Examples with AuthenticationInfo - org.apache.shiro.authc.AuthenticationInfo

Example 1 with AuthenticationInfo

use of org.apache.shiro.authc.AuthenticationInfo in project killbill by killbill.

the class ModularRealmAuthenticatorWith540 method doMultiRealmAuthentication.

/**
     * Performs the multi-realm authentication attempt by calling back to a {@link AuthenticationStrategy} object
     * as each realm is consulted for {@code AuthenticationInfo} for the specified {@code token}.
     *
     * @param realms the multiple realms configured on this Authenticator instance.
     * @param token  the submitted AuthenticationToken representing the subject's (user's) log-in principals and credentials.
     * @return an aggregated AuthenticationInfo instance representing account data across all the successfully
     * consulted realms.
     */
protected AuthenticationInfo doMultiRealmAuthentication(final Collection<Realm> realms, final AuthenticationToken token) {
    final AuthenticationStrategy strategy = getAuthenticationStrategy();
    AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
    if (log.isTraceEnabled()) {
        log.trace("Iterating through {} realms for PAM authentication", realms.size());
    }
    for (final Realm realm : realms) {
        aggregate = strategy.beforeAttempt(realm, token, aggregate);
        if (realm.supports(token)) {
            log.trace("Attempting to authenticate token [{}] using realm [{}]", token, realm);
            AuthenticationInfo info = null;
            Throwable t = null;
            try {
                info = realm.getAuthenticationInfo(token);
            } catch (final Throwable throwable) {
                t = throwable;
                if (log.isDebugEnabled()) {
                    final String msg = "Realm [" + realm + "] threw an exception during a multi-realm authentication attempt:";
                    log.debug(msg, t);
                }
            }
            aggregate = strategy.afterAttempt(realm, token, info, aggregate, t);
            if (strategy instanceof FirstSuccessfulStrategyWith540) {
                // check if we should check the next realm, or just stop here.
                if (!((FirstSuccessfulStrategyWith540) strategy).continueAfterAttempt(info, aggregate, t)) {
                    log.trace("Will not consult any other realms for authentication, last realm [{}].", realm);
                    break;
                }
            }
        } else {
            log.debug("Realm [{}] does not support token {}.  Skipping realm.", realm, token);
        }
    }
    aggregate = strategy.afterAllAttempts(token, aggregate);
    return aggregate;
}

Also used : FirstSuccessfulStrategyWith540(org.killbill.billing.server.security.FirstSuccessfulStrategyWith540) Realm(org.apache.shiro.realm.Realm) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)

Example 2 with AuthenticationInfo

use of org.apache.shiro.authc.AuthenticationInfo in project neo4j by neo4j.

the class PluginRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (token instanceof ShiroAuthToken) {
        try {
            AuthToken pluginAuthToken = PluginApiAuthToken.createFromMap(((ShiroAuthToken) token).getAuthTokenMap());
            if (authPlugin != null) {
                AuthInfo authInfo = authPlugin.authenticateAndAuthorize(pluginAuthToken);
                if (authInfo != null) {
                    PluginAuthInfo pluginAuthInfo = PluginAuthInfo.createCacheable(authInfo, getName(), secureHasher);
                    cacheAuthorizationInfo(pluginAuthInfo);
                    return pluginAuthInfo;
                }
            } else if (authenticationPlugin != null) {
                org.neo4j.server.security.enterprise.auth.plugin.spi.AuthenticationInfo authenticationInfo = authenticationPlugin.authenticate(pluginAuthToken);
                if (authenticationInfo != null) {
                    return PluginAuthenticationInfo.createCacheable(authenticationInfo, getName(), secureHasher);
                }
            }
        } catch (org.neo4j.server.security.enterprise.auth.plugin.api.AuthenticationException | InvalidAuthTokenException e) {
            throw new AuthenticationException(e.getMessage(), e.getCause());
        }
    }
    return null;
}

Also used : AuthInfo(org.neo4j.server.security.enterprise.auth.plugin.spi.AuthInfo) AuthenticationException(org.apache.shiro.authc.AuthenticationException) ShiroAuthToken(org.neo4j.server.security.enterprise.auth.ShiroAuthToken) ShiroAuthToken(org.neo4j.server.security.enterprise.auth.ShiroAuthToken) AuthToken(org.neo4j.server.security.enterprise.auth.plugin.api.AuthToken) CustomCacheableAuthenticationInfo(org.neo4j.server.security.enterprise.auth.plugin.spi.CustomCacheableAuthenticationInfo) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)

Example 3 with AuthenticationInfo

use of org.apache.shiro.authc.AuthenticationInfo in project killbill by killbill.

the class TestKillBillJndiLdapRealm method testCheckLDAPConnection.

