Examples with PrimaryPrincipal - org.apache.knox.gateway.security.PrimaryPrincipal

Example 41 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class AbstractPreAuthFederationFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String principal = getPrimaryPrincipal(httpRequest);
    if (principal != null) {
        if (PreAuthService.validate(httpRequest, filterConfig, validators)) {
            Subject subject = new Subject();
            subject.getPrincipals().add(new PrimaryPrincipal(principal));
            addGroupPrincipals(httpRequest, subject.getPrincipals());
            // KM: Audit Fix
            auditService.getContext().setUsername(principal);
            String sourceUri = (String) request.getAttribute(AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME);
            auditor.audit(Action.AUTHENTICATION, sourceUri, ResourceType.URI, ActionOutcome.SUCCESS);
            doAs(httpRequest, response, chain, subject);
        } else {
            // TODO: log preauthenticated SSO validation failure
            ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN, "SSO Validation Failure.");
        }
    } else {
        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN, "Missing Required Header for PreAuth SSO Federation");
    }
}

Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) Subject(javax.security.auth.Subject)

Example 42 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class HadoopAuthPostFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String principal = httpRequest.getRemoteUser();
    if (principal != null) {
        Subject subject = new Subject();
        subject.getPrincipals().add(new PrimaryPrincipal(principal));
        log.hadoopAuthAssertedPrincipal(principal);
        // KM: Audit Fix
        auditService.getContext().setUsername(principal);
        String sourceUri = (String) request.getAttribute(AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME);
        auditor.audit(Action.AUTHENTICATION, sourceUri, ResourceType.URI, ActionOutcome.SUCCESS);
        doAs(httpRequest, response, chain, subject);
    } else {
        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN, "User not authenticated");
    }
}

Aggregations

PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)42 Subject (javax.security.auth.Subject)30 Test (org.junit.Test)30 HttpServletRequest (javax.servlet.http.HttpServletRequest)19 ServletContext (javax.servlet.ServletContext)18 FilterConfig (javax.servlet.FilterConfig)17 HttpServletResponse (javax.servlet.http.HttpServletResponse)17 GroupPrincipal (org.apache.knox.gateway.security.GroupPrincipal)16 Principal (java.security.Principal)13 ServletException (javax.servlet.ServletException)12 SignedJWT (com.nimbusds.jwt.SignedJWT)10 Properties (java.util.Properties)10 Date (java.util.Date)9 ImpersonatedPrincipal (org.apache.knox.gateway.security.ImpersonatedPrincipal)4 HashSet (java.util.HashSet)3 IOException (java.io.IOException)2 PrintWriter (java.io.PrintWriter)2 StringWriter (java.io.StringWriter)2 URISyntaxException (java.net.URISyntaxException)2 PrivilegedActionException (java.security.PrivilegedActionException)2