Examples with SecurityServiceException ddf.security.service.SecurityServiceException used on opensource projects

Example 31 with SecurityServiceException

use of ddf.security.service.SecurityServiceException in project ddf by codice.

the class Security method getSystemSubject.

/**
     * Gets the {@link Subject} associated with this system. Uses a cached subject since the subject
     * will not change between calls.
     *
     * @return system's {@link Subject}
     */
public synchronized Subject getSystemSubject() {
    if (!javaSubjectHasAdminRole()) {
        SecurityLogger.audit("Unable to retrieve system subject.");
        return null;
    }
    if (!tokenAboutToExpire(cachedSystemSubject)) {
        return cachedSystemSubject;
    }
    KeyStore keyStore = getSystemKeyStore();
    String alias = null;
    Certificate cert = null;
    try {
        if (keyStore != null) {
            if (keyStore.size() == 1) {
                alias = keyStore.aliases().nextElement();
            } else if (keyStore.size() > 1) {
                alias = getCertificateAlias();
            }
            cert = keyStore.getCertificate(alias);
        }
    } catch (KeyStoreException e) {
        LOGGER.warn("Unable to get certificate for alias [{}]", alias, e);
        return null;
    }
    if (cert == null) {
        LOGGER.warn("Unable to get certificate for alias [{}]", alias);
        return null;
    }
    PKIAuthenticationTokenFactory pkiTokenFactory = createPKITokenFactory();
    PKIAuthenticationToken pkiToken = pkiTokenFactory.getTokenFromCerts(new X509Certificate[] { (X509Certificate) cert }, PKIAuthenticationToken.DEFAULT_REALM);
    if (pkiToken != null) {
        SecurityManager securityManager = getSecurityManager();
        if (securityManager != null) {
            try {
                cachedSystemSubject = securityManager.getSubject(pkiToken);
            } catch (SecurityServiceException sse) {
                LOGGER.warn("Unable to request subject for system user.", sse);
            }
        }
    }
    return cachedSystemSubject;
}

Example 32 with SecurityServiceException

use of ddf.security.service.SecurityServiceException in project ddf by codice.

the class Security method runWithSubjectOrElevate.

/**
     * Runs the {@link Callable} in the current thread as the current security framework's
     * {@link Subject}. If the security framework's {@link Subject} is not currently set and
     * the Java Subject contains the admin role, elevates and runs the {@link Callable} as the
     * system {@link Subject}.
     *
     * @param codeToRun code to run
     * @param <T>       type of the returned value
     * @return value returned by the {@link Callable}
     * @throws SecurityServiceException  if the current subject didn' have enough permissions to run
     *                                   the code
     * @throws InvocationTargetException wraps any exception thrown by {@link Callable#call()}.
     *                                   {@link Callable} exception can be retrieved using the
     *                                   {@link InvocationTargetException#getCause()}.
     */
public <T> T runWithSubjectOrElevate(@NotNull Callable<T> codeToRun) throws SecurityServiceException, InvocationTargetException {
    notNull(codeToRun, "Callable cannot be null");
    try {
        try {
            org.apache.shiro.subject.Subject subject = org.apache.shiro.SecurityUtils.getSubject();
            return subject.execute(codeToRun);
        } catch (IllegalStateException | UnavailableSecurityManagerException e) {
            LOGGER.debug("No shiro subject available for running command, trying with Java Subject");
        }
        Subject subject = getSystemSubject();
        if (subject == null) {
            SecurityLogger.audit(INSUFFICIENT_PERMISSIONS_ERROR);
            throw new SecurityServiceException(INSUFFICIENT_PERMISSIONS_ERROR);
        }
        SecurityLogger.auditWarn("Elevating current user permissions to use System subject");
        return subject.execute(codeToRun);
    } catch (ExecutionException e) {
        throw new InvocationTargetException(e.getCause());
    }
}

Example 33 with SecurityServiceException

use of ddf.security.service.SecurityServiceException in project ddf by codice.

the class Security method getGuestSubject.

/**
     * Gets the guest {@link Subject} associated with the specified IP. Uses a cached subject when possible since the subject
     * will not change between calls.
     *
     * @return system's {@link Subject}
     */
public Subject getGuestSubject(String ipAddress) {
    Subject subject = null;
    GuestAuthenticationToken token = new GuestAuthenticationToken(BaseAuthenticationToken.DEFAULT_REALM, ipAddress);
    LOGGER.debug("Getting new Guest user token for {}", ipAddress);
    try {
        SecurityManager securityManager = getSecurityManager();
        if (securityManager != null) {
            subject = securityManager.getSubject(token);
        }
    } catch (SecurityServiceException sse) {
        LOGGER.info("Unable to request subject for guest user.", sse);
    }
    return subject;
}

Example 34 with SecurityServiceException

use of ddf.security.service.SecurityServiceException in project ddf by codice.

the class SecurityTest method testGetSubjectInvalidUsernamePassword.

@Test
public void testGetSubjectInvalidUsernamePassword() throws Exception {
    SecurityManager sm = mock(SecurityManager.class);
    when(sm.getSubject(any())).thenThrow(new SecurityServiceException("Error"));
    configureMockForSecurityManager(sm);
    Subject subject = security.getSubject("username", "password");
    assertThat(subject, is(equalTo(null)));
}