@Test(groups = "external", enabled = false)
public void testCheckLDAPConnection() throws Exception {
    // Convenience method to verify your LDAP connectivity
    final Properties props = new Properties();
    props.setProperty("org.killbill.security.ldap.userDnTemplate", "uid={0},ou=users,dc=mycompany,dc=com");
    props.setProperty("org.killbill.security.ldap.searchBase", "ou=groups,dc=mycompany,dc=com");
    props.setProperty("org.killbill.security.ldap.groupSearchFilter", "memberOf=uid={0},ou=users,dc=mycompany,dc=com");
    props.setProperty("org.killbill.security.ldap.groupNameId", "cn");
    props.setProperty("org.killbill.security.ldap.url", "ldap://ldap:389");
    props.setProperty("org.killbill.security.ldap.disableSSLCheck", "true");
    props.setProperty("org.killbill.security.ldap.systemUsername", "cn=root");
    props.setProperty("org.killbill.security.ldap.systemPassword", "password");
    props.setProperty("org.killbill.security.ldap.authenticationMechanism", "simple");
    props.setProperty("org.killbill.security.ldap.permissionsByGroup", "support-group: entitlement:*\n" + "finance-group: invoice:*, payment:*\n" + "ops-group: *:*");
    final ConfigSource customConfigSource = new SimplePropertyConfigSource(props);
    final SecurityConfig securityConfig = new ConfigurationObjectFactory(customConfigSource).build(SecurityConfig.class);
    final KillBillJndiLdapRealm ldapRealm = new KillBillJndiLdapRealm(securityConfig);
    final String username = "pierre";
    final String password = "password";
    // Check authentication
    final UsernamePasswordToken token = new UsernamePasswordToken(username, password);
    final AuthenticationInfo authenticationInfo = ldapRealm.getAuthenticationInfo(token);
    System.out.println(authenticationInfo);
    // Check permissions
    final SimplePrincipalCollection principals = new SimplePrincipalCollection(username, username);
    final AuthorizationInfo authorizationInfo = ldapRealm.queryForAuthorizationInfo(principals, ldapRealm.getContextFactory());
    System.out.println("Roles: " + authorizationInfo.getRoles());
    System.out.println("Permissions: " + authorizationInfo.getStringPermissions());
}

Also used : SimplePropertyConfigSource(org.skife.config.SimplePropertyConfigSource) ConfigSource(org.skife.config.ConfigSource) SimplePropertyConfigSource(org.skife.config.SimplePropertyConfigSource) SecurityConfig(org.killbill.billing.util.config.definition.SecurityConfig) ConfigurationObjectFactory(org.skife.config.ConfigurationObjectFactory) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) Properties(java.util.Properties) AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.testng.annotations.Test)

Example 4 with AuthenticationInfo

use of org.apache.shiro.authc.AuthenticationInfo in project ddf by codice.

the class SecurityManagerImplTest method testAuthToken.

/**
     * Creates mock objects and uses those to pass through the system when an authentication token
     * is used.
     *
     * @throws SecurityServiceException
     */
@Test
public void testAuthToken() throws SecurityServiceException {
    // mock setup
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    SecurityToken secToken = new SecurityToken();
    principals.add(secToken, REALM_NAME);
    AuthenticationToken authToken = mock(AuthenticationToken.class);
    when(authToken.getCredentials()).thenReturn("testUser");
    AuthenticationInfo info = mock(AuthenticationInfo.class);
    when(info.getPrincipals()).thenReturn(principals);
    // realm
    Realm realm = mock(Realm.class);
    when(realm.getAuthenticationInfo(authToken)).thenReturn(info);
    when(realm.supports(authToken)).thenReturn(Boolean.TRUE);
    when(realm.getName()).thenReturn(REALM_NAME);
    SecurityManagerImpl manager = new SecurityManagerImpl();
    manager.setRealms(Arrays.asList(new Realm[] { realm }));
    Subject subject = manager.getSubject(authToken);
    assertNotNull(subject);
}

Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) Realm(org.apache.shiro.realm.Realm) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) Subject(ddf.security.Subject) Test(org.junit.Test)

Example 5 with AuthenticationInfo

use of org.apache.shiro.authc.AuthenticationInfo in project zeppelin by apache.

the class PamRealmTest method testDoGetAuthenticationInfo.

@Test
public void testDoGetAuthenticationInfo() {
    PamRealm realm = new PamRealm();
    realm.setService("sshd");
    String pam_user = System.getenv("PAM_USER");
    String pam_pass = System.getenv("PAM_PASS");
    assumeTrue(pam_user != null);
    assumeTrue(pam_pass != null);
    // mock shiro auth token
    UsernamePasswordToken authToken = mock(UsernamePasswordToken.class);
    when(authToken.getUsername()).thenReturn(pam_user);
    when(authToken.getPassword()).thenReturn(pam_pass.toCharArray());
    when(authToken.getCredentials()).thenReturn(pam_pass);
    AuthenticationInfo authInfo = realm.doGetAuthenticationInfo(authToken);
    assertTrue(authInfo.getCredentials() != null);
}

Also used : AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Aggregations

AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)10 Test (org.junit.Test)5 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)4 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)3 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)3 Realm (org.apache.shiro.realm.Realm)3 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2 BaseAuthenticationToken (org.codice.ddf.security.handler.api.BaseAuthenticationToken)2 Ignore (org.junit.Ignore)2 InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)2 Test (org.testng.annotations.Test)2 Element (org.w3c.dom.Element)2 Subject (ddf.security.Subject)1 IOException (java.io.IOException)1 SocketTimeoutException (java.net.SocketTimeoutException)1 Properties (java.util.Properties)1 CommunicationException (javax.naming.CommunicationException)1 NamingException (javax.naming.NamingException)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 AuthorizationException (org.apache.shiro.authz.AuthorizationException)1