Example 1 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class SubjectCommandsTest method doExecuteWhenRunWithSubjectOrElevateThrowsSecurityServiceException.
@Test
public void doExecuteWhenRunWithSubjectOrElevateThrowsSecurityServiceException() throws Exception {
when(security.runWithSubjectOrElevate(any(Callable.class))).thenThrow(new SecurityServiceException(ERROR));
subjectCommands.execute();
assertThat(consoleOutput.getOutput(), containsString(ERROR));
}
Also used :
SecurityServiceException(ddf.security.service.SecurityServiceException)
Callable(java.util.concurrent.Callable)
Test(org.junit.Test)
Example 2 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class IdpEndpoint method handleLogin.
protected org.opensaml.saml.saml2.core.Response handleLogin(AuthnRequest authnRequest, String authMethod, HttpServletRequest request, AuthObj authObj, boolean passive, boolean hasCookie) throws SecurityServiceException, WSSecurityException, SimpleSign.SignatureException, ConstraintViolationException {
LOGGER.debug("Performing login for user. passive: {}, cookie: {}", passive, hasCookie);
BaseAuthenticationToken token = null;
request.setAttribute(ContextPolicy.ACTIVE_REALM, BaseAuthenticationToken.ALL_REALM);
if (PKI.equals(authMethod)) {
LOGGER.debug("Logging user in via PKI.");
PKIHandler pkiHandler = new PKIHandler();
pkiHandler.setTokenFactory(tokenFactory);
try {
HandlerResult handlerResult = pkiHandler.getNormalizedToken(request, null, null, false);
if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
token = handlerResult.getToken();
}
} catch (ServletException e) {
LOGGER.info("Encountered an exception while checking for PKI auth info.", e);
}
} else if (USER_PASS.equals(authMethod)) {
LOGGER.debug("Logging user in via BASIC auth.");
if (authObj != null && authObj.username != null && authObj.password != null) {
token = new UPAuthenticationToken(authObj.username, authObj.password, BaseAuthenticationToken.ALL_REALM);
} else {
BasicAuthenticationHandler basicAuthenticationHandler = new BasicAuthenticationHandler();
HandlerResult handlerResult = basicAuthenticationHandler.getNormalizedToken(request, null, null, false);
if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
token = handlerResult.getToken();
}
}
} else if (SAML.equals(authMethod)) {
LOGGER.debug("Logging user in via SAML assertion.");
token = new SAMLAuthenticationToken(null, authObj.assertion, BaseAuthenticationToken.ALL_REALM);
} else if (GUEST.equals(authMethod) && guestAccess) {
LOGGER.debug("Logging user in as Guest.");
token = new GuestAuthenticationToken(BaseAuthenticationToken.ALL_REALM, request.getRemoteAddr());
} else {
throw new IllegalArgumentException("Auth method is not supported.");
}
org.w3c.dom.Element samlToken = null;
String statusCode;
if (hasCookie) {
samlToken = getSamlAssertion(request);
statusCode = StatusCode.SUCCESS;
} else {
try {
statusCode = StatusCode.AUTHN_FAILED;
Subject subject = securityManager.getSubject(token);
for (Object principal : subject.getPrincipals().asList()) {
if (principal instanceof SecurityAssertion) {
SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
samlToken = securityToken.getToken();
}
}
if (samlToken != null) {
statusCode = StatusCode.SUCCESS;
}
} catch (SecurityServiceException e) {
if (!passive) {
throw e;
} else {
statusCode = StatusCode.AUTHN_FAILED;
}
}
}
LOGGER.debug("User log in successful.");
return SamlProtocol.createResponse(SamlProtocol.createIssuer(SystemBaseUrl.constructUrl("/idp/login", true)), SamlProtocol.createStatus(statusCode), authnRequest.getID(), samlToken);
}
Also used :
SecurityServiceException(ddf.security.service.SecurityServiceException)
GuestAuthenticationToken(org.codice.ddf.security.handler.api.GuestAuthenticationToken)
PKIHandler(org.codice.ddf.security.handler.pki.PKIHandler)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken)
Subject(ddf.security.Subject)
ServletException(javax.servlet.ServletException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Element(org.w3c.dom.Element)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
BasicAuthenticationHandler(org.codice.ddf.security.handler.basic.BasicAuthenticationHandler)
SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject)
SignableXMLObject(org.opensaml.xmlsec.signature.SignableXMLObject)
XMLObject(org.opensaml.core.xml.XMLObject)
Example 3 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class IdpEndpoint method doSoapLogin.
