Search in sources :

Example 1 with ClaimsHandler

use of ddf.security.claims.ClaimsHandler in project ddf by codice.

the class PKIRealmTest method setup.

@Before
public void setup() {
    List<ClaimsHandler> claimsHandlers = new ArrayList<>();
    claimsHandlers.add(mock(ClaimsHandler.class));
    claimsHandlers.add(mock(ClaimsHandler.class));
    ClaimsCollection claims1 = new ClaimsCollectionImpl();
    ClaimImpl email1 = new ClaimImpl("email");
    email1.addValue("test@example.com");
    claims1.add(email1);
    ClaimsCollection claims2 = new ClaimsCollectionImpl();
    ClaimImpl email2 = new ClaimImpl("email");
    email2.addValue("tester@example.com");
    claims2.add(email2);
    when(claimsHandlers.get(0).retrieveClaims(any())).thenReturn(claims1);
    when(claimsHandlers.get(1).retrieveClaims(any())).thenReturn(claims2);
    pkiRealm.setClaimsHandlers(claimsHandlers);
}
Also used : ClaimsHandler(ddf.security.claims.ClaimsHandler) ClaimsCollectionImpl(ddf.security.claims.impl.ClaimsCollectionImpl) ArrayList(java.util.ArrayList) ClaimImpl(ddf.security.claims.impl.ClaimImpl) ClaimsCollection(ddf.security.claims.ClaimsCollection) Before(org.junit.Before)

Example 2 with ClaimsHandler

use of ddf.security.claims.ClaimsHandler in project ddf by codice.

the class PKIRealm method createPrincipalCollectionFromCertificate.

private SimplePrincipalCollection createPrincipalCollectionFromCertificate(X500Principal principal) {
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
    AttributeStatement attributeStatement = new AttributeStatementDefault();
    HashMap<String, Object> properties = createProperties(principal);
    for (ClaimsHandler claimsHandler : claimsHandlers) {
        ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(principal, Collections.singleton(principal), properties));
        mergeClaimsToAttributes(attributeStatement, claims);
    }
    final Instant now = Instant.now();
    SecurityAssertion assertion = assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(principal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours))).tokenType(PKI_TOKEN_TYPE).build();
    principals.add(assertion, "PKI");
    return principals;
}
Also used : ClaimsHandler(ddf.security.claims.ClaimsHandler) DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) AttributeStatement(ddf.security.assertion.AttributeStatement) AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault) Instant(java.time.Instant) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ClaimsCollection(ddf.security.claims.ClaimsCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion)

Example 3 with ClaimsHandler

use of ddf.security.claims.ClaimsHandler in project ddf by codice.

the class UsernamePasswordRealm method createPrincipalCollectionFromSubject.

private SimplePrincipalCollection createPrincipalCollectionFromSubject(Subject subject) {
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
    AttributeStatement attributeStatement = new AttributeStatementDefault();
    Principal userPrincipal = subject.getPrincipals().stream().filter(p -> p instanceof UserPrincipal).findFirst().orElseThrow(AuthenticationException::new);
    Set<Principal> rolePrincipals = subject.getPrincipals().stream().filter(p -> p instanceof RolePrincipal).collect(Collectors.toSet());
    for (ClaimsHandler claimsHandler : claimsHandlers) {
        ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(userPrincipal, rolePrincipals, new HashMap<>()));
        mergeClaimsToAttributes(attributeStatement, claims);
    }
    final Instant now = Instant.now();
    assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(userPrincipal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours)));
    for (Principal principal : rolePrincipals) {
        assertionBuilder.addPrincipal(principal);
    }
    assertionBuilder.tokenType(USER_PASS_TOKEN_TYPE);
    SecurityAssertion assertion = assertionBuilder.build();
    principals.add(assertion, "UP");
    return principals;
}
Also used : LoginException(javax.security.auth.login.LoginException) NamePasswordCallbackHandler(org.apache.wss4j.common.NamePasswordCallbackHandler) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder) AttributeStatement(ddf.security.assertion.AttributeStatement) LoginContext(javax.security.auth.login.LoginContext) ArrayList(java.util.ArrayList) JaasRealm(org.apache.karaf.jaas.config.JaasRealm) CallbackHandler(javax.security.auth.callback.CallbackHandler) Duration(java.time.Duration) AuthenticationTokenType(org.codice.ddf.security.handler.AuthenticationTokenType) Bundle(org.osgi.framework.Bundle) ClaimsHandler(ddf.security.claims.ClaimsHandler) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ServiceReference(org.osgi.framework.ServiceReference) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Claim(ddf.security.claims.Claim) SecurityAssertion(ddf.security.assertion.SecurityAssertion) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) Logger(org.slf4j.Logger) Attribute(ddf.security.assertion.Attribute) AttributeDefault(ddf.security.assertion.impl.AttributeDefault) Set(java.util.Set) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) Subject(javax.security.auth.Subject) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) ClaimsCollection(ddf.security.claims.ClaimsCollection) Base64(java.util.Base64) List(java.util.List) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal) AuthenticationException(org.apache.shiro.authc.AuthenticationException) AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault) AuthenticatingRealm(org.apache.shiro.realm.AuthenticatingRealm) BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken) FrameworkUtil(org.osgi.framework.FrameworkUtil) CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList) ClaimsHandler(ddf.security.claims.ClaimsHandler) DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder) AuthenticationException(org.apache.shiro.authc.AuthenticationException) HashMap(java.util.HashMap) Instant(java.time.Instant) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) AttributeStatement(ddf.security.assertion.AttributeStatement) AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault) ClaimsCollection(ddf.security.claims.ClaimsCollection) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal)

Example 4 with ClaimsHandler

use of ddf.security.claims.ClaimsHandler in project ddf by codice.

the class UsernamePasswordRealmTest method setup.

@Before
public void setup() {
    List<ClaimsHandler> claimsHandlers = new ArrayList<>();
    claimsHandlers.add(mock(ClaimsHandler.class));
    claimsHandlers.add(mock(ClaimsHandler.class));
    ClaimsCollection claims1 = new ClaimsCollectionImpl();
    ClaimImpl email1 = new ClaimImpl("email");
    email1.addValue("test@example.com");
    claims1.add(email1);
    ClaimsCollection claims2 = new ClaimsCollectionImpl();
    ClaimImpl email2 = new ClaimImpl("email");
    email2.addValue("tester@example.com");
    claims2.add(email2);
    when(claimsHandlers.get(0).retrieveClaims(any())).thenReturn(claims1);
    when(claimsHandlers.get(1).retrieveClaims(any())).thenReturn(claims2);
    upRealm.setClaimsHandlers(claimsHandlers);
    JaasRealm jaasRealm = mock(JaasRealm.class);
    when(jaasRealm.getName()).thenReturn("realm");
    upRealm.realmList.add(jaasRealm);
}
Also used : JaasRealm(org.apache.karaf.jaas.config.JaasRealm) ClaimsHandler(ddf.security.claims.ClaimsHandler) ClaimsCollectionImpl(ddf.security.claims.impl.ClaimsCollectionImpl) ArrayList(java.util.ArrayList) ClaimImpl(ddf.security.claims.impl.ClaimImpl) ClaimsCollection(ddf.security.claims.ClaimsCollection) Before(org.junit.Before)

Example 5 with ClaimsHandler

use of ddf.security.claims.ClaimsHandler in project ddf by codice.

the class ClaimsHandlerManager method registerClaimsHandler.

/**
 * Utility method that registers a ClaimsHandler and returns the service registration.
 *
 * @param handler Handler that should be registered.
 * @param registration Previous registration, will be used to unregister if not null.
 * @return new registration for the service.
 */
private ServiceRegistration<ClaimsHandler> registerClaimsHandler(ClaimsHandler handler, ServiceRegistration<ClaimsHandler> registration) {
    BundleContext context = getContext();
    if (null != context) {
        if (registration != null) {
            ClaimsHandler oldClaimsHandler = context.getService(registration.getReference());
            if (oldClaimsHandler instanceof RoleClaimsHandler) {
                ((RoleClaimsHandler) oldClaimsHandler).disconnect();
            } else if (oldClaimsHandler instanceof LdapClaimsHandler) {
                ((LdapClaimsHandler) oldClaimsHandler).disconnect();
            }
            registration.unregister();
        }
        return context.registerService(ClaimsHandler.class, handler, null);
    }
    return null;
}
Also used : ClaimsHandler(ddf.security.claims.ClaimsHandler) BundleContext(org.osgi.framework.BundleContext)

Aggregations

ClaimsHandler (ddf.security.claims.ClaimsHandler)5 ClaimsCollection (ddf.security.claims.ClaimsCollection)4 ArrayList (java.util.ArrayList)3 AttributeStatement (ddf.security.assertion.AttributeStatement)2 SecurityAssertion (ddf.security.assertion.SecurityAssertion)2 AttributeStatementDefault (ddf.security.assertion.impl.AttributeStatementDefault)2 DefaultSecurityAssertionBuilder (ddf.security.assertion.impl.DefaultSecurityAssertionBuilder)2 ClaimImpl (ddf.security.claims.impl.ClaimImpl)2 ClaimsCollectionImpl (ddf.security.claims.impl.ClaimsCollectionImpl)2 ClaimsParametersImpl (ddf.security.claims.impl.ClaimsParametersImpl)2 Instant (java.time.Instant)2 JaasRealm (org.apache.karaf.jaas.config.JaasRealm)2 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2 Attribute (ddf.security.assertion.Attribute)1 AttributeDefault (ddf.security.assertion.impl.AttributeDefault)1 Claim (ddf.security.claims.Claim)1 StandardCharsets (java.nio.charset.StandardCharsets)1 Principal (java.security.Principal)1 Duration (java.time.Duration)1 Base64 (java.util.Base64)1