Search in sources :

Example 16 with PrincipalHolder

use of ddf.security.common.PrincipalHolder in project ddf by codice.

the class LogoutRequestServiceTest method setup.

@Before
public void setup() throws ParserConfigurationException, SAXException, IOException {
    simpleSign = mock(SimpleSign.class);
    idpMetadata = mock(IdpMetadata.class);
    relayStates = mock(RelayStates.class);
    sessionFactory = mock(SessionFactory.class);
    request = mock(HttpServletRequest.class);
    logoutMessage = mock(LogoutMessageImpl.class);
    UuidGenerator uuidGenerator = mock(UuidGenerator.class);
    doReturn(UUID.randomUUID().toString()).when(uuidGenerator).generateUuid();
    doReturn(uuidGenerator).when(logoutMessage).getUuidGenerator();
    encryptionService = mock(EncryptionService.class);
    Element issuedAssertion = readSamlAssertion().getDocumentElement();
    SimplePrincipalCollection principalCollection = new SimplePrincipalCollection();
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    principalCollection.add(securityAssertion, "default");
    when(securityAssertion.getToken()).thenReturn(issuedAssertion);
    PrincipalHolder principalHolder = mock(PrincipalHolder.class);
    when(principalHolder.getPrincipals()).thenReturn(principalCollection);
    initializeLogoutRequestService();
    HttpSession session = mock(HttpSession.class);
    when(sessionFactory.getOrCreateSession(request)).thenReturn(session);
    when(session.getAttribute(eq(SecurityConstants.SECURITY_TOKEN_KEY))).thenReturn(principalHolder);
    when(request.getRequestURL()).thenReturn(new StringBuffer("https://www.url.com/url"));
    when(idpMetadata.getSigningCertificate()).thenReturn("signingCertificate");
    when(idpMetadata.getSingleLogoutBinding()).thenReturn(SamlProtocol.REDIRECT_BINDING);
    when(idpMetadata.getSingleLogoutLocation()).thenReturn(redirectLogoutUrl);
}
Also used : SessionFactory(ddf.security.http.SessionFactory) RelayStates(ddf.security.samlp.impl.RelayStates) UuidGenerator(org.codice.ddf.platform.util.uuidgenerator.UuidGenerator) HttpSession(javax.servlet.http.HttpSession) LogoutMessageImpl(ddf.security.samlp.impl.LogoutMessageImpl) Element(org.w3c.dom.Element) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) HttpServletRequest(javax.servlet.http.HttpServletRequest) SimpleSign(ddf.security.samlp.impl.SimpleSign) EncryptionService(ddf.security.encryption.EncryptionService) PrincipalHolder(ddf.security.common.PrincipalHolder) Before(org.junit.Before)

Example 17 with PrincipalHolder

use of ddf.security.common.PrincipalHolder in project ddf by codice.

the class OidcLogoutActionProvider method getAction.

/**
 * *
 *
 * @param <T> is a Map<String, Subject>
 * @param subjectMap containing the corresponding subject
 * @return OidcLogoutActionProvider containing the logout url
 */
@Override
public <T> Action getAction(T subjectMap) {
    if (!canHandle(subjectMap)) {
        return null;
    }
    String logoutUrlString = "";
    URL logoutUrl = null;
    try {
        HttpServletRequest request = (HttpServletRequest) ((Map) subjectMap).get("http_request");
        HttpServletResponse response = (HttpServletResponse) ((Map) subjectMap).get("http_response");
        JEESessionStore sessionStore = new JEESessionStore();
        JEEContext jeeContext = new JEEContext(request, response, sessionStore);
        HttpSession session = request.getSession(false);
        PrincipalHolder principalHolder = null;
        if (session != null) {
            principalHolder = (PrincipalHolder) session.getAttribute(SecurityConstants.SECURITY_TOKEN_KEY);
        }
        OidcProfile oidcProfile = null;
        if (principalHolder != null && principalHolder.getPrincipals() != null) {
            Collection<SecurityAssertion> securityAssertions = principalHolder.getPrincipals().byType(SecurityAssertion.class);
            for (SecurityAssertion securityAssertion : securityAssertions) {
                if (SecurityAssertionJwt.JWT_TOKEN_TYPE.equals(securityAssertion.getTokenType())) {
                    oidcProfile = (OidcProfile) securityAssertion.getToken();
                    break;
                }
            }
        }
        if (oidcProfile == null) {
            throw new IllegalStateException("Unable to determine OIDC profile for logout");
        }
        OidcLogoutActionBuilder logoutActionBuilder = handlerConfiguration.getOidcLogoutActionBuilder();
        logoutActionBuilder.setAjaxRequestResolver(new DefaultAjaxRequestResolver() {

            @Override
            public boolean isAjax(final WebContext context) {
                return false;
            }
        });
        URIBuilder urlBuilder = new URIBuilder(SystemBaseUrl.EXTERNAL.constructUrl("/oidc/logout", true));
        String prevUrl = getPreviousUrl(request);
        if (prevUrl != null) {
            urlBuilder.addParameter(PREV_URL, prevUrl);
        }
        RedirectionAction logoutAction = logoutActionBuilder.getLogoutAction(jeeContext, oidcProfile, urlBuilder.build().toString()).orElse(null);
        if (logoutAction instanceof WithLocationAction) {
            logoutUrlString = ((WithLocationAction) logoutAction).getLocation();
        }
        logoutUrl = new URL(logoutUrlString);
    } catch (MalformedURLException | URISyntaxException e) {
        LOGGER.info("Unable to resolve logout URL: {}", logoutUrlString);
    } catch (ClassCastException e) {
        LOGGER.debug("Unable to cast parameter to Map<String, Object>, {}", subjectMap, e);
    }
    return new ActionImpl(ID, TITLE, DESCRIPTION, logoutUrl);
}
Also used : RedirectionAction(org.pac4j.core.exception.http.RedirectionAction) MalformedURLException(java.net.MalformedURLException) WebContext(org.pac4j.core.context.WebContext) HttpSession(javax.servlet.http.HttpSession) JEEContext(org.pac4j.core.context.JEEContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) JEESessionStore(org.pac4j.core.context.session.JEESessionStore) WithLocationAction(org.pac4j.core.exception.http.WithLocationAction) URISyntaxException(java.net.URISyntaxException) SecurityAssertion(ddf.security.assertion.SecurityAssertion) URL(java.net.URL) URIBuilder(org.apache.http.client.utils.URIBuilder) HttpServletRequest(javax.servlet.http.HttpServletRequest) DefaultAjaxRequestResolver(org.pac4j.core.http.ajax.DefaultAjaxRequestResolver) OidcLogoutActionBuilder(org.pac4j.oidc.logout.OidcLogoutActionBuilder) ActionImpl(ddf.action.impl.ActionImpl) OidcProfile(org.pac4j.oidc.profile.OidcProfile) PrincipalHolder(ddf.security.common.PrincipalHolder)

Aggregations

PrincipalHolder (ddf.security.common.PrincipalHolder)17 HttpSession (javax.servlet.http.HttpSession)12 Test (org.junit.Test)6 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 SecurityAssertion (ddf.security.assertion.SecurityAssertion)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)4 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)4 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)4 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)4 Before (org.junit.Before)3 SessionFactory (ddf.security.http.SessionFactory)2 X509Certificate (java.security.cert.X509Certificate)2 ServletRequest (javax.servlet.ServletRequest)2 ServletResponse (javax.servlet.ServletResponse)2 SecurityFilterChain (org.codice.ddf.platform.filter.SecurityFilterChain)2 BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)2 HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)2 SessionToken (org.codice.ddf.security.handler.SessionToken)2 AuthenticationHandler (org.codice.ddf.security.handler.api.AuthenticationHandler)2 ContextPolicy (org.codice.ddf.security.policy.context.ContextPolicy)2