Search in sources :

Example 6 with ClaimsParametersImpl

use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.

the class RoleClaimsHandlerTest method testRetrieveClaimsValuesIgnoredReferences.

@Test
public void testRetrieveClaimsValuesIgnoredReferences() throws LdapException, SearchResultReferenceIOException {
    BindResult bindResult = mock(BindResult.class);
    ClaimsParameters claimsParameters;
    Connection connection = mock(Connection.class);
    ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
    ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
    LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
    LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
    ClaimsCollection processedClaims;
    RoleClaimsHandler claimsHandler;
    SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
    DN resultDN = DN.valueOf("uid=tstark,");
    SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
    String groupName = "avengers";
    when(bindResult.isSuccess()).thenReturn(true);
    membershipAttribute.add("tstark");
    when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
    // simulate two items in the list (a reference and an entry)
    when(membershipReader.hasNext()).thenReturn(true, true, false);
    // test a reference followed by entries thereafter
    when(membershipReader.isEntry()).thenReturn(false, true);
    when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
    when(membershipSearchResult.getName()).thenReturn(resultDN);
    groupNameAttribute.add(groupName);
    when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
    when(groupNameReader.hasNext()).thenReturn(true, true, false);
    when(groupNameReader.isEntry()).thenReturn(false, true);
    when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
    when(connection.bind(any())).thenReturn(bindResult);
    when(connection.search(any(), any(), eq("(&(objectClass=groupOfNames)(|(member=uid=tstark,)(member=uid=tstark,)))"), any())).thenReturn(groupNameReader);
    when(connection.search(anyString(), any(), anyString(), matches("uid"))).thenReturn(membershipReader);
    claimsHandler = new RoleClaimsHandler(new AttributeMapLoader(new SubjectUtils()));
    ConnectionFactory mockConnectionFactory = mock(ConnectionFactory.class);
    when(mockConnectionFactory.getConnection()).thenReturn(connection);
    claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
    claimsHandler.setBindMethod("Simple");
    claimsHandler.setBindUserCredentials("foo");
    claimsHandler.setBindUserDN("bar");
    claimsParameters = new ClaimsParametersImpl(new UserPrincipal(USER_CN), new HashSet<>(), new HashMap<>());
    processedClaims = claimsHandler.retrieveClaims(claimsParameters);
    assertThat(processedClaims, hasSize(1));
    Claim claim = processedClaims.get(0);
    assertThat(claim.getValues(), hasSize(1));
    assertThat(claim.getValues().get(0), equalTo(groupName));
}
Also used : SubjectUtils(ddf.security.service.impl.SubjectUtils) HashMap(java.util.HashMap) Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) ClaimsParameters(ddf.security.claims.ClaimsParameters) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) BindResult(org.forgerock.opendj.ldap.responses.BindResult) ClaimsCollection(ddf.security.claims.ClaimsCollection) Claim(ddf.security.claims.Claim) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 7 with ClaimsParametersImpl

use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.

the class UsersAttributesFileClaimsHandlerTest method testRetrieveClaimValuesRegex.

@Test
public void testRetrieveClaimValuesRegex() throws IOException {
    // given
    System.setProperty(SystemBaseUrl.INTERNAL_HOST, "testHostname");
    final UsersAttributesFileClaimsHandler usersAttributesFileClaimsHandler = new UsersAttributesFileClaimsHandler();
    usersAttributesFileClaimsHandler.setUsersAttributesFileLocation(getPathForValidTestAttributesFile());
    final ClaimsCollection ClaimsCollection = getClaimsCollectionForValidTestAttributesFile();
    final Principal principal = mock(Principal.class);
    when(principal.getName()).thenReturn("myhostname");
    final ClaimsParameters regexClaimsParameters = new ClaimsParametersImpl(principal, new HashSet<>(), new HashMap<>());
    // when
    ClaimsCollection processedClaims = usersAttributesFileClaimsHandler.retrieveClaims(regexClaimsParameters);
    // then
    assertThat(processedClaims, contains(allOf(hasProperty("name", is("reg")), hasProperty("values", containsInAnyOrder("ex")))));
}
Also used : ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) ClaimsCollection(ddf.security.claims.ClaimsCollection) Principal(java.security.Principal) ClaimsParameters(ddf.security.claims.ClaimsParameters) Test(org.junit.Test)

Example 8 with ClaimsParametersImpl

use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.

the class UsersAttributesFileClaimsHandlerTest method testRetrieveClaimValuesAdmin.

@Test
public void testRetrieveClaimValuesAdmin() throws IOException {
    // given
    System.setProperty(SystemBaseUrl.INTERNAL_HOST, "testHostname");
    final UsersAttributesFileClaimsHandler usersAttributesFileClaimsHandler = new UsersAttributesFileClaimsHandler();
    usersAttributesFileClaimsHandler.setUsersAttributesFileLocation(getPathForValidTestAttributesFile());
    final ClaimsCollection ClaimsCollection = getClaimsCollectionForValidTestAttributesFile();
    final ClaimsParameters localhostClaimsParameters;
    final Principal principal = mock(Principal.class);
    when(principal.getName()).thenReturn("admin");
    localhostClaimsParameters = new ClaimsParametersImpl(principal, new HashSet<>(), new HashMap<>());
    // when
    final ClaimsCollection processedClaims = usersAttributesFileClaimsHandler.retrieveClaims(localhostClaimsParameters);
    // then
    assertThat(processedClaims, contains(allOf(hasProperty("name", is("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")), hasProperty("values", containsInAnyOrder("admin@testHostname")))));
}
Also used : ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) HashMap(java.util.HashMap) ClaimsCollection(ddf.security.claims.ClaimsCollection) Principal(java.security.Principal) ClaimsParameters(ddf.security.claims.ClaimsParameters) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 9 with ClaimsParametersImpl

use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.

