Examples with SecurityTokenHolder ddf.security.common.SecurityTokenHolder used on opensource projects

Search in sources :

Example 6 with SecurityTokenHolder

use of ddf.security.common.SecurityTokenHolder in project ddf by codice.

the class LogoutService method getActionProviders.

@GET
@Path("/actions")
public Response getActionProviders(@Context HttpServletRequest request) throws SecurityServiceException {
    HttpSession session = httpSessionFactory.getOrCreateSession(request);
    Map<String, SecurityToken> realmTokenMap = ((SecurityTokenHolder) session.getAttribute(SecurityConstants.SAML_ASSERTION)).getRealmTokenMap();
    Map<String, Subject> realmSubjectMap = new HashMap<>();
    for (Map.Entry<String, SecurityToken> entry : realmTokenMap.entrySet()) {
        realmSubjectMap.put(entry.getKey(), securityManager.getSubject(entry.getValue()));
    }
    List<Map<String, String>> realmToPropMaps = new ArrayList<>();
    for (ActionProvider actionProvider : logoutActionProviders) {
        Action action = actionProvider.getAction(realmSubjectMap);
        if (action != null) {
            String realm = StringUtils.substringAfterLast(action.getId(), ".");
            //if the user is logged in and isn't a guest, add them
            if (realmTokenMap.get(realm) != null) {
                Map<String, String> actionProperties = new HashMap<>();
                String displayName = SubjectUtils.getName(realmSubjectMap.get(realm), "", true);
                if (displayName != null && !displayName.equals(SubjectUtils.GUEST_DISPLAY_NAME)) {
                    actionProperties.put("title", action.getTitle());
                    actionProperties.put("realm", realm);
                    actionProperties.put("auth", displayName);
                    actionProperties.put("description", action.getDescription());
                    actionProperties.put("url", action.getUrl().toString());
                    realmToPropMaps.add(actionProperties);
                }
            }
        }
    }
    return Response.ok(new ByteArrayInputStream(toJson(realmToPropMaps).getBytes(StandardCharsets.UTF_8))).build();
}
Also used : ActionProvider(ddf.action.ActionProvider) Action(ddf.action.Action) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) ArrayList(java.util.ArrayList) Subject(org.apache.shiro.subject.Subject) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityTokenHolder(ddf.security.common.SecurityTokenHolder) ByteArrayInputStream(java.io.ByteArrayInputStream) HashMap(java.util.HashMap) Map(java.util.Map) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Example 7 with SecurityTokenHolder

use of ddf.security.common.SecurityTokenHolder in project ddf by codice.

the class TestLogoutService method initialize.

@BeforeClass
public static void initialize() {
    Map<String, SecurityToken> realmTokenMap = new HashMap<>();
    realmTokenMap.put("karaf", new SecurityToken());
    realmTokenMap.put("ldap", new SecurityToken());
    sessionFactory = mock(SessionFactory.class);
    HttpSession httpSession = mock(HttpSession.class);
    SecurityTokenHolder securityTokenHolder = mock(SecurityTokenHolder.class);
    sm = mock(SecurityManager.class);
    when(sessionFactory.getOrCreateSession(null)).thenReturn(httpSession);
    when(httpSession.getAttribute(SecurityConstants.SAML_ASSERTION)).thenReturn(securityTokenHolder);
    when(securityTokenHolder.getRealmTokenMap()).thenReturn(realmTokenMap);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SessionFactory(ddf.security.http.SessionFactory) SecurityTokenHolder(ddf.security.common.SecurityTokenHolder) SecurityManager(ddf.security.service.SecurityManager) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) BeforeClass(org.junit.BeforeClass)

Example 8 with SecurityTokenHolder

use of ddf.security.common.SecurityTokenHolder in project ddf by codice.

the class LoginFilter method renewSecurityToken.

private SAMLAuthenticationToken renewSecurityToken(HttpSession session, SAMLAuthenticationToken savedToken) throws ServletException, WSSecurityException {
    if (session != null) {
        SecurityAssertion savedAssertion = new SecurityAssertionImpl(((SecurityToken) savedToken.getCredentials()));
        if (savedAssertion.getIssuer() != null && !savedAssertion.getIssuer().equals(SystemBaseUrl.getHost())) {
            return null;
        }
        if (savedAssertion.getNotOnOrAfter() == null) {
            return null;
        }
        long afterMil = savedAssertion.getNotOnOrAfter().getTime();
        long timeoutMillis = (afterMil - System.currentTimeMillis());
        if (timeoutMillis <= 0) {
            throw new InvalidSAMLReceivedException("SAML assertion has expired.");
        }
        if (timeoutMillis <= 60000) {
            // within 60 seconds
            try {
                LOGGER.debug("Attempting to refresh user's SAML assertion.");
                Subject subject = securityManager.getSubject(savedToken);
                LOGGER.debug("Refresh of user assertion successful");
                for (Object principal : subject.getPrincipals()) {
                    if (principal instanceof SecurityAssertion) {
                        SecurityToken token = ((SecurityAssertion) principal).getSecurityToken();
                        SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken((java.security.Principal) savedToken.getPrincipal(), token, savedToken.getRealm());
                        if (LOGGER.isTraceEnabled()) {
                            LOGGER.trace("Setting session token - class: {}  classloader: {}", token.getClass().getName(), token.getClass().getClassLoader());
                        }
                        ((SecurityTokenHolder) session.getAttribute(SecurityConstants.SAML_ASSERTION)).addSecurityToken(savedToken.getRealm(), token);
                        LOGGER.debug("Saved new user assertion to session.");
                        return samlAuthenticationToken;
                    }
                }
            } catch (SecurityServiceException e) {
                LOGGER.debug("Unable to refresh user's SAML assertion. User will log out prematurely.", e);
                session.invalidate();
            } catch (Exception e) {
                LOGGER.info("Unhandled exception occurred.", e);
                session.invalidate();
            }
        }
    }
    return null;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityTokenHolder(ddf.security.common.SecurityTokenHolder) SecurityServiceException(ddf.security.service.SecurityServiceException) InvalidSAMLReceivedException(org.codice.ddf.security.handler.api.InvalidSAMLReceivedException) SecurityAssertion(ddf.security.assertion.SecurityAssertion) SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken) Subject(ddf.security.Subject) ServletException(javax.servlet.ServletException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) SecurityServiceException(ddf.security.service.SecurityServiceException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) InvalidSAMLReceivedException(org.codice.ddf.security.handler.api.InvalidSAMLReceivedException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) NoSuchProviderException(java.security.NoSuchProviderException) SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)

