Examples with SubjectCreator org.apache.qpid.server.security.SubjectCreator used on opensource projects

Search in sources :

Example 6 with SubjectCreator

use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.

the class AMQPConnection_0_8Test method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    EventLogger value = new EventLogger();
    SystemConfig systemConfig = mock(SystemConfig.class);
    when(systemConfig.getEventLogger()).thenReturn(mock(EventLogger.class));
    _taskExecutor = new TaskExecutorImpl();
    _taskExecutor.start();
    Model model = BrokerModel.getInstance();
    _broker = mock(Broker.class);
    when(_broker.getParent()).thenReturn(systemConfig);
    when(_broker.getModel()).thenReturn(model);
    when(_broker.getCategoryClass()).thenReturn(Broker.class);
    when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
    when(_broker.getChildExecutor()).thenReturn(_taskExecutor);
    when(_broker.getEventLogger()).thenReturn(value);
    when(_broker.getContextValue(eq(Long.class), eq(Broker.CHANNEL_FLOW_CONTROL_ENFORCEMENT_TIMEOUT))).thenReturn(0l);
    _virtualHostNode = mock(VirtualHostNode.class);
    when(_virtualHostNode.getParent()).thenReturn(_broker);
    when(_virtualHostNode.getModel()).thenReturn(model);
    when(_virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
    when(_virtualHostNode.getTaskExecutor()).thenReturn(_taskExecutor);
    when(_virtualHostNode.getChildExecutor()).thenReturn(_taskExecutor);
    _virtualHost = mock(QueueManagingVirtualHost.class);
    VirtualHostPrincipal virtualHostPrincipal = new VirtualHostPrincipal(_virtualHost);
    when(_virtualHost.getParent()).thenReturn(_virtualHostNode);
    when(_virtualHost.getModel()).thenReturn(model);
    when(_virtualHost.getCategoryClass()).thenReturn(VirtualHost.class);
    when(_virtualHost.getState()).thenReturn(State.ACTIVE);
    when(_virtualHost.isActive()).thenReturn(true);
    when(_virtualHost.getTaskExecutor()).thenReturn(_taskExecutor);
    when(_virtualHost.getPrincipal()).thenReturn(virtualHostPrincipal);
    when(_virtualHost.getContextValue(Integer.class, Broker.MESSAGE_COMPRESSION_THRESHOLD_SIZE)).thenReturn(1024);
    when(_virtualHost.getContextValue(Long.class, Connection.MAX_UNCOMMITTED_IN_MEMORY_SIZE)).thenReturn(1024l);
    when(_virtualHost.getContextValue(Boolean.class, Broker.BROKER_MSG_AUTH)).thenReturn(false);
    when(_virtualHost.authoriseCreateConnection(any(AMQPConnection.class))).thenReturn(true);
    when(_virtualHost.getEventLogger()).thenReturn(value);
    SubjectCreator subjectCreator = mock(SubjectCreator.class);
    SaslNegotiator saslNegotiator = mock(SaslNegotiator.class);
    when(subjectCreator.createSaslNegotiator(eq(SASL_MECH.toString()), any(SaslSettings.class))).thenReturn(saslNegotiator);
    when(subjectCreator.authenticate(saslNegotiator, SASL_RESPONSE)).thenReturn(new SubjectAuthenticationResult(new AuthenticationResult(new AuthenticatedPrincipal(new UsernamePrincipal("username", null))), new Subject()));
    AuthenticationProvider authenticationProvider = mock(AuthenticationProvider.class);
    when(authenticationProvider.getAvailableMechanisms(anyBoolean())).thenReturn(Collections.singletonList(SASL_MECH.toString()));
    _port = mock(AmqpPort.class);
    when(_port.getParent()).thenReturn(_broker);
    when(_port.getCategoryClass()).thenReturn(Port.class);
    when(_port.getChildExecutor()).thenReturn(_taskExecutor);
    when(_port.getModel()).thenReturn(model);
    when(_port.getAuthenticationProvider()).thenReturn(authenticationProvider);
    when(_port.getAddressSpace(VIRTUAL_HOST_NAME)).thenReturn(_virtualHost);
    when(_port.getContextValue(Long.class, Port.CONNECTION_MAXIMUM_AUTHENTICATION_DELAY)).thenReturn(2500l);
    when(_port.getContextValue(Integer.class, Connection.MAX_MESSAGE_SIZE)).thenReturn(Connection.DEFAULT_MAX_MESSAGE_SIZE);
    when(_port.getSubjectCreator(eq(false), anyString())).thenReturn(subjectCreator);
    _sender = mock(ByteBufferSender.class);
    _network = mock(ServerNetworkConnection.class);
    when(_network.getSender()).thenReturn(_sender);
    when(_network.getLocalAddress()).thenReturn(new InetSocketAddress("localhost", 12345));
    _transport = Transport.TCP;
    _protocol = Protocol.AMQP_0_8;
    _ticker = new AggregateTicker();
}
Also used : ByteBufferSender(org.apache.qpid.server.transport.ByteBufferSender) ServerNetworkConnection(org.apache.qpid.server.transport.ServerNetworkConnection) SystemConfig(org.apache.qpid.server.model.SystemConfig) TaskExecutorImpl(org.apache.qpid.server.configuration.updater.TaskExecutorImpl) Broker(org.apache.qpid.server.model.Broker) QueueManagingVirtualHost(org.apache.qpid.server.virtualhost.QueueManagingVirtualHost) EventLogger(org.apache.qpid.server.logging.EventLogger) InetSocketAddress(java.net.InetSocketAddress) AuthenticationProvider(org.apache.qpid.server.model.AuthenticationProvider) AggregateTicker(org.apache.qpid.server.transport.AggregateTicker) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) Subject(javax.security.auth.Subject) AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal) SaslSettings(org.apache.qpid.server.security.auth.sasl.SaslSettings) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) AMQPConnection(org.apache.qpid.server.transport.AMQPConnection) BrokerModel(org.apache.qpid.server.model.BrokerModel) Model(org.apache.qpid.server.model.Model) VirtualHostPrincipal(org.apache.qpid.server.virtualhost.VirtualHostPrincipal) SaslNegotiator(org.apache.qpid.server.security.auth.sasl.SaslNegotiator) AmqpPort(org.apache.qpid.server.model.port.AmqpPort) SubjectCreator(org.apache.qpid.server.security.SubjectCreator) VirtualHostNode(org.apache.qpid.server.model.VirtualHostNode)

