Search in sources :

Example 1 with RoleUserAuthorityGranter

use of org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter in project ranger by apache.

the class RangerAuthenticationProvider method getUnixAuthentication.

public Authentication getUnixAuthentication(Authentication authentication) {
    try {
        String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
        DefaultJaasAuthenticationProvider jaasAuthenticationProvider = new DefaultJaasAuthenticationProvider();
        String loginModuleName = "org.apache.ranger.authentication.unix.jaas.RemoteUnixLoginModule";
        LoginModuleControlFlag controlFlag = LoginModuleControlFlag.REQUIRED;
        Map<String, String> options = PropertiesUtil.getPropertiesMap();
        AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(loginModuleName, controlFlag, options);
        AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[] { appConfigurationEntry };
        Map<String, AppConfigurationEntry[]> appConfigurationEntriesOptions = new HashMap<String, AppConfigurationEntry[]>();
        appConfigurationEntriesOptions.put("SPRINGSECURITY", appConfigurationEntries);
        Configuration configuration = new InMemoryConfiguration(appConfigurationEntriesOptions);
        jaasAuthenticationProvider.setConfiguration(configuration);
        RoleUserAuthorityGranter authorityGranter = new RoleUserAuthorityGranter();
        RoleUserAuthorityGranter[] authorityGranters = new RoleUserAuthorityGranter[] { authorityGranter };
        jaasAuthenticationProvider.setAuthorityGranters(authorityGranters);
        jaasAuthenticationProvider.afterPropertiesSet();
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        // getting user authenticated
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = jaasAuthenticationProvider.authenticate(finalAuthentication);
            authentication = getAuthenticationWithGrantedAuthority(authentication);
            return authentication;
        } else {
            return authentication;
        }
    } catch (Exception e) {
        logger.debug("Unix Authentication Failed:", e);
    }
    return authentication;
}
Also used : DefaultJaasAuthenticationProvider(org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider) RoleUserAuthorityGranter(org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter) User(org.springframework.security.core.userdetails.User) Configuration(javax.security.auth.login.Configuration) InMemoryConfiguration(org.springframework.security.authentication.jaas.memory.InMemoryConfiguration) HashMap(java.util.HashMap) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.security.core.AuthenticationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) UserDetails(org.springframework.security.core.userdetails.UserDetails) InMemoryConfiguration(org.springframework.security.authentication.jaas.memory.InMemoryConfiguration) LoginModuleControlFlag(javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag) Authentication(org.springframework.security.core.Authentication)

Example 2 with RoleUserAuthorityGranter

use of org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter in project ranger by apache.

the class RangerAuthenticationProvider method getPamAuthentication.

public Authentication getPamAuthentication(Authentication authentication) {
    try {
        String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
        DefaultJaasAuthenticationProvider jaasAuthenticationProvider = new DefaultJaasAuthenticationProvider();
        String loginModuleName = "org.apache.ranger.authentication.unix.jaas.PamLoginModule";
        LoginModuleControlFlag controlFlag = LoginModuleControlFlag.REQUIRED;
        Map<String, String> options = PropertiesUtil.getPropertiesMap();
        if (!options.containsKey("ranger.pam.service"))
            options.put("ranger.pam.service", "ranger-admin");
        AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(loginModuleName, controlFlag, options);
        AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[] { appConfigurationEntry };
        Map<String, AppConfigurationEntry[]> appConfigurationEntriesOptions = new HashMap<String, AppConfigurationEntry[]>();
        appConfigurationEntriesOptions.put("SPRINGSECURITY", appConfigurationEntries);
        Configuration configuration = new InMemoryConfiguration(appConfigurationEntriesOptions);
        jaasAuthenticationProvider.setConfiguration(configuration);
        RoleUserAuthorityGranter authorityGranter = new RoleUserAuthorityGranter();
        RoleUserAuthorityGranter[] authorityGranters = new RoleUserAuthorityGranter[] { authorityGranter };
        jaasAuthenticationProvider.setAuthorityGranters(authorityGranters);
        jaasAuthenticationProvider.afterPropertiesSet();
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        // getting user authenticated
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = new ArrayList<>();
            grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = jaasAuthenticationProvider.authenticate(finalAuthentication);
            authentication = getAuthenticationWithGrantedAuthority(authentication);
            return authentication;
        } else {
            return authentication;
        }
    } catch (Exception e) {
        logger.debug("Pam Authentication Failed:", e);
    }
    return authentication;
}
Also used : DefaultJaasAuthenticationProvider(org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider) RoleUserAuthorityGranter(org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter) User(org.springframework.security.core.userdetails.User) Configuration(javax.security.auth.login.Configuration) InMemoryConfiguration(org.springframework.security.authentication.jaas.memory.InMemoryConfiguration) HashMap(java.util.HashMap) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.security.core.AuthenticationException) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) UserDetails(org.springframework.security.core.userdetails.UserDetails) InMemoryConfiguration(org.springframework.security.authentication.jaas.memory.InMemoryConfiguration) LoginModuleControlFlag(javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag) Authentication(org.springframework.security.core.Authentication)

Aggregations

ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)2 LoginModuleControlFlag (javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag)2 Configuration (javax.security.auth.login.Configuration)2 RoleUserAuthorityGranter (org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter)2 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)2 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2 DefaultJaasAuthenticationProvider (org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider)2 InMemoryConfiguration (org.springframework.security.authentication.jaas.memory.InMemoryConfiguration)2 Authentication (org.springframework.security.core.Authentication)2 AuthenticationException (org.springframework.security.core.AuthenticationException)2 GrantedAuthority (org.springframework.security.core.GrantedAuthority)2 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)2 User (org.springframework.security.core.userdetails.User)2 UserDetails (org.springframework.security.core.userdetails.UserDetails)2