Example 16 with Account
use of io.undertow.security.idm.Account in project wildfly by wildfly.
the class DistributableSessionTestCase method removeAuthenticatedSessionAttribute.
@Test
public void removeAuthenticatedSessionAttribute() {
when(this.session.getMetaData()).thenReturn(this.metaData);
when(this.metaData.isNew()).thenReturn(false);
io.undertow.server.session.Session session = new DistributableSession(this.manager, this.session, this.config, this.batch, this.closeTask);
String name = CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession";
SessionManager<Map<String, Object>, Batch> manager = mock(SessionManager.class);
Batcher<Batch> batcher = mock(Batcher.class);
BatchContext context = mock(BatchContext.class);
SessionAttributes attributes = mock(SessionAttributes.class);
Account oldAccount = mock(Account.class);
AuthenticatedSession oldAuth = new AuthenticatedSession(oldAccount, HttpServletRequest.FORM_AUTH);
when(this.manager.getSessionManager()).thenReturn(manager);
when(manager.getBatcher()).thenReturn(batcher);
when(batcher.resumeBatch(this.batch)).thenReturn(context);
when(this.session.getAttributes()).thenReturn(attributes);
when(attributes.removeAttribute(same(name))).thenReturn(oldAuth);
AuthenticatedSession result = (AuthenticatedSession) session.removeAttribute(name);
assertSame(oldAccount, result.getAccount());
assertSame(HttpServletRequest.FORM_AUTH, result.getMechanism());
verify(context).close();
reset(context, attributes);
Map<String, Object> localContext = new HashMap<>();
AuthenticatedSession oldSession = new AuthenticatedSession(oldAccount, HttpServletRequest.BASIC_AUTH);
localContext.put(name, oldSession);
when(attributes.removeAttribute(same(name))).thenReturn(null);
when(this.session.getLocalContext()).thenReturn(localContext);
result = (AuthenticatedSession) session.removeAttribute(name);
assertSame(result, oldSession);
assertNull(localContext.get(name));
verify(context).close();
reset(context, attributes);
result = (AuthenticatedSession) session.removeAttribute(name);
assertNull(result);
verify(context).close();
verify(this.session, never()).close();
verify(this.closeTask, never()).accept(null);
reset(context);
doThrow(IllegalStateException.class).when(this.session).getAttributes();
assertThrows(IllegalStateException.class, () -> session.removeAttribute(name));
verify(context).close();
verify(this.session).close();
verify(this.closeTask).accept(null);
}
Also used :
Account(io.undertow.security.idm.Account)
AuthenticatedSession(io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession)
HashMap(java.util.HashMap)
BatchContext(org.wildfly.clustering.ee.BatchContext)
CachedAuthenticatedSessionHandler(io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler)
Batch(org.wildfly.clustering.ee.Batch)
SessionAttributes(org.wildfly.clustering.web.session.SessionAttributes)
OptionMap(org.xnio.OptionMap)
Map(java.util.Map)
HashMap(java.util.HashMap)
Test(org.junit.Test)
Example 17 with Account
use of io.undertow.security.idm.Account in project wildfly by wildfly.
the class DistributableSessionTestCase method getAuthenticatedSessionAttribute.
