Examples with BasicPrincipal io.prestosql.spi.security.BasicPrincipal used on opensource projects

Example 1 with BasicPrincipal

use of io.prestosql.spi.security.BasicPrincipal in project hetu-core by openlookeng.

the class LdapAuthenticator method authenticate.

private Principal authenticate(String user, String password) {
    Map<String, String> environment = createEnvironment(user, password);
    DirContext context = null;
    try {
        context = createDirContext(environment);
        checkForGroupMembership(user, context);
        log.debug("Authentication successful for user [%s]", user);
        return new BasicPrincipal(user);
    } catch (AuthenticationException e) {
        log.debug("Authentication failed for user [%s]: %s", user, e.getMessage());
        throw new AccessDeniedException("Invalid credentials");
    } catch (NamingException e) {
        log.debug(e, "Authentication error for user [%s]", user);
        throw new RuntimeException("Authentication error");
    } finally {
        if (context != null) {
            closeContext(context);
        }
    }
}

Example 2 with BasicPrincipal

use of io.prestosql.spi.security.BasicPrincipal in project hetu-core by openlookeng.

the class AuthenticationFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain nextFilter) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    if (internalAuthenticationManager.isInternalRequest(request)) {
        Principal principal = internalAuthenticationManager.authenticateInternalRequest(request);
        if (principal == null) {
            response.sendError(SC_UNAUTHORIZED);
            return;
        }
        nextFilter.doFilter(withPrincipal(request, principal), response);
        return;
    }
    if (isWebUi(request)) {
        // asset files, vendor files and disable page are always visible
        if (isSkipAuth(request)) {
            nextFilter.doFilter(request, response);
            return;
        }
        Optional<String> authenticatedUser = uiAuthenticator.getAuthenticatedUsername(request);
        if (authenticatedUser.isPresent()) {
            // if the authenticated user is requesting the login page, send them directly to the ui
            if (request.getPathInfo().equals(UiAuthenticator.LOGIN_FORM)) {
                response.sendRedirect(UiAuthenticator.UI_LOCATION);
                return;
            }
            // authentication succeeded
            request.setAttribute(PRESTO_USER, authenticatedUser.get());
            nextFilter.doFilter(withPrincipal(request, new BasicPrincipal(authenticatedUser.get())), response);
            return;
        }
        AccessType accessType = getAccessType(request, authenticators, config);
        if (accessType.equals(AccessType.DISABLE)) {
            // redirect to disable page
            response.sendRedirect(UiAuthenticator.DISABLED_LOCATION);
            return;
        }
        // skip authentication for login/logout page
        if (isLoginLogout(request)) {
            nextFilter.doFilter(request, response);
            return;
        }
        if (accessType.equals(AccessType.REDIRECT)) {
            // redirect to login page
            URI redirectUri = UiAuthenticator.buildLoginFormURI(URI.create(request.getRequestURI()));
            response.sendRedirect(redirectUri.toString());
            return;
        }
    }
    // skip authentication if non-secure or not configured
    if (!request.isSecure() || authenticators.isEmpty()) {
        nextFilter.doFilter(request, response);
        return;
    }
    // try to authenticate, collecting errors and authentication headers
    Set<String> messages = new LinkedHashSet<>();
    Set<String> authenticateHeaders = new LinkedHashSet<>();
    for (Authenticator authenticator : authenticators) {
        AuthenticatedPrincipal authenticatedPrincipal;
        try {
            authenticatedPrincipal = authenticator.authenticate(request);
        } catch (AuthenticationException e) {
            if (e.getMessage() != null) {
                messages.add(e.getMessage());
            }
            e.getAuthenticateHeader().ifPresent(authenticateHeaders::add);
            continue;
        }
        // authentication succeeded
        request.setAttribute(PRESTO_USER, authenticatedPrincipal.getUser());
        nextFilter.doFilter(withPrincipal(request, authenticatedPrincipal.getPrincipal()), response);
        return;
    }
    // authentication failed
    skipRequestBody(request);
    for (String value : authenticateHeaders) {
        response.addHeader(WWW_AUTHENTICATE, value);
    }
    if (messages.isEmpty()) {
        messages.add("Unauthorized");
    }
    response.sendError(SC_UNAUTHORIZED, Joiner.on(" | ").join(messages));
}

Example 3 with BasicPrincipal

use of io.prestosql.spi.security.BasicPrincipal in project hetu-core by openlookeng.

the class JsonWebTokenAuthenticator method authenticate.

@Override
public AuthenticatedPrincipal authenticate(HttpServletRequest request) throws AuthenticationException {
    String header = nullToEmpty(request.getHeader(AUTHORIZATION));
    int space = header.indexOf(' ');
    if ((space < 0) || !header.substring(0, space).equalsIgnoreCase("bearer")) {
        throw needAuthentication(null);
    }
    String token = header.substring(space + 1).trim();
    if (token.isEmpty()) {
        throw needAuthentication(null);
    }
    try {
        Jws<Claims> claimsJws = jwtParser.parseClaimsJws(token);
        String subject = claimsJws.getBody().getSubject();
        String authenticatedUser = userMapping.mapUser(subject);
        return new AuthenticatedPrincipal(authenticatedUser, new BasicPrincipal(subject));
    } catch (JwtException | UserMappingException e) {
        throw needAuthentication(e.getMessage());
    } catch (RuntimeException e) {
        throw new RuntimeException("Authentication error", e);
    }
}