Example 1 with SubjectImpl
use of ddf.security.impl.SubjectImpl in project ddf by codice.
the class SecurityManagerImpl method getSubject.
/**
* Creates a new subject based on an incoming AuthenticationToken
*
* @param token AuthenticationToken that should be used to authenticate the user and use as the
* basis for the new subject.
* @return new subject
* @throws SecurityServiceException
*/
private Subject getSubject(AuthenticationToken token) throws SecurityServiceException {
if (token.getCredentials() == null) {
throw new SecurityServiceException("CANNOT AUTHENTICATE USER: Authentication token did not contain any credentials. " + "This is generally due to an error on the authentication server.");
}
AuthenticationInfo info = internalManager.authenticate(token);
Collection<SecurityAssertion> securityAssertions = info.getPrincipals().byType(SecurityAssertion.class);
Iterator<SecurityAssertion> iterator = securityAssertions.iterator();
boolean userAuth = false;
while (iterator.hasNext()) {
SecurityAssertion assertion = iterator.next();
if (SecurityAssertion.IDP_AUTH_WEIGHT == assertion.getWeight() || SecurityAssertion.LOCAL_AUTH_WEIGHT == assertion.getWeight()) {
userAuth = true;
}
}
try {
return new SubjectImpl(info.getPrincipals(), userAuth, new SimpleSession(UUID.randomUUID().toString()), internalManager);
} catch (Exception e) {
throw new SecurityServiceException("Could not create a new subject", e);
}
}
Also used :
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
SubjectImpl(ddf.security.impl.SubjectImpl)
SimpleSession(org.apache.shiro.session.mgt.SimpleSession)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
SecurityServiceException(ddf.security.service.SecurityServiceException)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
UnknownAccountException(org.apache.shiro.authc.UnknownAccountException)
Example 2 with SubjectImpl
use of ddf.security.impl.SubjectImpl in project ddf by codice.
the class SecurityManagerImpl method getSubject.
@Override
public Subject getSubject(Object token) throws SecurityServiceException {
AuthenticationToken authenticationToken = null;
if (token instanceof SessionToken) {
SimpleSession session = new SimpleSession();
session.setId((String) ((SessionToken) token).getCredentials());
return new SubjectImpl(((PrincipalCollection) ((SessionToken) token).getPrincipal()), true, session, internalManager);
} else if (token instanceof AuthenticationToken) {
authenticationToken = (AuthenticationToken) token;
}
if (authenticationToken != null) {
Subject subject = getSubject(authenticationToken);
securityLogger.audit("Logged in", subject);
return subject;
} else {
throw new SecurityServiceException("Incoming token object NOT supported by security manager implementation. Currently supported types are AuthenticationToken and SecurityToken");
}
}
Also used :
SecurityServiceException(ddf.security.service.SecurityServiceException)
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
SessionToken(org.codice.ddf.security.handler.SessionToken)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimpleSession(org.apache.shiro.session.mgt.SimpleSession)
SubjectImpl(ddf.security.impl.SubjectImpl)
Subject(ddf.security.Subject)
Example 3 with SubjectImpl
use of ddf.security.impl.SubjectImpl in project ddf by codice.
the class LoginFilterTest method setup.
@Before
public void setup() throws Exception {
MockitoAnnotations.initMocks(this);
SimplePrincipalCollection principalCollection = new SimplePrincipalCollection();
principalHolder = new PrincipalHolder();
principalHolder.setPrincipals(principalCollection);
loginFilter = new LoginFilter();
loginFilter.setSecurityManager(securityManagerMock);
loginFilter.setSessionFactory(sessionFactory);
loginFilter.setContextPolicyManager(contextPolicyManager);
loginFilter.init();
subject = new SubjectImpl(principalCollectionMock, true, null, mock(org.apache.shiro.mgt.SecurityManager.class));
when(securityAssertionMock.getToken()).thenReturn(goodSecurityTokenMock);
when(principalCollectionMock.byType(SecurityAssertion.class)).thenReturn(Collections.singletonList(securityAssertionMock));
when(principalCollectionMock.asList()).thenReturn(Arrays.asList(goodSecurityTokenMock));
when(securityManagerMock.getSubject(goodAuthenticationTokenMock)).thenReturn(subject);
when(securityManagerMock.getSubject(badAuthenticationTokenMock)).thenReturn(null);
when(sessionMock.getId()).thenReturn("sessionId");
when(requestMock.getSession(any(boolean.class))).thenReturn(sessionMock);
when(sessionFactory.getOrCreateSession(any())).thenReturn(sessionMock);
when(sessionMock.getAttribute(SECURITY_TOKEN_KEY)).thenReturn(principalHolder);
when(sessionFactory.getOrCreateSession(any())).thenReturn(sessionMock);
when(sessionMock.getAttribute(SECURITY_TOKEN_KEY)).thenReturn(principalHolder);
when(contextPolicyManager.getSessionAccess()).thenReturn(true);
}
Also used :
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SubjectImpl(ddf.security.impl.SubjectImpl)
PrincipalHolder(ddf.security.common.PrincipalHolder)
Before(org.junit.Before)
Aggregations
SubjectImpl (ddf.security.impl.SubjectImpl)3
SecurityServiceException (ddf.security.service.SecurityServiceException)2
SimpleSession (org.apache.shiro.session.mgt.SimpleSession)2
Subject (ddf.security.Subject)1
SecurityAssertion (ddf.security.assertion.SecurityAssertion)1
PrincipalHolder (ddf.security.common.PrincipalHolder)1
AuthenticationException (org.apache.shiro.authc.AuthenticationException)1
AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)1
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)1
UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)1
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)1
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)1
SessionToken (org.codice.ddf.security.handler.SessionToken)1
Before (org.junit.Before)1
