Search in sources :

Example 6 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class AbstractJWTFilterTest method testNoAudienceConfigured.

@Test
public void testNoAudienceConfigured() throws Exception {
    try {
        Properties props = getProperties();
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", null, new Date(new Date().getTime() + 5000), new Date(), privateKey, "RS256");
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        setTokenOnRequest(request, jwt);
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
        Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
        Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
        Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Example 7 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class AbstractJWTFilterTest method testRS512SignatureAlgorithm.

@Test
public void testRS512SignatureAlgorithm() throws Exception {
    try {
        Properties props = getProperties();
        props.put(AbstractJWTFilter.JWT_EXPECTED_SIGALG, "RS512");
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), new Date(), privateKey, JWSAlgorithm.RS512.getName());
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        setTokenOnRequest(request, jwt);
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
        Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
        Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
        Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Example 8 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class AbstractJWTFilterTest method testValidIssuerViaConfig.

@Test
public void testValidIssuerViaConfig() throws Exception {
    try {
        Properties props = getProperties();
        props.setProperty(AbstractJWTFilter.JWT_EXPECTED_ISSUER, "new-issuer");
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT("new-issuer", "alice", new Date(new Date().getTime() + 5000), privateKey);
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        setTokenOnRequest(request, jwt);
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
        Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
        Assert.assertTrue("No PrimaryPrincipal", principals.size() > 0);
        Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Example 9 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class SSOCookieProviderTest method testCustomCookieNameJWT.

@Test
public void testCustomCookieNameJWT() throws Exception {
    try {
        Properties props = getProperties();
        props.put("sso.cookie.name", "jowt");
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), privateKey);
        Cookie cookie = new Cookie("jowt", jwt.serialize());
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        EasyMock.expect(request.getCookies()).andReturn(new Cookie[] { cookie });
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
        Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
        Assert.assertTrue("No PrimaryPrincipal returned.", !principals.isEmpty());
        Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : Cookie(javax.servlet.http.Cookie) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Example 10 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class Pac4jIdentityAdapter method doFilter.

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
    final HttpServletRequest request = (HttpServletRequest) servletRequest;
    final HttpServletResponse response = (HttpServletResponse) servletResponse;
    final J2EContext context = new J2EContext(request, response, ((Config) request.getAttribute(PAC4J_CONFIG)).getSessionStore());
    final ProfileManager<CommonProfile> manager = new ProfileManager<CommonProfile>(context);
    final Optional<CommonProfile> optional = manager.get(true);
    if (optional.isPresent()) {
        CommonProfile profile = optional.get();
        logger.debug("User authenticated as: {}", profile);
        manager.remove(true);
        String id = null;
        if (idAttribute != null) {
            Object attribute = profile.getAttribute(idAttribute);
            if (attribute != null) {
                id = attribute.toString();
            }
            if (id == null) {
                logger.error("Invalid attribute_id: {} configured to be used as principal" + " falling back to default id", idAttribute);
            }
        }
        if (id == null) {
            id = profile.getId();
        }
        testIdentifier = id;
        PrimaryPrincipal pp = new PrimaryPrincipal(id);
        Subject subject = new Subject();
        subject.getPrincipals().add(pp);
        auditService.getContext().setUsername(id);
        String sourceUri = (String) request.getAttribute(AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME);
        auditor.audit(Action.AUTHENTICATION, sourceUri, ResourceType.URI, ActionOutcome.SUCCESS);
        doAs(request, response, chain, subject);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ProfileManager(org.pac4j.core.profile.ProfileManager) CommonProfile(org.pac4j.core.profile.CommonProfile) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) J2EContext(org.pac4j.core.context.J2EContext) Subject(javax.security.auth.Subject)

Aggregations

PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)42 Subject (javax.security.auth.Subject)30 Test (org.junit.Test)30 HttpServletRequest (javax.servlet.http.HttpServletRequest)19 ServletContext (javax.servlet.ServletContext)18 FilterConfig (javax.servlet.FilterConfig)17 HttpServletResponse (javax.servlet.http.HttpServletResponse)17 GroupPrincipal (org.apache.knox.gateway.security.GroupPrincipal)16 Principal (java.security.Principal)13 ServletException (javax.servlet.ServletException)12 SignedJWT (com.nimbusds.jwt.SignedJWT)10 Properties (java.util.Properties)10 Date (java.util.Date)9 ImpersonatedPrincipal (org.apache.knox.gateway.security.ImpersonatedPrincipal)4 HashSet (java.util.HashSet)3 IOException (java.io.IOException)2 PrintWriter (java.io.PrintWriter)2 StringWriter (java.io.StringWriter)2 URISyntaxException (java.net.URISyntaxException)2 PrivilegedActionException (java.security.PrivilegedActionException)2