Example 9 with SecurityTokenHolder

use of ddf.security.common.SecurityTokenHolder in project ddf by codice.

the class LoginFilter method getSecurityToken.

private SecurityToken getSecurityToken(HttpSession session, String realm) {
    if (session.getAttribute(SecurityConstants.SAML_ASSERTION) == null) {
        LOGGER.debug("Security token holder missing from session. New session created improperly.");
        return null;
    }
    SecurityTokenHolder tokenHolder = ((SecurityTokenHolder) session.getAttribute(SecurityConstants.SAML_ASSERTION));
    SecurityToken token = tokenHolder.getSecurityToken(realm);
    if (token != null) {
        SecurityAssertionImpl assertion = new SecurityAssertionImpl(token);
        if (!assertion.isPresentlyValid()) {
            LOGGER.debug("Session SAML token is invalid.  Removing from session.");
            tokenHolder.remove(realm);
            return null;
        }
    }
    return token;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityTokenHolder(ddf.security.common.SecurityTokenHolder) SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)

Example 10 with SecurityTokenHolder

use of ddf.security.common.SecurityTokenHolder in project ddf by codice.

the class LoginFilterTest method testValidUsernameToken.

@Test
public void testValidUsernameToken() throws IOException, XMLStreamException, ServletException, ParserConfigurationException, SAXException, SecurityServiceException {
    FilterConfig filterConfig = mock(FilterConfig.class);
    LoginFilter loginFilter = new LoginFilter();
    loginFilter.setSessionFactory(sessionFactory);
    ddf.security.service.SecurityManager securityManager = mock(ddf.security.service.SecurityManager.class);
    loginFilter.setSecurityManager(securityManager);
    loginFilter.init(filterConfig);
    HttpServletRequest servletRequest = mock(HttpServletRequest.class);
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = mock(FilterChain.class);
    UPAuthenticationToken token = new UPAuthenticationToken("foo", "bar");
    HandlerResult result = new HandlerResult(HandlerResult.Status.COMPLETED, token);
    when(servletRequest.getAttribute("ddf.security.token")).thenReturn(result);
    HttpSession session = mock(HttpSession.class);
    when(servletRequest.getSession(true)).thenReturn(session);
    when(session.getAttribute(SecurityConstants.SAML_ASSERTION)).thenReturn(new SecurityTokenHolder());
    when(sessionFactory.getOrCreateSession(servletRequest)).thenReturn(session);
    Subject subject = mock(Subject.class, RETURNS_DEEP_STUBS);
    when(securityManager.getSubject(token)).thenReturn(subject);
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    when(assertion.getSecurityToken()).thenReturn(securityToken);
    when(subject.getPrincipals().asList()).thenReturn(Arrays.asList(assertion));
    when(securityToken.getToken()).thenReturn(readDocument("/good_saml.xml").getDocumentElement());
    loginFilter.doFilter(servletRequest, servletResponse, filterChain);
}
Also used : HttpSession(javax.servlet.http.HttpSession) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityTokenHolder(ddf.security.common.SecurityTokenHolder) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken) FilterConfig(javax.servlet.FilterConfig) SecurityManager(ddf.security.service.SecurityManager) Test(org.junit.Test)

Aggregations

SecurityTokenHolder (ddf.security.common.SecurityTokenHolder)14 HttpSession (javax.servlet.http.HttpSession)11 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 SecurityAssertion (ddf.security.assertion.SecurityAssertion)4 SecurityAssertionImpl (ddf.security.assertion.impl.SecurityAssertionImpl)4 Subject (ddf.security.Subject)3 IOException (java.io.IOException)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Subject (org.apache.shiro.subject.Subject)3 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)3 Test (org.junit.Test)3 SessionFactory (ddf.security.http.SessionFactory)2 SecurityManager (ddf.security.service.SecurityManager)2 SecurityServiceException (ddf.security.service.SecurityServiceException)2 ArrayList (java.util.ArrayList)2 Enumeration (java.util.Enumeration)2 HashMap (java.util.HashMap)2 FilterChain (javax.servlet.FilterChain)2 ServletException (javax.servlet.ServletException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial