Examples with UsernamePrincipal org.apache.qpid.server.security.auth.UsernamePrincipal used on opensource projects

Example 1 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class SSLClientCertPreemptiveAuthenticator method attemptAuthentication.

@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration managementConfig) {
    final AuthenticationProvider authenticationProvider = managementConfig.getAuthenticationProvider(request);
    final Port<?> port = managementConfig.getPort(request);
    SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
    if (request.isSecure() && authenticationProvider instanceof ExternalAuthenticationManager && Collections.list(request.getAttributeNames()).contains(CERTIFICATE_ATTRIBUTE_NAME)) {
        ExternalAuthenticationManager<?> externalAuthManager = (ExternalAuthenticationManager<?>) authenticationProvider;
        X509Certificate[] certificates = (X509Certificate[]) request.getAttribute(CERTIFICATE_ATTRIBUTE_NAME);
        if (certificates != null && certificates.length != 0) {
            Principal principal = certificates[0].getSubjectX500Principal();
            if (!externalAuthManager.getUseFullDN()) {
                String username;
                String dn = ((X500Principal) principal).getName(X500Principal.RFC2253);
                username = SSLUtil.getIdFromSubjectDN(dn);
                principal = new UsernamePrincipal(username, authenticationProvider);
            }
            return subjectCreator.createSubjectWithGroups(new AuthenticatedPrincipal(principal));
        }
    }
    return null;
}

Example 2 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class PrincipalDatabaseAuthenticationManagerTest method testSaslAuthenticationSuccess.

/**
 * Tests that the authenticate method correctly interprets an
 * authentication success.
 */
@Test
public void testSaslAuthenticationSuccess() throws Exception {
    setupMocks();
    UsernamePrincipal expectedPrincipal = new UsernamePrincipal("guest", _manager);
    when(_saslNegotiator.handleResponse(any(byte[].class))).thenReturn(new AuthenticationResult(expectedPrincipal));
    AuthenticationResult result = _saslNegotiator.handleResponse("12345".getBytes());
    assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
    assertEquals(AuthenticationStatus.SUCCESS, result.getStatus());
}

Example 3 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class ExternalAuthenticationManagerTest method testAuthenticatePrincipalCnDc_OtherComponentsIgnored.

@Test
public void testAuthenticatePrincipalCnDc_OtherComponentsIgnored() throws Exception {
    X500Principal principal = new X500Principal("CN=person, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
    UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person@example.com", _manager);
    when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
    SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings, null);
    AuthenticationResult result = negotiator.handleResponse(new byte[0]);
    assertNotNull(result);
    assertEquals("Expected authentication to be successful", AuthenticationResult.AuthenticationStatus.SUCCESS, result.getStatus());
    assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
    assertEquals("person@example.com", result.getMainPrincipal().getName());
}

Example 4 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class ExternalAuthenticationManagerTest method testAuthenticatePrincipalCnOnly.

@Test
public void testAuthenticatePrincipalCnOnly() throws Exception {
    X500Principal principal = new X500Principal("CN=person");
    UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person", _manager);
    when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
    SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings, null);
    AuthenticationResult result = negotiator.handleResponse(new byte[0]);
    assertNotNull(result);
    assertEquals("Expected authentication to be successful", AuthenticationResult.AuthenticationStatus.SUCCESS, result.getStatus());
    assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
    assertEquals("person", result.getMainPrincipal().getName());
}

Example 5 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class CloudFoundryOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, final String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL checkTokenEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    String clientId = authenticationProvider.getClientId();
    String clientSecret = authenticationProvider.getClientSecret();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(checkTokenEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolAllowList(authenticationProvider.getTlsProtocolAllowList()).setTlsProtocolDenyList(authenticationProvider.getTlsProtocolDenyList()).setTlsCipherSuiteAllowList(authenticationProvider.getTlsCipherSuiteAllowList()).setTlsCipherSuiteDenyList(authenticationProvider.getTlsCipherSuiteDenyList());
    LOGGER.debug("About to call identity service '{}'", checkTokenEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    // makes sure to use POST
    connection.setDoOutput(true);
    connection.setRequestProperty("Accept-Charset", UTF_8.name());
    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + UTF_8.name());
    connection.setRequestProperty("Accept", "application/json");
    String encoded = Base64.getEncoder().encodeToString((clientId + ":" + clientSecret).getBytes(UTF_8));
    connection.setRequestProperty("Authorization", "Basic " + encoded);
    final Map<String, String> requestParameters = Collections.singletonMap("token", accessToken);
    connection.connect();
    try (OutputStream output = connection.getOutputStream()) {
        output.write(OAuth2Utils.buildRequestQuery(requestParameters).getBytes(UTF_8));
        output.close();
        try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
            int responseCode = connection.getResponseCode();
            LOGGER.debug("Call to identity service '{}' complete, response code : {}", checkTokenEndpoint, responseCode);
            Map<String, String> responseMap = null;
            try {
                responseMap = _objectMapper.readValue(input, Map.class);
            } catch (JsonProcessingException e) {
                throw new IOException(String.format("Identity resolver '%s' did not return json", checkTokenEndpoint), e);
            }
            if (responseCode != 200) {
                throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d, error '%s', description '%s'", checkTokenEndpoint, responseCode, responseMap.get("error"), responseMap.get("error_description")));
            }
            final String userName = responseMap.get("user_name");
            if (userName == null) {
                throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'user_name'", checkTokenEndpoint));
            }
            return new UsernamePrincipal(userName, authenticationProvider);
        }
    }
}