Example 1 with GroupPrincipal
use of org.apache.qpid.server.security.group.GroupPrincipal in project qpid-broker-j by apache.
the class UserPreferencesTest method setUp.
@Override
public void setUp() throws Exception {
super.setUp();
_configuredObject = mock(ConfiguredObject.class);
_preferenceStore = mock(PreferenceStore.class);
_preferenceTaskExecutor = new CurrentThreadTaskExecutor();
_preferenceTaskExecutor.start();
_userPreferences = new UserPreferencesImpl(_preferenceTaskExecutor, _configuredObject, _preferenceStore, Collections.<Preference>emptyList());
_groupPrincipal = new GroupPrincipal(MYGROUP, (GroupProvider) null);
_owner = new AuthenticatedPrincipal(new UsernamePrincipal(MYUSER, null));
_subject = new Subject(true, Sets.newHashSet(_owner, _groupPrincipal), Collections.emptySet(), Collections.emptySet());
_testId = UUID.randomUUID();
}
Also used :
UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal)
GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal)
CurrentThreadTaskExecutor(org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor)
ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject)
GroupProvider(org.apache.qpid.server.model.GroupProvider)
PreferenceStore(org.apache.qpid.server.store.preferences.PreferenceStore)
Subject(javax.security.auth.Subject)
AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)
Example 2 with GroupPrincipal
use of org.apache.qpid.server.security.group.GroupPrincipal in project qpid-broker-j by apache.
the class SimpleLDAPAuthenticationManagerImpl method findGroups.
private Set<Principal> findGroups(DirContext context, String userDN) throws NamingException {
Set<Principal> groupPrincipals = new HashSet<>();
if (getGroupAttributeName() != null && !"".equals(getGroupAttributeName())) {
Attributes attributes = context.getAttributes(userDN, new String[] { getGroupAttributeName() });
NamingEnumeration<? extends Attribute> namingEnum = attributes.getAll();
while (namingEnum.hasMore()) {
Attribute attribute = namingEnum.next();
if (attribute != null) {
NamingEnumeration<?> attributeValues = attribute.getAll();
while (attributeValues.hasMore()) {
Object attributeValue = attributeValues.next();
if (attributeValue != null) {
String groupDN = String.valueOf(attributeValue);
groupPrincipals.add(new GroupPrincipal(groupDN, this));
}
}
}
}
}
if (getGroupSearchContext() != null && !"".equals(getGroupSearchContext()) && getGroupSearchFilter() != null && !"".equals(getGroupSearchFilter())) {
SearchControls searchControls = new SearchControls();
searchControls.setReturningAttributes(new String[] {});
searchControls.setSearchScope(isGroupSubtreeSearchScope() ? SearchControls.SUBTREE_SCOPE : SearchControls.ONELEVEL_SCOPE);
NamingEnumeration<?> groupEnumeration = context.search(getGroupSearchContext(), getGroupSearchFilter(), new String[] { encode(userDN) }, searchControls);
while (groupEnumeration.hasMore()) {
SearchResult result = (SearchResult) groupEnumeration.next();
String groupDN = result.getNameInNamespace();
groupPrincipals.add(new GroupPrincipal(groupDN, this));
}
}
return groupPrincipals;
}
Also used :
Attribute(javax.naming.directory.Attribute)
GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal)
Attributes(javax.naming.directory.Attributes)
ConfiguredObject(org.apache.qpid.server.model.ConfiguredObject)
SearchControls(javax.naming.directory.SearchControls)
SearchResult(javax.naming.directory.SearchResult)
UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal)
GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Example 3 with GroupPrincipal
use of org.apache.qpid.server.security.group.GroupPrincipal in project qpid-broker-j by apache.
the class CloudFoundryDashboardManagementGroupProviderImpl method getGroupPrincipalsForUser.
@Override
public Set<Principal> getGroupPrincipalsForUser(Principal userPrincipal) {
if (!(userPrincipal instanceof OAuth2UserPrincipal)) {
return Collections.emptySet();
}
if (_serviceToManagementGroupMapping == null) {
throw new IllegalConfigurationException("CloudFoundryDashboardManagementGroupProvider serviceToManagementGroupMapping may not be null");
}
OAuth2UserPrincipal oauth2UserPrincipal = (OAuth2UserPrincipal) userPrincipal;
String accessToken = oauth2UserPrincipal.getAccessToken();
Set<Principal> groupPrincipals = new HashSet<>();
for (Map.Entry<String, String> entry : _serviceToManagementGroupMapping.entrySet()) {
String serviceInstanceId = entry.getKey();
String managementGroupName = entry.getValue();
if (mayManageServiceInstance(serviceInstanceId, accessToken)) {
LOGGER.debug("Adding group '{}' to the set of Principals", managementGroupName);
groupPrincipals.add(new GroupPrincipal(managementGroupName, this));
} else {
LOGGER.debug("CloudFoundryDashboardManagementEndpoint denied management permission for service instance '{}'", serviceInstanceId);
}
}
return groupPrincipals;
}
Also used :
OAuth2UserPrincipal(org.apache.qpid.server.security.auth.manager.oauth2.OAuth2UserPrincipal)
GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
Map(java.util.Map)
GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal)
OAuth2UserPrincipal(org.apache.qpid.server.security.auth.manager.oauth2.OAuth2UserPrincipal)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Example 4 with GroupPrincipal
use of org.apache.qpid.server.security.group.GroupPrincipal in project qpid-broker-j by apache.
the class AuthIdentityConnectionPropertyEnricher method addConnectionProperties.
@Override
public Map<String, Object> addConnectionProperties(final AMQPConnection<?> connection, final Map<String, Object> existingProperties) {
Map<String, Object> modifiedProperties = new LinkedHashMap<>(existingProperties);
final Principal principal = connection.getAuthorizedPrincipal();
if (principal != null) {
GenericPrincipal genericPrincipal = new GenericPrincipal((QpidPrincipal) principal);
Map<String, String> claims = new LinkedHashMap<>();
claims.put("sub", genericPrincipal.toExternalForm());
claims.put("preferred_username", genericPrincipal.getName());
modifiedProperties.put("authenticated-identity", claims);
}
Set<GroupPrincipal> groups = connection.getSubject().getPrincipals(GroupPrincipal.class);
List<String> groupNames = groups.stream().map(GroupPrincipal::getName).collect(Collectors.toList());
modifiedProperties.put("groups", groupNames);
return Collections.unmodifiableMap(modifiedProperties);
}
Also used :
GenericPrincipal(org.apache.qpid.server.model.preferences.GenericPrincipal)
GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal)
GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal)
GenericPrincipal(org.apache.qpid.server.model.preferences.GenericPrincipal)
QpidPrincipal(org.apache.qpid.server.security.QpidPrincipal)
Principal(java.security.Principal)
LinkedHashMap(java.util.LinkedHashMap)
Example 5 with GroupPrincipal
use of org.apache.qpid.server.security.group.GroupPrincipal in project qpid-broker-j by apache.
the class TestPrincipalUtils method createTestSubject.
/**
* Creates a test subject, with exactly one {@link AuthenticatedPrincipal} and zero or more GroupPrincipals.
*/
public static Subject createTestSubject(final String username, final String... groups) {
final Set<Principal> principals = new HashSet<Principal>(1 + groups.length);
principals.add(new AuthenticatedPrincipal(new UsernamePrincipal(username, TEST_AUTH_PROVIDER)));
for (String group : groups) {
principals.add(new GroupPrincipal(group, TEST_AUTH_PROVIDER));
}
return new Subject(false, principals, Collections.EMPTY_SET, Collections.EMPTY_SET);
}
Also used :
GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal)
GroupPrincipal(org.apache.qpid.server.security.group.GroupPrincipal)
Principal(java.security.Principal)
Subject(javax.security.auth.Subject)
HashSet(java.util.HashSet)
Aggregations
GroupPrincipal (org.apache.qpid.server.security.group.GroupPrincipal)5
Principal (java.security.Principal)4
HashSet (java.util.HashSet)3
Subject (javax.security.auth.Subject)2
ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)2
UsernamePrincipal (org.apache.qpid.server.security.auth.UsernamePrincipal)2
LinkedHashMap (java.util.LinkedHashMap)1
Map (java.util.Map)1
Attribute (javax.naming.directory.Attribute)1
Attributes (javax.naming.directory.Attributes)1
SearchControls (javax.naming.directory.SearchControls)1
SearchResult (javax.naming.directory.SearchResult)1
IllegalConfigurationException (org.apache.qpid.server.configuration.IllegalConfigurationException)1
CurrentThreadTaskExecutor (org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor)1
GroupProvider (org.apache.qpid.server.model.GroupProvider)1
GenericPrincipal (org.apache.qpid.server.model.preferences.GenericPrincipal)1
QpidPrincipal (org.apache.qpid.server.security.QpidPrincipal)1
AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)1
OAuth2UserPrincipal (org.apache.qpid.server.security.auth.manager.oauth2.OAuth2UserPrincipal)1
PreferenceStore (org.apache.qpid.server.store.preferences.PreferenceStore)1