Example 7 with SubjectCreator

use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.

the class AnonymousPreemptiveAuthenticator method attemptAuthentication.

@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration managementConfig) {
    final Port<?> port = managementConfig.getPort(request);
    final AuthenticationProvider authenticationProvider = managementConfig.getAuthenticationProvider(request);
    SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
    if (authenticationProvider instanceof AnonymousAuthenticationManager) {
        return subjectCreator.createResultWithGroups(((AnonymousAuthenticationManager) authenticationProvider).getAnonymousAuthenticationResult()).getSubject();
    }
    return null;
}
Also used : AnonymousAuthenticationManager(org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager) AuthenticationProvider(org.apache.qpid.server.model.AuthenticationProvider) SubjectCreator(org.apache.qpid.server.security.SubjectCreator)

Example 8 with SubjectCreator

use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.

the class BasicAuthPreemptiveAuthenticator method attemptAuthentication.

@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration managementConfiguration) {
    String header = request.getHeader("Authorization");
    final Port<?> port = managementConfiguration.getPort(request);
    final AuthenticationProvider<?> authenticationProvider = managementConfiguration.getAuthenticationProvider(request);
    SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
    if (header != null && authenticationProvider instanceof UsernamePasswordAuthenticationProvider) {
        UsernamePasswordAuthenticationProvider<?> namePasswdAuthProvider = (UsernamePasswordAuthenticationProvider<?>) authenticationProvider;
        String[] tokens = header.split("\\s");
        if (tokens.length >= 2 && "BASIC".equalsIgnoreCase(tokens[0])) {
            boolean isBasicAuthSupported = false;
            if (request.isSecure()) {
                isBasicAuthSupported = managementConfiguration.isHttpsBasicAuthenticationEnabled();
            } else {
                isBasicAuthSupported = managementConfiguration.isHttpBasicAuthenticationEnabled();
            }
            if (isBasicAuthSupported) {
                String base64UsernameAndPassword = tokens[1];
                String[] credentials = (new String(Strings.decodeBase64(base64UsernameAndPassword), StandardCharsets.UTF_8)).split(":", 2);
                if (credentials.length == 2) {
                    String username = credentials[0];
                    String password = credentials[1];
                    AuthenticationResult authenticationResult = namePasswdAuthProvider.authenticate(username, password);
                    SubjectAuthenticationResult result = subjectCreator.createResultWithGroups(authenticationResult);
                    return result.getSubject();
                }
            }
        }
    }
    return null;
}
Also used : SubjectCreator(org.apache.qpid.server.security.SubjectCreator) UsernamePasswordAuthenticationProvider(org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult)

Example 9 with SubjectCreator

use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.

the class OAuth2InteractiveAuthenticator method getAuthenticationHandler.

