Example 26 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class IdpEndpointTest method testFailedLogin.
@Test
public void testFailedLogin() throws SecurityServiceException {
String samlRequest = authNRequestGet;
HttpServletRequest request = mock(HttpServletRequest.class);
SecurityManager securityManager = mock(SecurityManager.class);
when(securityManager.getSubject(anyObject())).thenThrow(new SecurityServiceException("test"));
idpEndpoint.setSecurityManager(securityManager);
when(request.isSecure()).thenReturn(true);
when(request.getRequestURL()).thenReturn(requestURL);
when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
Response response = idpEndpoint.processLogin(samlRequest, relayState, Idp.GUEST, signatureAlgorithm, signature, SamlProtocol.REDIRECT_BINDING, request);
assertThat(response.getStatus(), is(401));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Response(javax.ws.rs.core.Response)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityManager(ddf.security.service.SecurityManager)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Example 27 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class IdpEndpointTest method testLoginForceAuthnCookie.
@Test
public void testLoginForceAuthnCookie() throws SecurityServiceException, WSSecurityException, IOException {
String samlRequest = RestSecurity.deflateAndBase64Encode(authNRequestGetForce);
HttpServletRequest request = mock(HttpServletRequest.class);
Cookie cookie = mock(Cookie.class);
SecurityManager securityManager = mock(SecurityManager.class);
when(securityManager.getSubject(anyObject())).thenThrow(new SecurityServiceException("test"));
idpEndpoint.setSecurityManager(securityManager);
idpEndpoint.setStrictSignature(false);
when(request.isSecure()).thenReturn(true);
when(request.getRequestURL()).thenReturn(requestURL);
when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
when(request.getCookies()).thenReturn(new Cookie[] { cookie });
when(cookie.getName()).thenReturn(IdpEndpoint.COOKIE);
when(cookie.getValue()).thenReturn("1");
Response response = idpEndpoint.showGetLogin(samlRequest, relayState, signatureAlgorithm, signature, request);
assertThat(response.getEntity().toString(), containsString("<title>Login</title>"));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Cookie(javax.servlet.http.Cookie)
Response(javax.ws.rs.core.Response)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityManager(ddf.security.service.SecurityManager)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Example 28 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class IdpEndpointTest method testPassiveLoginPkiFail.
@Test
public void testPassiveLoginPkiFail() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException {
String samlRequest = authNRequestPassivePkiGet;
HttpServletRequest request = mock(HttpServletRequest.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
SecurityManager securityManager = mock(SecurityManager.class);
when(securityManager.getSubject(anyObject())).thenThrow(new SecurityServiceException("test"));
idpEndpoint.setSecurityManager(securityManager);
idpEndpoint.setStrictSignature(false);
when(request.isSecure()).thenReturn(true);
when(request.getRequestURL()).thenReturn(requestURL);
when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
//dummy cert
when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)).thenReturn(new X509Certificate[] { x509Certificate });
when(x509Certificate.getEncoded()).thenReturn(new byte[48]);
Response response = idpEndpoint.showGetLogin(samlRequest, relayState, signatureAlgorithm, signature, request);
String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse=", "&RelayState");
responseStr = URLDecoder.decode(responseStr, "UTF-8");
responseStr = RestSecurity.inflateBase64(responseStr);
//the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp
assertThat(responseStr, containsString("status:AuthnFailed"));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Response(javax.ws.rs.core.Response)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityManager(ddf.security.service.SecurityManager)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Matchers.anyString(org.mockito.Matchers.anyString)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 29 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class AuthenticationEndpoint method login.