@Test
public void getAuthenticatedSessionAttribute() {
when(this.session.getMetaData()).thenReturn(this.metaData);
when(this.metaData.isNew()).thenReturn(false);
io.undertow.server.session.Session session = new DistributableSession(this.manager, this.session, this.config, this.batch, this.closeTask);
String name = CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession";
SessionManager<Map<String, Object>, Batch> manager = mock(SessionManager.class);
Batcher<Batch> batcher = mock(Batcher.class);
BatchContext context = mock(BatchContext.class);
SessionAttributes attributes = mock(SessionAttributes.class);
Account account = mock(Account.class);
AuthenticatedSession auth = new AuthenticatedSession(account, HttpServletRequest.FORM_AUTH);
when(this.manager.getSessionManager()).thenReturn(manager);
when(manager.getBatcher()).thenReturn(batcher);
when(batcher.resumeBatch(this.batch)).thenReturn(context);
when(this.session.getAttributes()).thenReturn(attributes);
when(attributes.getAttribute(name)).thenReturn(auth);
AuthenticatedSession result = (AuthenticatedSession) session.getAttribute(name);
assertSame(account, result.getAccount());
assertSame(HttpServletRequest.FORM_AUTH, result.getMechanism());
verify(context).close();
verify(this.session, never()).close();
verify(this.closeTask, never()).accept(null);
reset(context);
AuthenticatedSession expected = new AuthenticatedSession(account, HttpServletRequest.BASIC_AUTH);
Map<String, Object> localContext = Collections.singletonMap(name, expected);
when(attributes.getAttribute(name)).thenReturn(null);
when(this.session.getLocalContext()).thenReturn(localContext);
result = (AuthenticatedSession) session.getAttribute(name);
assertSame(expected, result);
verify(context).close();
verify(this.session, never()).close();
verify(this.closeTask, never()).accept(null);
reset(context);
doThrow(IllegalStateException.class).when(this.session).getAttributes();
assertThrows(IllegalStateException.class, () -> session.getAttribute(name));
verify(context).close();
verify(this.session).close();
verify(this.closeTask).accept(null);
}
Also used :
Account(io.undertow.security.idm.Account)
AuthenticatedSession(io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession)
BatchContext(org.wildfly.clustering.ee.BatchContext)
CachedAuthenticatedSessionHandler(io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler)
Batch(org.wildfly.clustering.ee.Batch)
SessionAttributes(org.wildfly.clustering.web.session.SessionAttributes)
OptionMap(org.xnio.OptionMap)
Map(java.util.Map)
HashMap(java.util.HashMap)
Test(org.junit.Test)
Example 18 with Account
use of io.undertow.security.idm.Account in project wildfly by wildfly.
the class JASPICAuthenticationMechanism method authenticate.
@Override
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext sc) {
exchange.putAttachment(AUTH_RUN, true);
final ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
final JASPIServerAuthenticationManager sam = createJASPIAuthenticationManager();
final GenericMessageInfo messageInfo = createMessageInfo(exchange, sc);
final String applicationIdentifier = buildApplicationIdentifier(requestContext);
final JASPICallbackHandler cbh = new JASPICallbackHandler();
exchange.putAttachment(JASPICContext.ATTACHMENT_KEY, new JASPICContext(messageInfo, sam, cbh));
UndertowLogger.ROOT_LOGGER.debugf("validateRequest for layer [%s] and applicationContextIdentifier [%s]", JASPI_HTTP_SERVLET_LAYER, applicationIdentifier);
Account cachedAccount = null;
final JASPICSecurityContext jaspicSecurityContext = (JASPICSecurityContext) exchange.getSecurityContext();
final AuthenticatedSessionManager sessionManager = exchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY);
if (sessionManager != null) {
AuthenticatedSessionManager.AuthenticatedSession authSession = sessionManager.lookupSession(exchange);
if (authSession != null) {
cachedAccount = authSession.getAccount();
// SAM modules via request.getUserPrincipal().
if (cachedAccount != null) {
jaspicSecurityContext.setCachedAuthenticatedAccount(cachedAccount);
}
}
}
AuthenticationMechanismOutcome outcome = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
Account authenticatedAccount = null;
boolean isValid = sam.isValid(messageInfo, new Subject(), JASPI_HTTP_SERVLET_LAYER, applicationIdentifier, cbh);
jaspicSecurityContext.setCachedAuthenticatedAccount(null);
if (isValid) {
// The CBH filled in the JBOSS SecurityContext, we need to create an Undertow account based on that
org.jboss.security.SecurityContext jbossSct = SecurityActions.getSecurityContext();
authenticatedAccount = createAccount(cachedAccount, jbossSct);
updateSubjectRoles(jbossSct);
}
// authType resolution (check message info first, then check for the configured auth method, then use mech-specific name).
String authType = (String) messageInfo.getMap().get(JASPI_AUTH_TYPE);
if (authType == null)
authType = this.configuredAuthMethod != null ? this.configuredAuthMethod : MECHANISM_NAME;
if (isValid && authenticatedAccount != null) {
outcome = AuthenticationMechanismOutcome.AUTHENTICATED;
Object registerObj = messageInfo.getMap().get(JASPI_REGISTER_SESSION);
boolean cache = false;
if (registerObj != null && (registerObj instanceof String)) {
cache = Boolean.valueOf((String) registerObj);
}
sc.authenticationComplete(authenticatedAccount, authType, cache);
} else if (isValid && authenticatedAccount == null && !isMandatory(requestContext)) {
outcome = AuthenticationMechanismOutcome.NOT_ATTEMPTED;
} else {
outcome = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
sc.authenticationFailed("JASPIC authentication failed.", authType);
// make sure we don't return status OK if the AuthException was thrown
if (wasAuthExceptionThrown(exchange) && !statusIndicatesError(exchange)) {
exchange.setResponseCode(DEFAULT_ERROR_CODE);
}
}
// A SAM can wrap the HTTP request/response objects - update the servlet request context with the values found in the message info.
ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
servletRequestContext.setServletRequest((HttpServletRequest) messageInfo.getRequestMessage());
servletRequestContext.setServletResponse((HttpServletResponse) messageInfo.getResponseMessage());
return outcome;
}
Also used :
Account(io.undertow.security.idm.Account)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
Subject(javax.security.auth.Subject)
GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)
AuthenticatedSessionManager(io.undertow.security.api.AuthenticatedSessionManager)
JASPICallbackHandler(org.jboss.security.auth.callback.JASPICallbackHandler)
JASPIServerAuthenticationManager(org.jboss.security.plugins.auth.JASPIServerAuthenticationManager)
Example 19 with Account
use of io.undertow.security.idm.Account in project wildfly by wildfly.
the class DistributableSingleSignOnManagerTestCase method createSingleSignOn.
@Test
public void createSingleSignOn() {
String id = "sso";
Batcher<Batch> batcher = mock(Batcher.class);
Batch batch = mock(Batch.class);
Account account = mock(Account.class);
String mechanism = HttpServletRequest.BASIC_AUTH;
SSO<AuthenticatedSession, String, String, Void> sso = mock(SSO.class);
ArgumentCaptor<AuthenticatedSession> authenticationCaptor = ArgumentCaptor.forClass(AuthenticatedSession.class);
when(this.manager.createIdentifier()).thenReturn(id);
when(this.manager.getBatcher()).thenReturn(batcher);
when(batcher.createBatch()).thenReturn(batch);
when(this.manager.createSSO(same(id), authenticationCaptor.capture())).thenReturn(sso);
SingleSignOn result = this.subject.createSingleSignOn(account, mechanism);
verify(batcher).suspendBatch();
assertNotNull(result);
AuthenticatedSession capturedAuthentication = authenticationCaptor.getValue();
assertNotNull(capturedAuthentication);
assertSame(capturedAuthentication.getAccount(), account);
assertSame(capturedAuthentication.getMechanism(), mechanism);
}
Also used :
Account(io.undertow.security.idm.Account)
AuthenticatedSession(io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession)
Batch(org.wildfly.clustering.ee.Batch)
SingleSignOn(io.undertow.security.impl.SingleSignOn)
Test(org.junit.Test)
Example 20 with Account
use of io.undertow.security.idm.Account in project wildfly by wildfly.
the class DistributableSingleSignOnTestCase method getMechanismName.
@Test
public void getMechanismName() {
BatchContext context = mock(BatchContext.class);
Account account = mock(Account.class);
String mechanism = HttpServletRequest.CLIENT_CERT_AUTH;
AuthenticatedSession authentication = new AuthenticatedSession(account, mechanism);
when(this.batcher.resumeBatch(this.batch)).thenReturn(context);
when(this.sso.getAuthentication()).thenReturn(authentication);
String result = this.subject.getMechanismName();
assertEquals(HttpServletRequest.CLIENT_CERT_AUTH, result);
verifyZeroInteractions(this.batch);
verify(context).close();
}
Also used :
Account(io.undertow.security.idm.Account)
AuthenticatedSession(io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession)
BatchContext(org.wildfly.clustering.ee.BatchContext)
Test(org.junit.Test)
Aggregations
Account (io.undertow.security.idm.Account)28
IdentityManager (io.undertow.security.idm.IdentityManager)8
AuthenticatedSession (io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession)6
Test (org.junit.Test)6
PasswordCredential (io.undertow.security.idm.PasswordCredential)5
HashMap (java.util.HashMap)5
BatchContext (org.wildfly.clustering.ee.BatchContext)5
SecurityContext (io.undertow.security.api.SecurityContext)4
ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)4
CachedAuthenticatedSessionHandler (io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler)4
Map (java.util.Map)4
Batch (org.wildfly.clustering.ee.Batch)4
Credential (io.undertow.security.idm.Credential)3
IOException (java.io.IOException)3
AuthenticatedSessionManager (io.undertow.security.api.AuthenticatedSessionManager)2
DigestAlgorithm (io.undertow.security.idm.DigestAlgorithm)2
Session (io.undertow.server.session.Session)2
HttpString (io.undertow.util.HttpString)2
ByteBuffer (java.nio.ByteBuffer)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