@Override
public AuthenticationHandler getAuthenticationHandler(final HttpServletRequest request, final HttpManagementConfiguration configuration) {
    final Port<?> port = configuration.getPort(request);
    if (configuration.getAuthenticationProvider(request) instanceof OAuth2AuthenticationProvider) {
        final OAuth2AuthenticationProvider oauth2Provider = (OAuth2AuthenticationProvider) configuration.getAuthenticationProvider(request);
        final Map<String, String> requestParameters;
        try {
            requestParameters = getRequestParameters(request);
        } catch (IllegalArgumentException e) {
            return new FailedAuthenticationHandler(400, "Some request parameters are included more than once " + request, e);
        }
        String error = requestParameters.get("error");
        if (error != null) {
            int responseCode = decodeErrorAsResponseCode(error);
            String errorDescription = requestParameters.get("error_description");
            if (responseCode == 403) {
                LOGGER.debug("Resource owner denies the access request");
                return new FailedAuthenticationHandler(responseCode, "Resource owner denies the access request");
            } else {
                LOGGER.warn("Authorization endpoint failed, error : '{}', error description '{}'", error, errorDescription);
                return new FailedAuthenticationHandler(responseCode, String.format("Authorization request failed :'%s'", error));
            }
        }
        final String authorizationCode = requestParameters.get("code");
        if (authorizationCode == null) {
            final String authorizationRedirectURL = buildAuthorizationRedirectURL(request, oauth2Provider);
            return response -> {
                final NamedAddressSpace addressSpace = configuration.getPort(request).getAddressSpace(request.getServerName());
                LOGGER.debug("Sending redirect to authorization endpoint {}", oauth2Provider.getAuthorizationEndpointURI(addressSpace));
                response.sendRedirect(authorizationRedirectURL);
            };
        } else {
            final HttpSession httpSession = request.getSession();
            String state = requestParameters.get("state");
            if (state == null) {
                LOGGER.warn("Deny login attempt with wrong state: {}", state);
                return new FailedAuthenticationHandler(400, "No state set on request with authorization code grant: " + request);
            }
            if (!checkState(request, state)) {
                LOGGER.warn("Deny login attempt with wrong state: {}", state);
                return new FailedAuthenticationHandler(401, "Received request with wrong state: " + state);
            }
            final String redirectUri = (String) httpSession.getAttribute(HttpManagementUtil.getRequestSpecificAttributeName(REDIRECT_URI_SESSION_ATTRIBUTE, request));
            final String originalRequestUri = (String) httpSession.getAttribute(HttpManagementUtil.getRequestSpecificAttributeName(ORIGINAL_REQUEST_URI_SESSION_ATTRIBUTE, request));
            final NamedAddressSpace addressSpace = configuration.getPort(request).getAddressSpace(request.getServerName());
            return new AuthenticationHandler() {

                @Override
                public void handleAuthentication(final HttpServletResponse response) throws IOException {
                    AuthenticationResult authenticationResult = oauth2Provider.authenticateViaAuthorizationCode(authorizationCode, redirectUri, addressSpace);
                    try {
                        Subject subject = createSubject(authenticationResult);
                        authoriseManagement(subject);
                        HttpManagementUtil.saveAuthorisedSubject(request, subject);
                        LOGGER.debug("Successful login. Redirect to original resource {}", originalRequestUri);
                        response.sendRedirect(originalRequestUri);
                    } catch (SecurityException e) {
                        if (e instanceof AccessControlException) {
                            LOGGER.info("User '{}' is not authorised for management", authenticationResult.getMainPrincipal());
                            response.sendError(403, "User is not authorised for management");
                        } else {
                            LOGGER.info("Authentication failed", authenticationResult.getCause());
                            response.sendError(401);
                        }
                    }
                }

                private Subject createSubject(final AuthenticationResult authenticationResult) {
                    SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
                    SubjectAuthenticationResult result = subjectCreator.createResultWithGroups(authenticationResult);
                    Subject original = result.getSubject();
                    if (original == null) {
                        throw new SecurityException("Only authenticated users can access the management interface");
                    }
                    Subject subject = HttpManagementUtil.createServletConnectionSubject(request, original);
                    return subject;
                }

                private void authoriseManagement(final Subject subject) {
                    Broker broker = (Broker) oauth2Provider.getParent();
                    HttpManagementUtil.assertManagementAccess(broker, subject);
                }
            };
        }
    } else {
        return null;
    }
}
Also used : HttpManagementUtil(org.apache.qpid.server.management.plugin.HttpManagementUtil) Enumeration(java.util.Enumeration) URISyntaxException(java.net.URISyntaxException) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult) SecureRandom(java.security.SecureRandom) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpRequestInteractiveAuthenticator(org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator) OAuth2Utils(org.apache.qpid.server.security.auth.manager.oauth2.OAuth2Utils) Map(java.util.Map) URI(java.net.URI) HttpSession(javax.servlet.http.HttpSession) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) Logger(org.slf4j.Logger) Port(org.apache.qpid.server.model.Port) OAuth2AuthenticationProvider(org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider) Broker(org.apache.qpid.server.model.Broker) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) HttpManagementConfiguration(org.apache.qpid.server.management.plugin.HttpManagementConfiguration) Subject(javax.security.auth.Subject) SubjectCreator(org.apache.qpid.server.security.SubjectCreator) PluggableService(org.apache.qpid.server.plugin.PluggableService) NamedAddressSpace(org.apache.qpid.server.model.NamedAddressSpace) AccessControlException(java.security.AccessControlException) Collections(java.util.Collections) DatatypeConverter(javax.xml.bind.DatatypeConverter) Broker(org.apache.qpid.server.model.Broker) HttpSession(javax.servlet.http.HttpSession) NamedAddressSpace(org.apache.qpid.server.model.NamedAddressSpace) HttpServletResponse(javax.servlet.http.HttpServletResponse) AccessControlException(java.security.AccessControlException) Subject(javax.security.auth.Subject) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) OAuth2AuthenticationProvider(org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider) SubjectCreator(org.apache.qpid.server.security.SubjectCreator)

Example 10 with SubjectCreator

use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.

the class OAuth2PreemptiveAuthenticator method attemptAuthentication.

@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration configuration) {
    final Port<?> port = configuration.getPort(request);
    final AuthenticationProvider<?> authenticationProvider = configuration.getAuthenticationProvider(request);
    String authorizationHeader = request.getHeader("Authorization");
    String accessToken = null;
    if (authorizationHeader != null && authorizationHeader.startsWith(BEARER_PREFIX)) {
        accessToken = authorizationHeader.substring(BEARER_PREFIX.length());
    }
    if (accessToken != null && authenticationProvider instanceof OAuth2AuthenticationProvider) {
        OAuth2AuthenticationProvider<?> oAuth2AuthProvider = (OAuth2AuthenticationProvider<?>) authenticationProvider;
        AuthenticationResult authenticationResult = oAuth2AuthProvider.authenticateViaAccessToken(accessToken, null);
        SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
        SubjectAuthenticationResult result = subjectCreator.createResultWithGroups(authenticationResult);
        return result.getSubject();
    }
    return null;
}
Also used : OAuth2AuthenticationProvider(org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider) SubjectCreator(org.apache.qpid.server.security.SubjectCreator) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult)

Aggregations

SubjectCreator (org.apache.qpid.server.security.SubjectCreator)13 AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)6 AuthenticationResult (org.apache.qpid.server.security.auth.AuthenticationResult)6 SubjectAuthenticationResult (org.apache.qpid.server.security.auth.SubjectAuthenticationResult)6 Subject (javax.security.auth.Subject)5 AuthenticationProvider (org.apache.qpid.server.model.AuthenticationProvider)4 Broker (org.apache.qpid.server.model.Broker)4 UsernamePrincipal (org.apache.qpid.server.security.auth.UsernamePrincipal)4 OAuth2AuthenticationProvider (org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider)4 URISyntaxException (java.net.URISyntaxException)3 AMQPConnection (org.apache.qpid.server.transport.AMQPConnection)3 IOException (java.io.IOException)2 InetSocketAddress (java.net.InetSocketAddress)2 URI (java.net.URI)2 AccessControlException (java.security.AccessControlException)2 Principal (java.security.Principal)2 HttpSession (javax.servlet.http.HttpSession)2 TaskExecutorImpl (org.apache.qpid.server.configuration.updater.TaskExecutorImpl)2 EventLogger (org.apache.qpid.server.logging.EventLogger)2 ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial