use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.
the class OAuth2InteractiveAuthenticatorTest method createMockOAuth2AuthenticationProvider.
private OAuth2AuthenticationProvider<?> createMockOAuth2AuthenticationProvider(final HttpPort mockPort) throws URISyntaxException {
OAuth2AuthenticationProvider authenticationProvider = mock(OAuth2AuthenticationProvider.class);
Broker mockBroker = mock(Broker.class);
SubjectCreator mockSubjectCreator = mock(SubjectCreator.class);
when(_mockPort.getSubjectCreator(anyBoolean(), anyString())).thenReturn(mockSubjectCreator);
SubjectAuthenticationResult mockSuccessfulSubjectAuthenticationResult = mock(SubjectAuthenticationResult.class);
SubjectAuthenticationResult mockUnauthorizedSubjectAuthenticationResult = mock(SubjectAuthenticationResult.class);
final Subject successfulSubject = new Subject(true, Collections.singleton(new AuthenticatedPrincipal(new UsernamePrincipal(TEST_AUTHORIZED_USER, null))), Collections.emptySet(), Collections.emptySet());
final Subject unauthorizedSubject = new Subject(true, Collections.singleton(new AuthenticatedPrincipal(new UsernamePrincipal(TEST_UNAUTHORIZED_USER, null))), Collections.emptySet(), Collections.emptySet());
AuthenticationResult mockSuccessfulAuthenticationResult = mock(AuthenticationResult.class);
AuthenticationResult mockUnauthorizedAuthenticationResult = mock(AuthenticationResult.class);
AuthenticationResult failedAuthenticationResult = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, new Exception("authentication failed"));
SubjectAuthenticationResult failedSubjectAuthenticationResult = new SubjectAuthenticationResult(failedAuthenticationResult);
doAnswer(new Answer() {
@Override
public Object answer(final InvocationOnMock invocationOnMock) throws Throwable {
final Subject subject = Subject.getSubject(AccessController.getContext());
if (!subject.getPrincipals().iterator().next().getName().equals(TEST_AUTHORIZED_USER)) {
throw new AccessControlException("access denied");
}
return null;
}
}).when(mockBroker).authorise(eq(Operation.PERFORM_ACTION("manage")));
when(authenticationProvider.getAuthorizationEndpointURI(any())).thenReturn(new URI(TEST_AUTHORIZATION_ENDPOINT));
when(authenticationProvider.getClientId()).thenReturn(TEST_CLIENT_ID);
when(authenticationProvider.getScope()).thenReturn(TEST_OAUTH2_SCOPE);
when(authenticationProvider.getParent()).thenReturn(mockBroker);
when(authenticationProvider.authenticateViaAuthorizationCode(matches(TEST_VALID_AUTHORIZATION_CODE), matches(TEST_REQUEST_HOST), any())).thenReturn(mockSuccessfulAuthenticationResult);
when(authenticationProvider.authenticateViaAuthorizationCode(matches(TEST_INVALID_AUTHORIZATION_CODE), matches(TEST_REQUEST_HOST), any())).thenReturn(failedAuthenticationResult);
when(authenticationProvider.authenticateViaAuthorizationCode(matches(TEST_UNAUTHORIZED_AUTHORIZATION_CODE), matches(TEST_REQUEST_HOST), any())).thenReturn(mockUnauthorizedAuthenticationResult);
when(mockSuccessfulSubjectAuthenticationResult.getSubject()).thenReturn(successfulSubject);
when(mockUnauthorizedSubjectAuthenticationResult.getSubject()).thenReturn(unauthorizedSubject);
when(mockSubjectCreator.createResultWithGroups(mockSuccessfulAuthenticationResult)).thenReturn(mockSuccessfulSubjectAuthenticationResult);
when(mockSubjectCreator.createResultWithGroups(mockUnauthorizedAuthenticationResult)).thenReturn(mockUnauthorizedSubjectAuthenticationResult);
when(mockSubjectCreator.createResultWithGroups(failedAuthenticationResult)).thenReturn(failedSubjectAuthenticationResult);
return authenticationProvider;
}
use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.
the class ProtocolEngine_1_0_0Test method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
_networkConnection = mock(ServerNetworkConnection.class);
when(_networkConnection.getLocalAddress()).thenReturn(new InetSocketAddress(0));
_broker = mock(Broker.class);
when(_broker.getModel()).thenReturn(BrokerModel.getInstance());
when(_broker.getNetworkBufferSize()).thenReturn(256 * 1026);
final TaskExecutor taskExecutor = new TaskExecutorImpl();
taskExecutor.start();
when(_broker.getChildExecutor()).thenReturn(taskExecutor);
when(_broker.getTaskExecutor()).thenReturn(taskExecutor);
when(_broker.getId()).thenReturn(UUID.randomUUID());
when(_broker.getEventLogger()).thenReturn(new EventLogger());
when(((Broker) _broker).getCategoryClass()).thenReturn(Broker.class);
_port = mock(AmqpPort.class);
when(_port.getChildExecutor()).thenReturn(taskExecutor);
when(_port.getCategoryClass()).thenReturn(Port.class);
when(_port.getModel()).thenReturn(BrokerModel.getInstance());
final SubjectCreator subjectCreator = mock(SubjectCreator.class);
_authenticationProvider = mock(AuthenticationProvider.class);
when(_port.getAuthenticationProvider()).thenReturn(_authenticationProvider);
_virtualHost = mock(VirtualHost.class);
when(_virtualHost.getChildExecutor()).thenReturn(taskExecutor);
when(_virtualHost.getModel()).thenReturn(BrokerModel.getInstance());
when(_virtualHost.getState()).thenReturn(State.ACTIVE);
when(_virtualHost.isActive()).thenReturn(true);
final ArgumentCaptor<AMQPConnection> connectionCaptor = ArgumentCaptor.forClass(AMQPConnection.class);
final ArgumentCaptor<ConnectionEstablishmentPolicy> establishmentPolicyCaptor = ArgumentCaptor.forClass(ConnectionEstablishmentPolicy.class);
doAnswer(new Answer() {
@Override
public Object answer(final InvocationOnMock invocation) throws Throwable {
_connection = connectionCaptor.getValue();
return null;
}
}).when(_virtualHost).registerConnection(connectionCaptor.capture(), establishmentPolicyCaptor.capture());
when(_virtualHost.getPrincipal()).thenReturn(mock(VirtualHostPrincipal.class));
when(_port.getAddressSpace(anyString())).thenReturn(_virtualHost);
when(_port.getSubjectCreator(anyBoolean(), anyString())).thenReturn(subjectCreator);
final ArgumentCaptor<Principal> userCaptor = ArgumentCaptor.forClass(Principal.class);
when(subjectCreator.createSubjectWithGroups(userCaptor.capture())).then(new Answer<Subject>() {
@Override
public Subject answer(final InvocationOnMock invocation) throws Throwable {
Subject subject = new Subject();
subject.getPrincipals().add(userCaptor.getValue());
return subject;
}
});
final ByteBufferSender sender = mock(ByteBufferSender.class);
when(_networkConnection.getSender()).thenReturn(sender);
AMQPDescribedTypeRegistry registry = AMQPDescribedTypeRegistry.newInstance().registerTransportLayer().registerMessagingLayer().registerTransactionLayer().registerSecurityLayer();
_frameWriter = new FrameWriter(registry, new ByteBufferSender() {
@Override
public boolean isDirectBufferPreferred() {
return false;
}
@Override
public void send(final QpidByteBuffer msg) {
_protocolEngine_1_0_0.received(msg);
}
@Override
public void flush() {
}
@Override
public void close() {
}
});
}
use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.
the class SSLClientCertPreemptiveAuthenticator method attemptAuthentication.
@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration managementConfig) {
final AuthenticationProvider authenticationProvider = managementConfig.getAuthenticationProvider(request);
final Port<?> port = managementConfig.getPort(request);
SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
if (request.isSecure() && authenticationProvider instanceof ExternalAuthenticationManager && Collections.list(request.getAttributeNames()).contains(CERTIFICATE_ATTRIBUTE_NAME)) {
ExternalAuthenticationManager<?> externalAuthManager = (ExternalAuthenticationManager<?>) authenticationProvider;
X509Certificate[] certificates = (X509Certificate[]) request.getAttribute(CERTIFICATE_ATTRIBUTE_NAME);
if (certificates != null && certificates.length != 0) {
Principal principal = certificates[0].getSubjectX500Principal();
if (!externalAuthManager.getUseFullDN()) {
String username;
String dn = ((X500Principal) principal).getName(X500Principal.RFC2253);
username = SSLUtil.getIdFromSubjectDN(dn);
principal = new UsernamePrincipal(username, authenticationProvider);
}
return subjectCreator.createSubjectWithGroups(new AuthenticatedPrincipal(principal));
}
}
return null;
}
use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.
the class ProtocolEngine_1_0_0Test method testProtocolEngineWithSaslNonTLSandAnon.
public void testProtocolEngineWithSaslNonTLSandAnon() throws Exception {
final Map<String, Object> attrs = Collections.singletonMap(ConfiguredObject.NAME, getTestName());
final AnonymousAuthenticationManager anonymousAuthenticationManager = (new AnonymousAuthenticationManagerFactory()).create(null, attrs, _broker);
when(_port.getAuthenticationProvider()).thenReturn(anonymousAuthenticationManager);
when(_port.getSubjectCreator(anyBoolean(), anyString())).thenReturn(new SubjectCreator(anonymousAuthenticationManager, Collections.emptyList(), null));
allowMechanisms(AnonymousAuthenticationManager.MECHANISM_NAME);
createEngine(Transport.TCP);
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0_SASL.getInstance().getHeaderIdentifier()));
SaslInit init = new SaslInit();
init.setMechanism(Symbol.valueOf("ANONYMOUS"));
_frameWriter.send(new SASLFrame(init));
_protocolEngine_1_0_0.received(QpidByteBuffer.wrap(ProtocolEngineCreator_1_0_0.getInstance().getHeaderIdentifier()));
Open open = new Open();
open.setContainerId("testContainerId");
_frameWriter.send(AMQFrame.createAMQFrame((short) 0, open));
verify(_virtualHost).registerConnection(any(AMQPConnection.class), any(ConnectionEstablishmentPolicy.class));
AuthenticatedPrincipal principal = (AuthenticatedPrincipal) _connection.getAuthorizedPrincipal();
assertNotNull(principal);
assertEquals(principal, new AuthenticatedPrincipal(anonymousAuthenticationManager.getAnonymousPrincipal()));
}
use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.
the class AMQPConnection_0_8Impl method receiveConnectionStartOk.
@Override
public void receiveConnectionStartOk(final FieldTable clientProperties, final AMQShortString mechanism, final byte[] response, final AMQShortString locale) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("RECV ConnectionStartOk[" + " clientProperties: " + clientProperties + " mechanism: " + mechanism + " response: ********" + " locale: " + locale + " ]");
}
assertState(ConnectionState.AWAIT_START_OK);
LOGGER.debug("SASL Mechanism selected: {} Locale : {}", mechanism, locale);
if (mechanism == null || mechanism.length() == 0) {
sendConnectionClose(ErrorCodes.CONNECTION_FORCED, "No Sasl mechanism was specified", 0);
return;
}
SubjectCreator subjectCreator = getSubjectCreator();
_saslNegotiator = subjectCreator.createSaslNegotiator(String.valueOf(mechanism), this);
if (_saslNegotiator == null) {
sendConnectionClose(ErrorCodes.CONNECTION_FORCED, "No SaslServer could be created for mechanism: " + mechanism, 0);
} else {
setClientProperties(clientProperties);
processSaslResponse(response, subjectCreator);
}
}
Aggregations