@POST
public Response login(@Context HttpServletRequest request, @FormParam("username") String username, @FormParam("password") String password, @FormParam("prevurl") String prevurl) throws SecurityServiceException {
// Make sure we're using HTTPS
if (!request.isSecure()) {
throw new IllegalArgumentException("Authentication request must use TLS.");
}
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
// Get the realm from the previous url
String realm = BaseAuthenticationToken.DEFAULT_REALM;
ContextPolicy policy = contextPolicyManager.getContextPolicy(prevurl);
if (policy != null) {
realm = policy.getRealm();
}
// Create an authentication token
UPAuthenticationToken authenticationToken = new UPAuthenticationToken(username, password, realm);
// Authenticate
Subject subject = securityManager.getSubject(authenticationToken);
if (subject == null) {
throw new SecurityServiceException("Authentication failed");
}
for (Object principal : subject.getPrincipals()) {
if (principal instanceof SecurityAssertion) {
SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
if (securityToken == null) {
LOGGER.debug("Cannot add null security token to session");
continue;
}
// Create a session and add the security token
session = sessionFactory.getOrCreateSession(request);
SecurityTokenHolder holder = (SecurityTokenHolder) session.getAttribute(SecurityConstants.SAML_ASSERTION);
holder.addSecurityToken(realm, securityToken);
}
}
// Redirect to the previous url
URI redirect = uriInfo.getBaseUriBuilder().replacePath(prevurl).build();
return Response.seeOther(redirect).build();
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityTokenHolder(ddf.security.common.SecurityTokenHolder)
HttpSession(javax.servlet.http.HttpSession)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
URI(java.net.URI)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
Subject(ddf.security.Subject)
POST(javax.ws.rs.POST)
Example 30 with SecurityServiceException
use of ddf.security.service.SecurityServiceException in project ddf by codice.
the class WfsSource method getCapabilities.
private WFSCapabilitiesType getCapabilities() throws SecurityServiceException {
WFSCapabilitiesType capabilities = null;
Wfs wfs = factory.getClient();
try {
capabilities = wfs.getCapabilities(new GetCapabilitiesRequest());
} catch (WfsException wfse) {
LOGGER.info(WFS_ERROR_MESSAGE + " Received HTTP code '{}' from server for source with id='{}'", wfse.getHttpStatus(), getId());
LOGGER.debug(WFS_ERROR_MESSAGE, wfse);
} catch (WebApplicationException wae) {
LOGGER.debug(handleWebApplicationException(wae), wae);
} catch (Exception e) {
handleClientException(e);
}
return capabilities;
}
Also used :
WFSCapabilitiesType(net.opengis.wfs.v_2_0_0.WFSCapabilitiesType)
GetCapabilitiesRequest(org.codice.ddf.spatial.ogc.wfs.v2_0_0.catalog.common.GetCapabilitiesRequest)
WebApplicationException(javax.ws.rs.WebApplicationException)
Wfs(org.codice.ddf.spatial.ogc.wfs.v2_0_0.catalog.common.Wfs)
WfsException(org.codice.ddf.spatial.ogc.wfs.catalog.common.WfsException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
ResourceNotFoundException(ddf.catalog.resource.ResourceNotFoundException)
WebApplicationException(javax.ws.rs.WebApplicationException)
SecurityServiceException(ddf.security.service.SecurityServiceException)
ConnectException(java.net.ConnectException)
IOException(java.io.IOException)
UnsupportedQueryException(ddf.catalog.source.UnsupportedQueryException)
WfsException(org.codice.ddf.spatial.ogc.wfs.catalog.common.WfsException)
InvalidSyntaxException(org.osgi.framework.InvalidSyntaxException)
JAXBException(javax.xml.bind.JAXBException)
CatalogTransformerException(ddf.catalog.transform.CatalogTransformerException)
ResourceNotSupportedException(ddf.catalog.resource.ResourceNotSupportedException)
Aggregations
SecurityServiceException (ddf.security.service.SecurityServiceException)34
Subject (ddf.security.Subject)11
SecurityManager (ddf.security.service.SecurityManager)9
Test (org.junit.Test)9
IOException (java.io.IOException)8
InvocationTargetException (java.lang.reflect.InvocationTargetException)8
X509Certificate (java.security.cert.X509Certificate)6
Response (javax.ws.rs.core.Response)6
SecurityAssertion (ddf.security.assertion.SecurityAssertion)5
HashMap (java.util.HashMap)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
Matchers.containsString (org.hamcrest.Matchers.containsString)5
Matchers.anyString (org.mockito.Matchers.anyString)5
CatalogTransformerException (ddf.catalog.transform.CatalogTransformerException)4
Serializable (java.io.Serializable)4
ServletException (javax.servlet.ServletException)4
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)4
Metacard (ddf.catalog.data.Metacard)3
Result (ddf.catalog.data.Result)3
