Example 11 with SubjectCreator
use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.
the class SaslServlet method doPost.
@Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response, final ConfiguredObject<?> managedObject) throws IOException {
checkSaslAuthEnabled(request);
final HttpSession session = request.getSession();
try {
String mechanism = request.getParameter("mechanism");
String id = request.getParameter("id");
String saslResponse = request.getParameter("response");
SubjectCreator subjectCreator = getSubjectCreator(request);
AuthenticationProvider<?> authenticationProvider = getAuthenticationProvider(request);
SaslNegotiator saslNegotiator = null;
if (mechanism != null) {
if (id == null && authenticationProvider.getAvailableMechanisms(request.isSecure()).contains(mechanism)) {
LOGGER.debug("Creating SaslServer for mechanism: {}", mechanism);
saslNegotiator = subjectCreator.createSaslNegotiator(mechanism, new SaslSettings() {
@Override
public String getLocalFQDN() {
return request.getServerName();
}
@Override
public Principal getExternalPrincipal() {
return null;
}
});
}
} else {
if (id != null) {
if (id.equals(HttpManagementUtil.getSessionAttribute(ATTR_ID, session, request)) && System.currentTimeMillis() < (Long) HttpManagementUtil.getSessionAttribute(ATTR_EXPIRY, session, request)) {
saslNegotiator = (SaslNegotiator) HttpManagementUtil.getSessionAttribute(ATTR_SASL_NEGOTIATOR, session, request);
}
}
}
if (saslNegotiator != null) {
evaluateSaslResponse(request, response, session, saslResponse, saslNegotiator, subjectCreator);
} else {
cleanup(request, session);
response.setStatus(HttpServletResponse.SC_EXPECTATION_FAILED);
}
} catch (SessionInvalidatedException e) {
response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED);
} finally {
if (response.getStatus() != HttpServletResponse.SC_OK) {
HttpManagementUtil.invalidateSession(session);
}
}
}
Also used :
SaslSettings(org.apache.qpid.server.security.auth.sasl.SaslSettings)
SessionInvalidatedException(org.apache.qpid.server.management.plugin.SessionInvalidatedException)
HttpSession(javax.servlet.http.HttpSession)
SaslNegotiator(org.apache.qpid.server.security.auth.sasl.SaslNegotiator)
SubjectCreator(org.apache.qpid.server.security.SubjectCreator)
Example 12 with SubjectCreator
use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.
the class OAuth2PreemptiveAuthenticatorTest method createMockOAuth2AuthenticationProvider.
private OAuth2AuthenticationProvider<?> createMockOAuth2AuthenticationProvider(final HttpPort mockPort) throws URISyntaxException {
OAuth2AuthenticationProvider authenticationProvider = mock(OAuth2AuthenticationProvider.class);
SubjectCreator mockSubjectCreator = mock(SubjectCreator.class);
SubjectAuthenticationResult mockSuccessfulSubjectAuthenticationResult = mock(SubjectAuthenticationResult.class);
SubjectAuthenticationResult mockUnauthorizedSubjectAuthenticationResult = mock(SubjectAuthenticationResult.class);
final Subject successfulSubject = new Subject(true, Collections.singleton(new AuthenticatedPrincipal(new UsernamePrincipal(TEST_AUTHORIZED_USER, null))), Collections.emptySet(), Collections.emptySet());
final Subject unauthorizedSubject = new Subject(true, Collections.singleton(new AuthenticatedPrincipal(new UsernamePrincipal(TEST_UNAUTHORIZED_USER, null))), Collections.emptySet(), Collections.emptySet());
AuthenticationResult mockSuccessfulAuthenticationResult = mock(AuthenticationResult.class);
AuthenticationResult mockUnauthorizedAuthenticationResult = mock(AuthenticationResult.class);
AuthenticationResult failedAuthenticationResult = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, new Exception("authentication failed"));
SubjectAuthenticationResult failedSubjectAuthenticationResult = new SubjectAuthenticationResult(failedAuthenticationResult);
when(mockPort.getSubjectCreator(any(Boolean.class), anyString())).thenReturn(mockSubjectCreator);
when(authenticationProvider.authenticateViaAccessToken(TEST_VALID_ACCESS_TOKEN, null)).thenReturn(mockSuccessfulAuthenticationResult);
when(authenticationProvider.authenticateViaAccessToken(TEST_INVALID_ACCESS_TOKEN, null)).thenReturn(failedAuthenticationResult);
when(authenticationProvider.authenticateViaAccessToken(TEST_UNAUTHORIZED_ACCESS_TOKEN, null)).thenReturn(mockUnauthorizedAuthenticationResult);
when(mockSuccessfulSubjectAuthenticationResult.getSubject()).thenReturn(successfulSubject);
when(mockUnauthorizedSubjectAuthenticationResult.getSubject()).thenReturn(unauthorizedSubject);
when(mockSubjectCreator.createResultWithGroups(mockSuccessfulAuthenticationResult)).thenReturn(mockSuccessfulSubjectAuthenticationResult);
when(mockSubjectCreator.createResultWithGroups(mockUnauthorizedAuthenticationResult)).thenReturn(mockUnauthorizedSubjectAuthenticationResult);
when(mockSubjectCreator.createResultWithGroups(failedAuthenticationResult)).thenReturn(failedSubjectAuthenticationResult);
return authenticationProvider;
}
Also used :
UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal)
OAuth2AuthenticationProvider(org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider)
SubjectCreator(org.apache.qpid.server.security.SubjectCreator)
SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult)
Subject(javax.security.auth.Subject)
URISyntaxException(java.net.URISyntaxException)
AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)
SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult)
AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult)
Example 13 with SubjectCreator
use of org.apache.qpid.server.security.SubjectCreator in project qpid-broker-j by apache.
the class AbstractPort method getSubjectCreator.
@Override
public SubjectCreator getSubjectCreator(boolean secure, String host) {
Collection children = _container.getChildren(GroupProvider.class);
NamedAddressSpace addressSpace;
if (host != null) {
addressSpace = getAddressSpace(host);
} else {
addressSpace = null;
}
return new SubjectCreator(getAuthenticationProvider(), children, addressSpace);
}
Also used :
Collection(java.util.Collection)
SubjectCreator(org.apache.qpid.server.security.SubjectCreator)
Aggregations
SubjectCreator (org.apache.qpid.server.security.SubjectCreator)13
AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)6
AuthenticationResult (org.apache.qpid.server.security.auth.AuthenticationResult)6
SubjectAuthenticationResult (org.apache.qpid.server.security.auth.SubjectAuthenticationResult)6
Subject (javax.security.auth.Subject)5
AuthenticationProvider (org.apache.qpid.server.model.AuthenticationProvider)4
Broker (org.apache.qpid.server.model.Broker)4
UsernamePrincipal (org.apache.qpid.server.security.auth.UsernamePrincipal)4
OAuth2AuthenticationProvider (org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider)4
URISyntaxException (java.net.URISyntaxException)3
AMQPConnection (org.apache.qpid.server.transport.AMQPConnection)3
IOException (java.io.IOException)2
InetSocketAddress (java.net.InetSocketAddress)2
URI (java.net.URI)2
AccessControlException (java.security.AccessControlException)2
Principal (java.security.Principal)2
HttpSession (javax.servlet.http.HttpSession)2
TaskExecutorImpl (org.apache.qpid.server.configuration.updater.TaskExecutorImpl)2
EventLogger (org.apache.qpid.server.logging.EventLogger)2
ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)2
