Example 16 with PrincipalHolder
use of ddf.security.common.PrincipalHolder in project ddf by codice.
the class LogoutRequestServiceTest method setup.
@Before
public void setup() throws ParserConfigurationException, SAXException, IOException {
simpleSign = mock(SimpleSign.class);
idpMetadata = mock(IdpMetadata.class);
relayStates = mock(RelayStates.class);
sessionFactory = mock(SessionFactory.class);
request = mock(HttpServletRequest.class);
logoutMessage = mock(LogoutMessageImpl.class);
UuidGenerator uuidGenerator = mock(UuidGenerator.class);
doReturn(UUID.randomUUID().toString()).when(uuidGenerator).generateUuid();
doReturn(uuidGenerator).when(logoutMessage).getUuidGenerator();
encryptionService = mock(EncryptionService.class);
Element issuedAssertion = readSamlAssertion().getDocumentElement();
SimplePrincipalCollection principalCollection = new SimplePrincipalCollection();
SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
principalCollection.add(securityAssertion, "default");
when(securityAssertion.getToken()).thenReturn(issuedAssertion);
PrincipalHolder principalHolder = mock(PrincipalHolder.class);
when(principalHolder.getPrincipals()).thenReturn(principalCollection);
initializeLogoutRequestService();
HttpSession session = mock(HttpSession.class);
when(sessionFactory.getOrCreateSession(request)).thenReturn(session);
when(session.getAttribute(eq(SecurityConstants.SECURITY_TOKEN_KEY))).thenReturn(principalHolder);
when(request.getRequestURL()).thenReturn(new StringBuffer("https://www.url.com/url"));
when(idpMetadata.getSigningCertificate()).thenReturn("signingCertificate");
when(idpMetadata.getSingleLogoutBinding()).thenReturn(SamlProtocol.REDIRECT_BINDING);
when(idpMetadata.getSingleLogoutLocation()).thenReturn(redirectLogoutUrl);
}
Also used :
SessionFactory(ddf.security.http.SessionFactory)
RelayStates(ddf.security.samlp.impl.RelayStates)
UuidGenerator(org.codice.ddf.platform.util.uuidgenerator.UuidGenerator)
HttpSession(javax.servlet.http.HttpSession)
LogoutMessageImpl(ddf.security.samlp.impl.LogoutMessageImpl)
Element(org.w3c.dom.Element)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SimpleSign(ddf.security.samlp.impl.SimpleSign)
EncryptionService(ddf.security.encryption.EncryptionService)
PrincipalHolder(ddf.security.common.PrincipalHolder)
Before(org.junit.Before)
Example 17 with PrincipalHolder
use of ddf.security.common.PrincipalHolder in project ddf by codice.
the class OidcLogoutActionProvider method getAction.
/**
* *
*
* @param <T> is a Map<String, Subject>
* @param subjectMap containing the corresponding subject
* @return OidcLogoutActionProvider containing the logout url
*/
@Override
public <T> Action getAction(T subjectMap) {
if (!canHandle(subjectMap)) {
return null;
}
String logoutUrlString = "";
URL logoutUrl = null;
try {
HttpServletRequest request = (HttpServletRequest) ((Map) subjectMap).get("http_request");
HttpServletResponse response = (HttpServletResponse) ((Map) subjectMap).get("http_response");
JEESessionStore sessionStore = new JEESessionStore();
JEEContext jeeContext = new JEEContext(request, response, sessionStore);
HttpSession session = request.getSession(false);
PrincipalHolder principalHolder = null;
if (session != null) {
principalHolder = (PrincipalHolder) session.getAttribute(SecurityConstants.SECURITY_TOKEN_KEY);
}
OidcProfile oidcProfile = null;
if (principalHolder != null && principalHolder.getPrincipals() != null) {
Collection<SecurityAssertion> securityAssertions = principalHolder.getPrincipals().byType(SecurityAssertion.class);
for (SecurityAssertion securityAssertion : securityAssertions) {
if (SecurityAssertionJwt.JWT_TOKEN_TYPE.equals(securityAssertion.getTokenType())) {
oidcProfile = (OidcProfile) securityAssertion.getToken();
break;
}
}
}
if (oidcProfile == null) {
throw new IllegalStateException("Unable to determine OIDC profile for logout");
}
OidcLogoutActionBuilder logoutActionBuilder = handlerConfiguration.getOidcLogoutActionBuilder();
logoutActionBuilder.setAjaxRequestResolver(new DefaultAjaxRequestResolver() {
@Override
public boolean isAjax(final WebContext context) {
return false;
}
});
URIBuilder urlBuilder = new URIBuilder(SystemBaseUrl.EXTERNAL.constructUrl("/oidc/logout", true));
String prevUrl = getPreviousUrl(request);
if (prevUrl != null) {
urlBuilder.addParameter(PREV_URL, prevUrl);
}
RedirectionAction logoutAction = logoutActionBuilder.getLogoutAction(jeeContext, oidcProfile, urlBuilder.build().toString()).orElse(null);
if (logoutAction instanceof WithLocationAction) {
logoutUrlString = ((WithLocationAction) logoutAction).getLocation();
}
logoutUrl = new URL(logoutUrlString);
} catch (MalformedURLException | URISyntaxException e) {
LOGGER.info("Unable to resolve logout URL: {}", logoutUrlString);
} catch (ClassCastException e) {
LOGGER.debug("Unable to cast parameter to Map<String, Object>, {}", subjectMap, e);
}
return new ActionImpl(ID, TITLE, DESCRIPTION, logoutUrl);
}
Also used :
RedirectionAction(org.pac4j.core.exception.http.RedirectionAction)
MalformedURLException(java.net.MalformedURLException)
WebContext(org.pac4j.core.context.WebContext)
HttpSession(javax.servlet.http.HttpSession)
JEEContext(org.pac4j.core.context.JEEContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
JEESessionStore(org.pac4j.core.context.session.JEESessionStore)
WithLocationAction(org.pac4j.core.exception.http.WithLocationAction)
URISyntaxException(java.net.URISyntaxException)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
URL(java.net.URL)
URIBuilder(org.apache.http.client.utils.URIBuilder)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
DefaultAjaxRequestResolver(org.pac4j.core.http.ajax.DefaultAjaxRequestResolver)
OidcLogoutActionBuilder(org.pac4j.oidc.logout.OidcLogoutActionBuilder)
ActionImpl(ddf.action.impl.ActionImpl)
OidcProfile(org.pac4j.oidc.profile.OidcProfile)
PrincipalHolder(ddf.security.common.PrincipalHolder)
Aggregations
PrincipalHolder (ddf.security.common.PrincipalHolder)17
HttpSession (javax.servlet.http.HttpSession)12
Test (org.junit.Test)6
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
SecurityAssertion (ddf.security.assertion.SecurityAssertion)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)4
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)4
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)4
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)4
Before (org.junit.Before)3
SessionFactory (ddf.security.http.SessionFactory)2
X509Certificate (java.security.cert.X509Certificate)2
ServletRequest (javax.servlet.ServletRequest)2
ServletResponse (javax.servlet.ServletResponse)2
SecurityFilterChain (org.codice.ddf.platform.filter.SecurityFilterChain)2
BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)2
HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)2
SessionToken (org.codice.ddf.security.handler.SessionToken)2
AuthenticationHandler (org.codice.ddf.security.handler.api.AuthenticationHandler)2
ContextPolicy (org.codice.ddf.security.policy.context.ContextPolicy)2
