Examples with UsernamePrincipal org.apache.qpid.server.security.auth.UsernamePrincipal used on opensource projects

Example 6 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class PrincipalDatabaseAuthenticationManager method deleteUser.

@Override
public void deleteUser(String username) throws AccountNotFoundException {
    UsernamePrincipal principal = new UsernamePrincipal(username, this);
    PrincipalAdapter user = _userMap.get(principal);
    if (user != null) {
        user.delete();
    } else {
        throw new AccountNotFoundException("No such user: '" + username + "'");
    }
}

Example 7 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class CloudFoundryOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, final String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL checkTokenEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    String clientId = authenticationProvider.getClientId();
    String clientSecret = authenticationProvider.getClientSecret();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(checkTokenEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
    LOGGER.debug("About to call identity service '{}'", checkTokenEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    // makes sure to use POST
    connection.setDoOutput(true);
    connection.setRequestProperty("Accept-Charset", UTF_8.name());
    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded;charset=" + UTF_8.name());
    connection.setRequestProperty("Accept", "application/json");
    String encoded = DatatypeConverter.printBase64Binary((clientId + ":" + clientSecret).getBytes(UTF_8));
    connection.setRequestProperty("Authorization", "Basic " + encoded);
    final Map<String, String> requestParameters = Collections.singletonMap("token", accessToken);
    connection.connect();
    try (OutputStream output = connection.getOutputStream()) {
        output.write(OAuth2Utils.buildRequestQuery(requestParameters).getBytes(UTF_8));
        output.close();
        try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
            int responseCode = connection.getResponseCode();
            LOGGER.debug("Call to identity service '{}' complete, response code : {}", checkTokenEndpoint, responseCode);
            Map<String, String> responseMap = null;
            try {
                responseMap = _objectMapper.readValue(input, Map.class);
            } catch (JsonProcessingException e) {
                throw new IOException(String.format("Identity resolver '%s' did not return json", checkTokenEndpoint), e);
            }
            if (responseCode != 200) {
                throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d, error '%s', description '%s'", checkTokenEndpoint, responseCode, responseMap.get("error"), responseMap.get("error_description")));
            }
            final String userName = responseMap.get("user_name");
            if (userName == null) {
                throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'user_name'", checkTokenEndpoint));
            }
            return new UsernamePrincipal(userName, authenticationProvider);
        }
    }
}

Example 8 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class GitHubOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/vnd.github.v3+json");
    connection.setRequestProperty("Authorization", "token " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        final String githubId = responseMap.get("login");
        if (githubId == null) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'login'", userInfoEndpoint));
        }
        return new UsernamePrincipal(githubId, authenticationProvider);
    }
}

Example 9 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class MicrosoftLiveOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/json");
    connection.setRequestProperty("Authorization", "Bearer " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        final String liveId = responseMap.get("id");
        if (liveId == null) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'id'", userInfoEndpoint));
        }
        return new UsernamePrincipal(liveId, authenticationProvider);
    }
}

Example 10 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class BrokerImpl method doPurgeUser.

private void doPurgeUser(final AuthenticationProvider<?> origin, final String username) {
    // remove from AuthenticationProvider
    if (origin instanceof PasswordCredentialManagingAuthenticationProvider) {
        try {
            ((PasswordCredentialManagingAuthenticationProvider) origin).deleteUser(username);
        } catch (AccountNotFoundException e) {
        // pass
        }
    }
    // remove from Groups
    final Collection<GroupProvider> groupProviders = getChildren(GroupProvider.class);
    for (GroupProvider<?> groupProvider : groupProviders) {
        final Collection<Group> groups = groupProvider.getChildren(Group.class);
        for (Group<?> group : groups) {
            final Collection<GroupMember> members = group.getChildren(GroupMember.class);
            for (GroupMember<?> member : members) {
                if (username.equals(member.getName())) {
                    member.delete();
                }
            }
        }
    }
    // remove Preferences from all ConfiguredObjects
    Subject userSubject = new Subject(true, Collections.singleton(new AuthenticatedPrincipal(new UsernamePrincipal(username, origin))), Collections.EMPTY_SET, Collections.EMPTY_SET);
    java.util.Queue<ConfiguredObject<?>> configuredObjects = new LinkedList<>();
    configuredObjects.add(BrokerImpl.this);
    while (!configuredObjects.isEmpty()) {
        final ConfiguredObject<?> currentObject = configuredObjects.poll();
        final Collection<Class<? extends ConfiguredObject>> childClasses = getModel().getChildTypes(currentObject.getClass());
        for (Class<? extends ConfiguredObject> childClass : childClasses) {
            final Collection<? extends ConfiguredObject> children = currentObject.getChildren(childClass);
            for (ConfiguredObject child : children) {
                configuredObjects.add(child);
            }
        }
        Subject.doAs(userSubject, new PrivilegedAction<Void>() {

            @Override
            public Void run() {
                currentObject.getUserPreferences().delete(null, null, null);
                return null;
            }
        });
    }
}