@POST
@Path("/login")
@Consumes({ "text/xml", "application/soap+xml" })
public Response doSoapLogin(InputStream body, @Context HttpServletRequest request) {
if (!request.isSecure()) {
throw new IllegalArgumentException("Authn Request must use TLS.");
}
SoapBinding soapBinding = new SoapBinding(systemCrypto, serviceProviders);
try {
String bodyStr = IOUtils.toString(body);
AuthnRequest authnRequest = soapBinding.decoder().decodeRequest(bodyStr);
String relayState = ((SoapRequestDecoder) soapBinding.decoder()).decodeRelayState(bodyStr);
soapBinding.validator().validateRelayState(relayState);
soapBinding.validator().validateAuthnRequest(authnRequest, bodyStr, null, null, null, strictSignature);
boolean hasCookie = hasValidCookie(request, authnRequest.isForceAuthn());
AuthObj authObj = determineAuthMethod(bodyStr, authnRequest);
org.opensaml.saml.saml2.core.Response response = handleLogin(authnRequest, authObj.method, request, authObj, authnRequest.isPassive(), hasCookie);
Response samlpResponse = soapBinding.creator().getSamlpResponse(relayState, authnRequest, response, null, soapMessage);
samlpResponse.getHeaders().put("SOAPAction", Collections.singletonList("http://www.oasis-open.org/committees/security"));
return samlpResponse;
} catch (IOException e) {
LOGGER.debug("Unable to decode SOAP AuthN Request", e);
} catch (SimpleSign.SignatureException e) {
LOGGER.debug("Unable to validate signature.", e);
} catch (ValidationException e) {
LOGGER.debug("Unable to validate request.", e);
} catch (SecurityServiceException e) {
LOGGER.debug("Unable to authenticate user.", e);
} catch (WSSecurityException | IllegalArgumentException e) {
LOGGER.debug("Bad request.", e);
}
return null;
}
Also used :
SecurityServiceException(ddf.security.service.SecurityServiceException)
ValidationException(ddf.security.samlp.ValidationException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SoapRequestDecoder(org.codice.ddf.security.idp.binding.soap.SoapRequestDecoder)
IOException(java.io.IOException)
SoapBinding(org.codice.ddf.security.idp.binding.soap.SoapBinding)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(javax.ws.rs.core.Response)
SimpleSign(ddf.security.samlp.SimpleSign)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Example 4 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class SecurityTest method testRunWithSubjectOrElevateWhenUserSubjectExistsAndCallableThrowsException.
@Test
public void testRunWithSubjectOrElevateWhenUserSubjectExistsAndCallableThrowsException() throws Exception {
when(SecurityUtils.getSubject()).thenReturn(shiroSubject);
when(shiroSubject.execute(callable)).thenThrow(new ExecutionException(new UnsupportedOperationException()));
try {
security.runWithSubjectOrElevate(callable);
fail("InvocationTargetException expected");
} catch (SecurityServiceException e) {
throw e;
} catch (InvocationTargetException e) {
assertThat(e.getCause(), is(instanceOf(UnsupportedOperationException.class)));
}
}
Also used :
SecurityServiceException(ddf.security.service.SecurityServiceException)
ExecutionException(org.apache.shiro.subject.ExecutionException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 5 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class ExportCommand method execute.
@Override
public Object execute() {
Path exportDirectory;
if (exportDirectoryArgument == null || exportDirectoryArgument.isEmpty()) {
exportDirectory = defaultExportDirectory;
} else {
exportDirectory = Paths.get(exportDirectoryArgument);
}
outputInfoMessage(String.format(STARTING_EXPORT_MESSAGE, exportDirectory));
try {
Collection<MigrationWarning> migrationWarnings = security.runWithSubjectOrElevate(() -> configurationMigrationService.export(exportDirectory));
if (migrationWarnings.isEmpty()) {
outputSuccessMessage(SUCCESSFUL_EXPORT_MESSAGE);
} else {
for (MigrationWarning migrationWarning : migrationWarnings) {
outputWarningMessage(migrationWarning.getMessage());
}
outputWarningMessage(String.format(FAILED_EXPORT_MESSAGE, exportDirectory));
}
} catch (SecurityServiceException e) {
outputErrorMessage(String.format(ERROR_EXPORT_MESSAGE, e.getMessage()));
} catch (InvocationTargetException e) {
outputErrorMessage(String.format(ERROR_EXPORT_MESSAGE, e.getCause().getMessage()));
}
return null;
}
Also used :
Path(java.nio.file.Path)
MigrationWarning(org.codice.ddf.migration.MigrationWarning)
SecurityServiceException(ddf.security.service.SecurityServiceException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Aggregations
SecurityServiceException (ddf.security.service.SecurityServiceException)34
Subject (ddf.security.Subject)11
SecurityManager (ddf.security.service.SecurityManager)9
Test (org.junit.Test)9
IOException (java.io.IOException)8
InvocationTargetException (java.lang.reflect.InvocationTargetException)8
X509Certificate (java.security.cert.X509Certificate)6
Response (javax.ws.rs.core.Response)6
SecurityAssertion (ddf.security.assertion.SecurityAssertion)5
HashMap (java.util.HashMap)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
Matchers.containsString (org.hamcrest.Matchers.containsString)5
Matchers.anyString (org.mockito.Matchers.anyString)5
CatalogTransformerException (ddf.catalog.transform.CatalogTransformerException)4
Serializable (java.io.Serializable)4
ServletException (javax.servlet.ServletException)4
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)4
Metacard (ddf.catalog.data.Metacard)3
Result (ddf.catalog.data.Result)3
