Example 36 with PrimaryPrincipal
use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.
the class AbstractJWTFilter method createSubjectFromToken.
protected Subject createSubjectFromToken(JWT token) {
final String principal = token.getSubject();
@SuppressWarnings("rawtypes") HashSet emptySet = new HashSet();
Set<Principal> principals = new HashSet<>();
Principal p = new PrimaryPrincipal(principal);
principals.add(p);
// The newly constructed Sets check whether this Subject has been set read-only
// before permitting subsequent modifications. The newly created Sets also prevent
// illegal modifications by ensuring that callers have sufficient permissions.
//
// To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals").
// To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials").
// To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").
javax.security.auth.Subject subject = new javax.security.auth.Subject(true, principals, emptySet, emptySet);
return subject;
}
Also used :
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
Principal(java.security.Principal)
Subject(javax.security.auth.Subject)
Subject(javax.security.auth.Subject)
HashSet(java.util.HashSet)
Example 37 with PrimaryPrincipal
use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.
the class AbstractJWTFilterTest method testValidVerificationPEM.
@Test
public void testValidVerificationPEM() throws Exception {
try {
Properties props = getProperties();
// System.out.println("+" + pem + "+");
props.put(getAudienceProperty(), "bar");
props.put("sso.authentication.provider.url", "https://localhost:8443/gateway/knoxsso/api/v1/websso");
props.put(getVerificationPemProperty(), pem);
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 50000), privateKey);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Properties(java.util.Properties)
Date(java.util.Date)
Test(org.junit.Test)
Example 38 with PrimaryPrincipal
use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.
the class AbstractJWTFilterTest method testValidJWT.
@Test
public void testValidJWT() throws Exception {
try {
Properties props = getProperties();
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), privateKey);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Properties(java.util.Properties)
Date(java.util.Date)
Test(org.junit.Test)
Example 39 with PrimaryPrincipal
use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.
the class AbstractJWTFilterTest method testValidJWTNoExpiration.
@Test
public void testValidJWTNoExpiration() throws Exception {
try {
Properties props = getProperties();
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", null, privateKey);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL).anyTimes();
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Properties(java.util.Properties)
Test(org.junit.Test)
Example 40 with PrimaryPrincipal
use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.
the class AbstractJWTFilterTest method testEmptyAudienceConfigured.
@Test
public void testEmptyAudienceConfigured() throws Exception {
try {
Properties props = getProperties();
props.put(getAudienceProperty(), "");
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", null, new Date(new Date().getTime() + 5000), new Date(), privateKey, "RS256");
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Properties(java.util.Properties)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)42
Subject (javax.security.auth.Subject)30
Test (org.junit.Test)30
HttpServletRequest (javax.servlet.http.HttpServletRequest)19
ServletContext (javax.servlet.ServletContext)18
FilterConfig (javax.servlet.FilterConfig)17
HttpServletResponse (javax.servlet.http.HttpServletResponse)17
GroupPrincipal (org.apache.knox.gateway.security.GroupPrincipal)16
Principal (java.security.Principal)13
ServletException (javax.servlet.ServletException)12
SignedJWT (com.nimbusds.jwt.SignedJWT)10
Properties (java.util.Properties)10
Date (java.util.Date)9
ImpersonatedPrincipal (org.apache.knox.gateway.security.ImpersonatedPrincipal)4
HashSet (java.util.HashSet)3
IOException (java.io.IOException)2
PrintWriter (java.io.PrintWriter)2
StringWriter (java.io.StringWriter)2
URISyntaxException (java.net.URISyntaxException)2
PrivilegedActionException (java.security.PrivilegedActionException)2
