Example 16 with ClaimsCollection
use of ddf.security.claims.ClaimsCollection in project ddf by codice.
the class UsernamePasswordRealm method createPrincipalCollectionFromSubject.
private SimplePrincipalCollection createPrincipalCollectionFromSubject(Subject subject) {
SimplePrincipalCollection principals = new SimplePrincipalCollection();
DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
AttributeStatement attributeStatement = new AttributeStatementDefault();
Principal userPrincipal = subject.getPrincipals().stream().filter(p -> p instanceof UserPrincipal).findFirst().orElseThrow(AuthenticationException::new);
Set<Principal> rolePrincipals = subject.getPrincipals().stream().filter(p -> p instanceof RolePrincipal).collect(Collectors.toSet());
for (ClaimsHandler claimsHandler : claimsHandlers) {
ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(userPrincipal, rolePrincipals, new HashMap<>()));
mergeClaimsToAttributes(attributeStatement, claims);
}
final Instant now = Instant.now();
assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(userPrincipal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours)));
for (Principal principal : rolePrincipals) {
assertionBuilder.addPrincipal(principal);
}
assertionBuilder.tokenType(USER_PASS_TOKEN_TYPE);
SecurityAssertion assertion = assertionBuilder.build();
principals.add(assertion, "UP");
return principals;
}
Also used :
LoginException(javax.security.auth.login.LoginException)
NamePasswordCallbackHandler(org.apache.wss4j.common.NamePasswordCallbackHandler)
Date(java.util.Date)
LoggerFactory(org.slf4j.LoggerFactory)
HashMap(java.util.HashMap)
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder)
AttributeStatement(ddf.security.assertion.AttributeStatement)
LoginContext(javax.security.auth.login.LoginContext)
ArrayList(java.util.ArrayList)
JaasRealm(org.apache.karaf.jaas.config.JaasRealm)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
Duration(java.time.Duration)
AuthenticationTokenType(org.codice.ddf.security.handler.AuthenticationTokenType)
Bundle(org.osgi.framework.Bundle)
ClaimsHandler(ddf.security.claims.ClaimsHandler)
ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
ServiceReference(org.osgi.framework.ServiceReference)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Claim(ddf.security.claims.Claim)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
Logger(org.slf4j.Logger)
Attribute(ddf.security.assertion.Attribute)
AttributeDefault(ddf.security.assertion.impl.AttributeDefault)
Set(java.util.Set)
Instant(java.time.Instant)
Collectors(java.util.stream.Collectors)
StandardCharsets(java.nio.charset.StandardCharsets)
Subject(javax.security.auth.Subject)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
ClaimsCollection(ddf.security.claims.ClaimsCollection)
Base64(java.util.Base64)
List(java.util.List)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault)
AuthenticatingRealm(org.apache.shiro.realm.AuthenticatingRealm)
BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken)
FrameworkUtil(org.osgi.framework.FrameworkUtil)
CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList)
ClaimsHandler(ddf.security.claims.ClaimsHandler)
DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
HashMap(java.util.HashMap)
Instant(java.time.Instant)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl)
AttributeStatement(ddf.security.assertion.AttributeStatement)
AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault)
ClaimsCollection(ddf.security.claims.ClaimsCollection)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
Example 17 with ClaimsCollection
use of ddf.security.claims.ClaimsCollection in project ddf by codice.
the class UsernamePasswordRealmTest method setup.
@Before
public void setup() {
List<ClaimsHandler> claimsHandlers = new ArrayList<>();
claimsHandlers.add(mock(ClaimsHandler.class));
claimsHandlers.add(mock(ClaimsHandler.class));
ClaimsCollection claims1 = new ClaimsCollectionImpl();
ClaimImpl email1 = new ClaimImpl("email");
email1.addValue("test@example.com");
claims1.add(email1);
ClaimsCollection claims2 = new ClaimsCollectionImpl();
ClaimImpl email2 = new ClaimImpl("email");
email2.addValue("tester@example.com");
claims2.add(email2);
when(claimsHandlers.get(0).retrieveClaims(any())).thenReturn(claims1);
when(claimsHandlers.get(1).retrieveClaims(any())).thenReturn(claims2);
upRealm.setClaimsHandlers(claimsHandlers);
JaasRealm jaasRealm = mock(JaasRealm.class);
when(jaasRealm.getName()).thenReturn("realm");
upRealm.realmList.add(jaasRealm);
}
Also used :
JaasRealm(org.apache.karaf.jaas.config.JaasRealm)
ClaimsHandler(ddf.security.claims.ClaimsHandler)
ClaimsCollectionImpl(ddf.security.claims.impl.ClaimsCollectionImpl)
ArrayList(java.util.ArrayList)
ClaimImpl(ddf.security.claims.impl.ClaimImpl)
ClaimsCollection(ddf.security.claims.ClaimsCollection)
Before(org.junit.Before)
Example 18 with ClaimsCollection
use of ddf.security.claims.ClaimsCollection in project ddf by codice.
the class AttributeQueryClaimsHandler method retrieveClaims.
/**
* Retrieves claims from the external attribute store.
*
* @param parameters The subject to get claims for.
* @return The collection of claims or an empty collection if there are no security claims.
* @throws URISyntaxException
*/
@Override
public ClaimsCollection retrieveClaims(ClaimsParameters parameters) {
ClaimsCollection claimCollection = new ClaimsCollectionImpl();
Principal principal = parameters.getPrincipal();
if (principal == null) {
return claimCollection;
}
String nameId = getNameId(principal);
try {
if (!StringUtils.isEmpty(nameId)) {
ClaimsCollection securityClaimCollection = getAttributes(nameId);
// If security claim collection came back empty, return an empty claim collection.
if (!CollectionUtils.isEmpty(securityClaimCollection)) {
claimCollection.addAll(securityClaimCollection);
}
}
} catch (URISyntaxException e) {
LOGGER.info(ERROR_RETRIEVING_ATTRIBUTES + "Set log level to DEBUG for more information.", externalAttributeStoreUrl, nameId);
LOGGER.debug(ERROR_RETRIEVING_ATTRIBUTES, externalAttributeStoreUrl, nameId, e);
}
return claimCollection;
}
Also used :
ClaimsCollectionImpl(ddf.security.claims.impl.ClaimsCollectionImpl)
ClaimsCollection(ddf.security.claims.ClaimsCollection)
URISyntaxException(java.net.URISyntaxException)
Principal(java.security.Principal)
Example 19 with ClaimsCollection
use of ddf.security.claims.ClaimsCollection in project ddf by codice.
the class AttributeQueryClaimsHandlerTest method testRetrieveClaimsValuesNullPrincipal.
@Test
public void testRetrieveClaimsValuesNullPrincipal() {
ClaimsParameters claimsParameters = mock(ClaimsParameters.class);
when(claimsParameters.getPrincipal()).thenReturn(null);
ClaimsCollection processedClaims = spyAttributeQueryClaimsHandler.retrieveClaims(claimsParameters);
assertThat(processedClaims.size(), is(equalTo(0)));
}
Also used :
ClaimsCollection(ddf.security.claims.ClaimsCollection)
ClaimsParameters(ddf.security.claims.ClaimsParameters)
Test(org.junit.Test)
Example 20 with ClaimsCollection
use of ddf.security.claims.ClaimsCollection in project ddf by codice.
the class LdapClaimsHandlerTest method testUnsuccessfulConnectionBind.
@Test
public void testUnsuccessfulConnectionBind() throws LdapException {
when(mockBindResult.isSuccess()).thenReturn(false);
ClaimsCollection testClaimCollection = claimsHandler.retrieveClaims(claimsParameters);
assertThat(testClaimCollection.isEmpty(), is(true));
}
Also used :
ClaimsCollection(ddf.security.claims.ClaimsCollection)
Test(org.junit.Test)
Aggregations
ClaimsCollection (ddf.security.claims.ClaimsCollection)29
Test (org.junit.Test)18
Principal (java.security.Principal)16
ClaimsParameters (ddf.security.claims.ClaimsParameters)14
ClaimsParametersImpl (ddf.security.claims.impl.ClaimsParametersImpl)14
HashMap (java.util.HashMap)10
Claim (ddf.security.claims.Claim)9
ClaimsCollectionImpl (ddf.security.claims.impl.ClaimsCollectionImpl)9
ClaimImpl (ddf.security.claims.impl.ClaimImpl)6
ClaimsHandler (ddf.security.claims.ClaimsHandler)4
ArrayList (java.util.ArrayList)4
HashSet (java.util.HashSet)4
X500Principal (javax.security.auth.x500.X500Principal)4
UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)4
Connection (org.forgerock.opendj.ldap.Connection)4
BindResult (org.forgerock.opendj.ldap.responses.BindResult)4
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)4
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)4
SubjectUtils (ddf.security.service.impl.SubjectUtils)3
AttributeStatement (ddf.security.assertion.AttributeStatement)2
