Examples with UsernamePrincipal org.apache.qpid.server.security.auth.UsernamePrincipal used on opensource projects

Search in sources :

Example 26 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class GoogleOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/json");
    connection.setRequestProperty("Authorization", "Bearer " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        final String googleId = responseMap.get("sub");
        if (googleId == null) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'sub'", userInfoEndpoint));
        }
        return new UsernamePrincipal(googleId, authenticationProvider);
    }
}
Also used : InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) IdentityResolverException(org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException) ConnectionBuilder(org.apache.qpid.server.util.ConnectionBuilder) TrustStore(org.apache.qpid.server.model.TrustStore) IOException(java.io.IOException) URL(java.net.URL) ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) HttpURLConnection(java.net.HttpURLConnection) Map(java.util.Map) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 27 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class KeycloakOAuth2IdentityResolverService method getUserPrincipal.

@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
    URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
    TrustStore trustStore = authenticationProvider.getTrustStore();
    ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
    connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
    if (trustStore != null) {
        try {
            connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
        } catch (GeneralSecurityException e) {
            throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
        }
    }
    connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
    LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
    HttpURLConnection connection = connectionBuilder.build();
    connection.setRequestProperty("Accept-Charset", UTF8);
    connection.setRequestProperty("Accept", "application/json");
    connection.setRequestProperty("Authorization", "Bearer " + accessToken);
    connection.connect();
    try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
        int responseCode = connection.getResponseCode();
        LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
        Map<String, String> responseMap;
        try {
            responseMap = _objectMapper.readValue(input, Map.class);
        } catch (JsonProcessingException e) {
            throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
        }
        if (responseCode != 200) {
            throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
        }
        String username = responseMap.get("preferred_username");
        if (username == null) {
            username = responseMap.get("sub");
            if (username == null) {
                throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'sub'", userInfoEndpoint));
            }
        }
        return new UsernamePrincipal(username, authenticationProvider);
    }
}
Also used : InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) IdentityResolverException(org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException) ConnectionBuilder(org.apache.qpid.server.util.ConnectionBuilder) TrustStore(org.apache.qpid.server.model.TrustStore) IOException(java.io.IOException) URL(java.net.URL) ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) HttpURLConnection(java.net.HttpURLConnection) Map(java.util.Map) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)

Example 28 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class AbstractPasswordFilePrincipalDatabaseTest method testRejectUsernameWithColon.

public void testRejectUsernameWithColon() throws Exception {
    String usernameWithColon = "user:name";
    Principal principal = new UsernamePrincipal(usernameWithColon, null);
    File testFile = createPasswordFile(0, 0);
    loadPasswordFile(testFile);
    try {
        getDatabase().createPrincipal(principal, TEST_PASSWORD_CHARS);
        fail("Username with colon should be rejected");
    } catch (IllegalArgumentException e) {
    // pass
    }
}
Also used : UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) File(java.io.File) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) Principal(java.security.Principal)

Example 29 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class AbstractPasswordFilePrincipalDatabaseTest method testRejectPasswordWithColon.

public void testRejectPasswordWithColon() throws Exception {
    String username = "username";
    String passwordWithColon = "pass:word";
    Principal principal = new UsernamePrincipal(username, null);
    File testFile = createPasswordFile(0, 0);
    loadPasswordFile(testFile);
    try {
        getDatabase().createPrincipal(principal, passwordWithColon.toCharArray());
        fail("Password with colon should be rejected");
    } catch (IllegalArgumentException e) {
    // pass
    }
    getDatabase().createPrincipal(_principal, TEST_PASSWORD_CHARS);
    try {
        getDatabase().updatePassword(_principal, passwordWithColon.toCharArray());
        fail("Password with colon should be rejected");
    } catch (IllegalArgumentException e) {
    // pass
    }
}
Also used : UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) File(java.io.File) UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) Principal(java.security.Principal)

Example 30 with UsernamePrincipal

use of org.apache.qpid.server.security.auth.UsernamePrincipal in project qpid-broker-j by apache.

the class ExternalAuthenticationManagerTest method testAuthenticatePrincipalCnAndDc.

public void testAuthenticatePrincipalCnAndDc() throws Exception {
    X500Principal principal = new X500Principal("CN=person, DC=example, DC=com");
    UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person@example.com", _manager);
    when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
    SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings, null);
    AuthenticationResult result = negotiator.handleResponse(new byte[0]);
    assertNotNull(result);
    assertEquals("Expected authentication to be successful", AuthenticationResult.AuthenticationStatus.SUCCESS, result.getStatus());
    assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
    assertEquals("person@example.com", result.getMainPrincipal().getName());
}
Also used : UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) X500Principal(javax.security.auth.x500.X500Principal) SaslNegotiator(org.apache.qpid.server.security.auth.sasl.SaslNegotiator) AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult)

Aggregations

UsernamePrincipal (org.apache.qpid.server.security.auth.UsernamePrincipal)33 AuthenticationResult (org.apache.qpid.server.security.auth.AuthenticationResult)13 AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)9 Principal (java.security.Principal)8 IOException (java.io.IOException)7 Subject (javax.security.auth.Subject)7 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)6 InputStream (java.io.InputStream)6 HttpURLConnection (java.net.HttpURLConnection)6 URL (java.net.URL)6 GeneralSecurityException (java.security.GeneralSecurityException)6 Map (java.util.Map)6 TrustStore (org.apache.qpid.server.model.TrustStore)6 IdentityResolverException (org.apache.qpid.server.security.auth.manager.oauth2.IdentityResolverException)6 ConnectionBuilder (org.apache.qpid.server.util.ConnectionBuilder)6 ServerScopedRuntimeException (org.apache.qpid.server.util.ServerScopedRuntimeException)6 X500Principal (javax.security.auth.x500.X500Principal)5 SaslNegotiator (org.apache.qpid.server.security.auth.sasl.SaslNegotiator)5 SubjectCreator (org.apache.qpid.server.security.SubjectCreator)4 EventLogger (org.apache.qpid.server.logging.EventLogger)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial