Examples with UsernamePrincipal org.apache.qpid.server.security.auth.UsernamePrincipal used on opensource projects

Example 21 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class PrincipalDatabaseAuthenticationManager method addChildAsync.

@Override
protected <C extends ConfiguredObject> ListenableFuture<C> addChildAsync(Class<C> childClass, Map<String, Object> attributes) {
    if (childClass == User.class) {
        String username = (String) attributes.get("name");
        String password = (String) attributes.get("password");
        Principal p = new UsernamePrincipal(username, this);
        PrincipalAdapter principalAdapter = new PrincipalAdapter(p);
        // for a duplicate user DuplicateNameException should be thrown
        principalAdapter.create();
        try {
            boolean created = getPrincipalDatabase().createPrincipal(p, password.toCharArray());
            if (!created) {
                throw new IllegalArgumentException("User '" + username + "' was not added into principal database");
            }
        } catch (RuntimeException e) {
            principalAdapter.deleteNoChecks();
            throw e;
        }
        _userMap.put(p, principalAdapter);
        return Futures.immediateFuture((C) principalAdapter);
    } else {
        return super.addChildAsync(childClass, attributes);
    }
}

Example 22 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class PrincipalDatabaseAuthenticationManager method deleteUserFromDatabase.

private void deleteUserFromDatabase(String username) throws AccountNotFoundException {
    UsernamePrincipal principal = new UsernamePrincipal(username, this);
    getPrincipalDatabase().deletePrincipal(principal);
    _userMap.remove(principal);
}

Example 23 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class PrincipalDatabaseAuthenticationManager method setPassword.

@Override
public void setPassword(String username, String password) throws AccountNotFoundException {
    Principal principal = new UsernamePrincipal(username, this);
    User user = _userMap.get(principal);
    if (user != null) {
        user.setPassword(password);
    }
}

Example 24 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class SimpleLDAPAuthenticationManagerImpl method doLDAPNameAuthentication.

private AuthenticationResult doLDAPNameAuthentication(String userId, String password) {
    final String name;
    try {
        name = getNameFromId(userId);
    } catch (NamingException e) {
        LOGGER.warn("Retrieving LDAP name for user '{}' resulted in error.", userId, e);
        return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
    }
    if (name == null) {
        // The search didn't return anything, class as not-authenticated before it NPEs below
        return new AuthenticationResult(AuthenticationStatus.ERROR);
    }
    String providerAuthUrl = isSpecified(getProviderAuthUrl()) ? getProviderAuthUrl() : getProviderUrl();
    Hashtable<String, Object> env = createInitialDirContextEnvironment(providerAuthUrl);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, name);
    env.put(Context.SECURITY_CREDENTIALS, password);
    InitialDirContext ctx = null;
    try {
        ctx = createInitialDirContext(env, _sslSocketFactoryOverrideClass);
        Set<Principal> groups = Collections.emptySet();
        if (isGroupSearchRequired()) {
            if (!providerAuthUrl.equals(getProviderUrl())) {
                closeSafely(ctx);
                ctx = createSearchInitialDirContext();
            }
            groups = findGroups(ctx, name);
        }
        // Authentication succeeded
        return new AuthenticationResult(new UsernamePrincipal(name, this), groups, null);
    } catch (AuthenticationException ae) {
        // Authentication failed
        return new AuthenticationResult(AuthenticationStatus.ERROR);
    } catch (NamingException e) {
        // Some other failure
        LOGGER.warn("LDAP authentication attempt for username '{}' resulted in error.", name, e);
        return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, e);
    } finally {
        if (ctx != null) {
            closeSafely(ctx);
        }
    }
}

Example 25 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class FacebookIdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/json");
    connection.setRequestProperty("Authorization", "Bearer " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        final String facebookId = responseMap.get("id");
        if (facebookId == null) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'id'", userInfoEndpoint));
        }
        return new UsernamePrincipal(facebookId, authenticationProvider);
    }
}