Examples with TokenCarryingPrincipal org.apache.qpid.server.security.TokenCarryingPrincipal used on opensource projects

Search in sources :

Example 1 with TokenCarryingPrincipal

use of org.apache.qpid.server.security.TokenCarryingPrincipal in project qpid-broker-j by apache.

the class KerberosAuthenticationManagerTest method testAuthenticate.

@Test
public void testAuthenticate() throws Exception {
    final String token = Base64.getEncoder().encodeToString(buildToken(SERVICE_PRINCIPAL_NAME));
    final String authenticationHeader = SpnegoAuthenticator.NEGOTIATE_PREFIX + token;
    final AuthenticationResult result = _spnegoAuthenticator.authenticate(authenticationHeader);
    assertNotNull(result);
    assertEquals(AuthenticationResult.AuthenticationStatus.SUCCESS, result.getStatus());
    final Principal principal = result.getMainPrincipal();
    assertTrue(principal instanceof TokenCarryingPrincipal);
    assertEquals(KerberosUtilities.CLIENT_PRINCIPAL_FULL_NAME, principal.getName());
    final Map<String, String> tokens = ((TokenCarryingPrincipal) principal).getTokens();
    assertNotNull(tokens);
    assertTrue(tokens.containsKey(SpnegoAuthenticator.RESPONSE_AUTH_HEADER_NAME));
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) TokenCarryingPrincipal(org.apache.qpid.server.security.TokenCarryingPrincipal) TokenCarryingPrincipal(org.apache.qpid.server.security.TokenCarryingPrincipal) AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult) Test(org.junit.Test)

Example 2 with TokenCarryingPrincipal

use of org.apache.qpid.server.security.TokenCarryingPrincipal in project qpid-broker-j by apache.

the class SpnegoAuthenticator method doAuthenticate.

private AuthenticationResult doAuthenticate(final Subject subject, final byte[] negotiateToken) {
    GSSContext context = null;
    try {
        final int credentialLifetime;
        if (String.valueOf(System.getProperty(StandardSystemProperty.JAVA_VENDOR.key())).toUpperCase().contains("IBM")) {
            credentialLifetime = GSSCredential.INDEFINITE_LIFETIME;
        } else {
            credentialLifetime = GSSCredential.DEFAULT_LIFETIME;
        }
        final GSSManager manager = GSSManager.getInstance();
        final PrivilegedExceptionAction<GSSCredential> credentialsAction = () -> manager.createCredential(null, credentialLifetime, new Oid("1.3.6.1.5.5.2"), GSSCredential.ACCEPT_ONLY);
        final GSSContext gssContext = manager.createContext(Subject.doAs(subject, credentialsAction));
        context = gssContext;
        final PrivilegedExceptionAction<byte[]> acceptAction = () -> gssContext.acceptSecContext(negotiateToken, 0, negotiateToken.length);
        final byte[] outToken = Subject.doAs(subject, acceptAction);
        if (outToken == null) {
            LOGGER.debug("Ticket validation failed");
            return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
        }
        final PrivilegedAction<String> authenticationAction = () -> {
            if (gssContext.isEstablished()) {
                GSSName gssName = null;
                try {
                    gssName = gssContext.getSrcName();
                } catch (final GSSException e) {
                    LOGGER.error("Unable to get src name from gss context", e);
                }
                if (gssName != null) {
                    return stripRealmNameIfRequired(gssName.toString());
                }
            }
            return null;
        };
        final String principalName = Subject.doAs(subject, authenticationAction);
        if (principalName != null) {
            TokenCarryingPrincipal principal = new TokenCarryingPrincipal() {

                private Map<String, String> _tokens = Collections.singletonMap(RESPONSE_AUTH_HEADER_NAME, NEGOTIATE_PREFIX + Base64.getEncoder().encodeToString(outToken));

                @Override
                public Map<String, String> getTokens() {
                    return _tokens;
                }

                @Override
                public ConfiguredObject<?> getOrigin() {
                    return _kerberosProvider;
                }

                @Override
                public String getName() {
                    return principalName;
                }

                @Override
                public boolean equals(final Object o) {
                    if (this == o) {
                        return true;
                    }
                    if (!(o instanceof TokenCarryingPrincipal)) {
                        return false;
                    }
                    final TokenCarryingPrincipal that = (TokenCarryingPrincipal) o;
                    if (!getName().equals(that.getName())) {
                        return false;
                    }
                    if (!getTokens().equals(that.getTokens())) {
                        return false;
                    }
                    return getOrigin() != null ? getOrigin().equals(that.getOrigin()) : that.getOrigin() == null;
                }

                @Override
                public int hashCode() {
                    int result = getName().hashCode();
                    result = 31 * result + (getOrigin() != null ? getOrigin().hashCode() : 0);
                    result = 31 * result + getTokens().hashCode();
                    return result;
                }
            };
            return new AuthenticationResult(principal);
        }
        return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
    } catch (GSSException e) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Ticket validation failed", e);
        }
        return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
    } catch (PrivilegedActionException e) {
        final Exception cause = e.getException();
        if (cause instanceof GSSException) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Service login failed", e);
            }
        } else {
            LOGGER.error("Service login failed", e);
        }
        return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
    } finally {
        if (context != null) {
            try {
                context.dispose();
            } catch (GSSException e) {
            // Ignore
            }
        }
    }
}
Also used : GSSName(org.ietf.jgss.GSSName) PrivilegedActionException(java.security.PrivilegedActionException) Oid(org.ietf.jgss.Oid) TokenCarryingPrincipal(org.apache.qpid.server.security.TokenCarryingPrincipal) LoginException(javax.security.auth.login.LoginException) PrivilegedActionException(java.security.PrivilegedActionException) GSSException(org.ietf.jgss.GSSException) AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult) GSSException(org.ietf.jgss.GSSException) GSSCredential(org.ietf.jgss.GSSCredential) GSSContext(org.ietf.jgss.GSSContext) GSSManager(org.ietf.jgss.GSSManager) ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject) Map(java.util.Map)

Aggregations

TokenCarryingPrincipal (org.apache.qpid.server.security.TokenCarryingPrincipal)2 AuthenticationResult (org.apache.qpid.server.security.auth.AuthenticationResult)2 Principal (java.security.Principal)1 PrivilegedActionException (java.security.PrivilegedActionException)1 Map (java.util.Map)1 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1 LoginException (javax.security.auth.login.LoginException)1 ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)1 GSSContext (org.ietf.jgss.GSSContext)1 GSSCredential (org.ietf.jgss.GSSCredential)1 GSSException (org.ietf.jgss.GSSException)1 GSSManager (org.ietf.jgss.GSSManager)1 GSSName (org.ietf.jgss.GSSName)1 Oid (org.ietf.jgss.Oid)1 Test (org.junit.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial