Examples with SimpleAccount - org.apache.shiro.authc.SimpleAccount

Example 1 with SimpleAccount

use of org.apache.shiro.authc.SimpleAccount in project ART-TIME by Artezio.

the class AdminRealmTest method testdoGetAuthenticationInfo.

@Test
public void testdoGetAuthenticationInfo() {
    Settings settings = new Settings(new EnumMap<>(Setting.Name.class));
    settings.setAdminUsername("admin");
    AuthenticationToken token = new UsernamePasswordToken("admin", new char[] {});
    PowerMock.mockStatic(CDIUtils.class);
    expect(CDIUtils.getBean(SettingsService.class)).andReturn(settingsService);
    expect(settingsService.getSettings()).andReturn(settings);
    PowerMock.replayAll(CDIUtils.class, settingsService);
    AuthenticationInfo actual = adminRealm.doGetAuthenticationInfo(token);
    PowerMock.verifyAll();
    assertNotNull(actual);
    assertTrue(actual instanceof SimpleAccount);
}

Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) Settings(com.artezio.arttime.config.Settings) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 2 with SimpleAccount

use of org.apache.shiro.authc.SimpleAccount in project ART-TIME by Artezio.

the class AdminRealmTest method testDoGetAuthorizationInfo.

@Test
public void testDoGetAuthorizationInfo() {
    Settings settings = new Settings(new EnumMap<>(Setting.Name.class));
    settings.setAdminUsername("admin");
    PrincipalCollection principalCollection = new SimplePrincipalCollection("admin", "realm");
    PowerMock.mockStatic(CDIUtils.class);
    expect(CDIUtils.getBean(SettingsService.class)).andReturn(settingsService);
    expect(settingsService.getSettings()).andReturn(settings);
    PowerMock.replayAll(CDIUtils.class, settingsService);
    AuthorizationInfo actual = adminRealm.doGetAuthorizationInfo(principalCollection);
    PowerMock.verifyAll();
    assertNotNull(actual);
    assertTrue(actual instanceof SimpleAccount);
}

Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo) Settings(com.artezio.arttime.config.Settings) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 3 with SimpleAccount

use of org.apache.shiro.authc.SimpleAccount in project ART-TIME by Artezio.

the class AdminRealmTest method testGetAccount_ifLoggedUserIsAdmin.

@Test
public void testGetAccount_ifLoggedUserIsAdmin() {
    Settings settings = new Settings(new EnumMap<>(Setting.Name.class));
    settings.setAdminUsername("admin");
    SimpleAccount actual = adminRealm.getAccount("admin", settings);
    assertNotNull(actual);
}

Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) Settings(com.artezio.arttime.config.Settings) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 4 with SimpleAccount

use of org.apache.shiro.authc.SimpleAccount in project graylog2-server by Graylog2.

the class BearerTokenRealm method toAuthenticationInfo.

private AuthenticationInfo toAuthenticationInfo(AuthServiceResult result) {
    String realmName = NAME + "/" + result.backendType();
    @SuppressWarnings("ConstantConditions") final SimplePrincipalCollection principals = new SimplePrincipalCollection(ImmutableList.of(result.userProfileId(), result.sessionAttributes()), realmName);
    return new SimpleAccount(principals, null, realmName);
}

Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)

Example 5 with SimpleAccount

use of org.apache.shiro.authc.SimpleAccount in project graylog2-server by Graylog2.

the class LdapUserAuthenticator method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authtoken) throws AuthenticationException {
    // safe, we only handle this type
    final UsernamePasswordToken token = (UsernamePasswordToken) authtoken;
    final LdapSettings ldapSettings = ldapSettingsService.load();
    if (ldapSettings == null || !ldapSettings.isEnabled()) {
        LOG.trace("LDAP is disabled, skipping");
        return null;
    }
    final LdapConnectionConfig config = new LdapConnectionConfig();
    config.setLdapHost(ldapSettings.getUri().getHost());
    config.setLdapPort(ldapSettings.getUri().getPort());
    config.setUseSsl(ldapSettings.getUri().getScheme().startsWith("ldaps"));
    config.setUseTls(ldapSettings.isUseStartTls());
    if (ldapSettings.isTrustAllCertificates()) {
        config.setTrustManagers(new TrustAllX509TrustManager());
    }
    config.setName(ldapSettings.getSystemUserName());
    config.setCredentials(ldapSettings.getSystemPassword());
    final String principal = (String) token.getPrincipal();
    final char[] tokenPassword = firstNonNull(token.getPassword(), new char[0]);
    final String password = String.valueOf(tokenPassword);
    // do not try to look a token up in LDAP if there is no principal or password
    if (isNullOrEmpty(principal) || isNullOrEmpty(password)) {
        LOG.debug("Principal or password were empty. Not trying to look up a token in LDAP.");
        return null;
    }
    try (final LdapNetworkConnection connection = ldapConnector.connect(config)) {
        if (null == connection) {
            LOG.error("Couldn't connect to LDAP directory");
            return null;
        }
        final LdapEntry userEntry = ldapConnector.search(connection, ldapSettings.getSearchBase(), ldapSettings.getSearchPattern(), ldapSettings.getDisplayNameAttribute(), principal, ldapSettings.isActiveDirectory(), ldapSettings.getGroupSearchBase(), ldapSettings.getGroupIdAttribute(), ldapSettings.getGroupSearchPattern());
        if (userEntry == null) {
            LOG.debug("User {} not found in LDAP", principal);
            return null;
        }
        // needs to use the DN of the entry, not the parameter for the lookup filter we used to find the entry!
        final boolean authenticated = ldapConnector.authenticate(connection, userEntry.getDn(), password);
        if (!authenticated) {
            LOG.info("Invalid credentials for user {} (DN {})", principal, userEntry.getDn());
            return null;
        }
        // user found and authenticated, sync the user entry with mongodb
        final User user = syncFromLdapEntry(userEntry, ldapSettings, principal);
        if (user == null) {
            // in case there was an error reading, creating or modifying the user in mongodb, we do not authenticate the user.
            LOG.error("Unable to sync LDAP user {} (DN {})", userEntry.getBindPrincipal(), userEntry.getDn());
            return null;
        }
        return new SimpleAccount(principal, null, "ldap realm");
    } catch (LdapException e) {
        LOG.error("LDAP error", e);
    } catch (CursorException e) {
        LOG.error("Unable to read LDAP entry", e);
    } catch (Exception e) {
        LOG.error("Error during LDAP user account sync. Cannot log in user {}", principal, e);
    }
    // Return null by default to ensure a login failure if anything goes wrong.
    return null;
}

Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) User(org.graylog2.plugin.database.users.User) LdapConnectionConfig(org.apache.directory.ldap.client.api.LdapConnectionConfig) LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) LdapNetworkConnection(org.apache.directory.ldap.client.api.LdapNetworkConnection) TrustAllX509TrustManager(org.graylog2.security.TrustAllX509TrustManager) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) NotFoundException(org.graylog2.database.NotFoundException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) ValidationException(org.graylog2.plugin.database.ValidationException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapSettings(org.graylog2.shared.security.ldap.LdapSettings)

Aggregations

SimpleAccount (org.apache.shiro.authc.SimpleAccount)18 Test (org.junit.Test)6 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)6 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)5 Settings (com.artezio.arttime.config.Settings)4 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)3 AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3 User (org.graylog2.plugin.database.users.User)3 Project (com.artezio.arttime.datamodel.Project)2 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)2 ValidationException (org.graylog2.plugin.database.ValidationException)2 User (io.nutz.demo.simple.bean.User)1 ParseException (java.text.ParseException)1 ArrayList (java.util.ArrayList)1 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1 LdapConnectionConfig (org.apache.directory.ldap.client.api.LdapConnectionConfig)1 LdapNetworkConnection (org.apache.directory.ldap.client.api.LdapNetworkConnection)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1