the class PKIRealm method createPrincipalCollectionFromCertificate.

private SimplePrincipalCollection createPrincipalCollectionFromCertificate(X500Principal principal) {
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
    AttributeStatement attributeStatement = new AttributeStatementDefault();
    HashMap<String, Object> properties = createProperties(principal);
    for (ClaimsHandler claimsHandler : claimsHandlers) {
        ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(principal, Collections.singleton(principal), properties));
        mergeClaimsToAttributes(attributeStatement, claims);
    }
    final Instant now = Instant.now();
    SecurityAssertion assertion = assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(principal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours))).tokenType(PKI_TOKEN_TYPE).build();
    principals.add(assertion, "PKI");
    return principals;
}
Also used : ClaimsHandler(ddf.security.claims.ClaimsHandler) DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) AttributeStatement(ddf.security.assertion.AttributeStatement) AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault) Instant(java.time.Instant) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ClaimsCollection(ddf.security.claims.ClaimsCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion)

Example 10 with ClaimsParametersImpl

use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.

the class UsernamePasswordRealm method createPrincipalCollectionFromSubject.

private SimplePrincipalCollection createPrincipalCollectionFromSubject(Subject subject) {
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
    AttributeStatement attributeStatement = new AttributeStatementDefault();
    Principal userPrincipal = subject.getPrincipals().stream().filter(p -> p instanceof UserPrincipal).findFirst().orElseThrow(AuthenticationException::new);
    Set<Principal> rolePrincipals = subject.getPrincipals().stream().filter(p -> p instanceof RolePrincipal).collect(Collectors.toSet());
    for (ClaimsHandler claimsHandler : claimsHandlers) {
        ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(userPrincipal, rolePrincipals, new HashMap<>()));
        mergeClaimsToAttributes(attributeStatement, claims);
    }
    final Instant now = Instant.now();
    assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(userPrincipal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours)));
    for (Principal principal : rolePrincipals) {
        assertionBuilder.addPrincipal(principal);
    }
    assertionBuilder.tokenType(USER_PASS_TOKEN_TYPE);
    SecurityAssertion assertion = assertionBuilder.build();
    principals.add(assertion, "UP");
    return principals;
}
Also used : LoginException(javax.security.auth.login.LoginException) NamePasswordCallbackHandler(org.apache.wss4j.common.NamePasswordCallbackHandler) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder) AttributeStatement(ddf.security.assertion.AttributeStatement) LoginContext(javax.security.auth.login.LoginContext) ArrayList(java.util.ArrayList) JaasRealm(org.apache.karaf.jaas.config.JaasRealm) CallbackHandler(javax.security.auth.callback.CallbackHandler) Duration(java.time.Duration) AuthenticationTokenType(org.codice.ddf.security.handler.AuthenticationTokenType) Bundle(org.osgi.framework.Bundle) ClaimsHandler(ddf.security.claims.ClaimsHandler) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ServiceReference(org.osgi.framework.ServiceReference) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Claim(ddf.security.claims.Claim) SecurityAssertion(ddf.security.assertion.SecurityAssertion) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) Logger(org.slf4j.Logger) Attribute(ddf.security.assertion.Attribute) AttributeDefault(ddf.security.assertion.impl.AttributeDefault) Set(java.util.Set) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) Subject(javax.security.auth.Subject) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) ClaimsCollection(ddf.security.claims.ClaimsCollection) Base64(java.util.Base64) List(java.util.List) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal) AuthenticationException(org.apache.shiro.authc.AuthenticationException) AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault) AuthenticatingRealm(org.apache.shiro.realm.AuthenticatingRealm) BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken) FrameworkUtil(org.osgi.framework.FrameworkUtil) CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList) ClaimsHandler(ddf.security.claims.ClaimsHandler) DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder) AuthenticationException(org.apache.shiro.authc.AuthenticationException) HashMap(java.util.HashMap) Instant(java.time.Instant) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) AttributeStatement(ddf.security.assertion.AttributeStatement) AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault) ClaimsCollection(ddf.security.claims.ClaimsCollection) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal)

Aggregations

ClaimsCollection (ddf.security.claims.ClaimsCollection)14 ClaimsParametersImpl (ddf.security.claims.impl.ClaimsParametersImpl)14 ClaimsParameters (ddf.security.claims.ClaimsParameters)12 Test (org.junit.Test)12 Principal (java.security.Principal)10 HashMap (java.util.HashMap)9 Claim (ddf.security.claims.Claim)4 HashSet (java.util.HashSet)4 UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)4 SubjectUtils (ddf.security.service.impl.SubjectUtils)3 AttributeStatement (ddf.security.assertion.AttributeStatement)2 SecurityAssertion (ddf.security.assertion.SecurityAssertion)2 AttributeStatementDefault (ddf.security.assertion.impl.AttributeStatementDefault)2 DefaultSecurityAssertionBuilder (ddf.security.assertion.impl.DefaultSecurityAssertionBuilder)2 ClaimsHandler (ddf.security.claims.ClaimsHandler)2 Instant (java.time.Instant)2 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2 Connection (org.forgerock.opendj.ldap.Connection)2 ConnectionFactory (org.forgerock.opendj.ldap.ConnectionFactory)2 DN (org.forgerock.opendj.ldap.DN)2