(" ");
if (tokenizedAuthHeader.length == 2 && tokenizedAuthHeader[0].equals("SAML")) {
String encodedSamlAssertion = tokenizedAuthHeader[1];
LOGGER.trace("Header retrieved");
try {
String tokenString = RestSecurity.inflateBase64(encodedSamlAssertion);
LOGGER.trace("Header value: {}", tokenString);
securityToken = new SecurityToken();
Element thisToken = null;
if (tokenString.contains(SAML_NAMESPACE)) {
try {
thisToken = StaxUtils.read(new StringReader(tokenString)).getDocumentElement();
} catch (XMLStreamException e) {
LOGGER.info("Unexpected error converting XML string to element - proceeding without SAML token.", e);
}
} else {
thisToken = parseAssertionWithoutNamespace(tokenString);
}
securityToken.setToken(thisToken);
SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, securityToken, realm);
handlerResult.setToken(samlToken);
handlerResult.setStatus(HandlerResult.Status.COMPLETED);
} catch (IOException e) {
LOGGER.info("Unexpected error converting header value to string", e);
}
return handlerResult;
}
}
// Check for legacy SAML cookie
Map<String, Cookie> cookies = HttpUtils.getCookieMap(httpRequest);
Cookie samlCookie = cookies.get(SecurityConstants.SAML_COOKIE_NAME);
if (samlCookie != null) {
String cookieValue = samlCookie.getValue();
LOGGER.trace("Cookie retrieved");
try {
String tokenString = RestSecurity.inflateBase64(cookieValue);
LOGGER.trace("Cookie value: {}", tokenString);
securityToken = new SecurityToken();
Element thisToken = StaxUtils.read(new StringReader(tokenString)).getDocumentElement();
securityToken.setToken(thisToken);
SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, securityToken, realm);
handlerResult.setToken(samlToken);
handlerResult.setStatus(HandlerResult.Status.COMPLETED);
} catch (IOException e) {
LOGGER.info("Unexpected error converting cookie value to string - proceeding without SAML token.", e);
} catch (XMLStreamException e) {
LOGGER.info("Unexpected error converting XML string to element - proceeding without SAML token.", e);
}
return handlerResult;
}
HttpSession session = httpRequest.getSession(false);
if (session == null && httpRequest.getRequestedSessionId() != null) {
session = sessionFactory.getOrCreateSession(httpRequest);
}
if (session != null) {
//Check if there is a SAML Assertion in the session
//If so, create a SAMLAuthenticationToken using the sessionId
SecurityTokenHolder savedToken = (SecurityTokenHolder) session.getAttribute(SecurityConstants.SAML_ASSERTION);
if (savedToken != null && savedToken.getSecurityToken(realm) != null) {
SecurityAssertionImpl assertion = new SecurityAssertionImpl(savedToken.getSecurityToken(realm));
if (assertion.isPresentlyValid()) {
LOGGER.trace("Creating SAML authentication token with session.");
SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, session.getId(), realm);
handlerResult.setToken(samlToken);
handlerResult.setStatus(HandlerResult.Status.COMPLETED);
return handlerResult;
} else {
LOGGER.trace("SAML token in session has expired - removing from session and returning with no results");
savedToken.remove(realm);
}
} else {
LOGGER.trace("No SAML token located in session - returning with no results");
}
} else {
LOGGER.trace("No HTTP Session - returning with no results");
}
return handlerResult;
}
Also used :
Cookie(javax.servlet.http.Cookie)
HttpSession(javax.servlet.http.HttpSession)
Element(org.w3c.dom.Element)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
IOException(java.io.IOException)
SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken)
SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityTokenHolder(ddf.security.common.SecurityTokenHolder)
XMLStreamException(javax.xml.stream.XMLStreamException)
StringReader(java.io.StringReader)
Aggregations
SecurityAssertionImpl (ddf.security.assertion.impl.SecurityAssertionImpl)9
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)7
SecurityAssertion (ddf.security.assertion.SecurityAssertion)5
SecurityTokenHolder (ddf.security.common.SecurityTokenHolder)4
HttpSession (javax.servlet.http.HttpSession)3
SAMLAuthenticationToken (org.codice.ddf.security.handler.api.SAMLAuthenticationToken)3
SecurityServiceException (ddf.security.service.SecurityServiceException)2
IOException (java.io.IOException)2
Principal (java.security.Principal)2
Cookie (javax.servlet.http.Cookie)2
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2
Element (org.w3c.dom.Element)2
Subject (ddf.security.Subject)1
StringReader (java.io.StringReader)1
InvalidKeyException (java.security.InvalidKeyException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
NoSuchProviderException (java.security.NoSuchProviderException)1
SignatureException (java.security.SignatureException)1
CertificateException (java.security.cert.CertificateException)1
Date (java.util.Date)1
