Example 16 with SimpleAuthenticationInfo
use of org.apache.shiro.authc.SimpleAuthenticationInfo in project ddf by codice.
the class OidcRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// token is guaranteed to be of type OidcAuthenticationToken by the supports() method
OidcAuthenticationToken oidcAuthenticationToken = (OidcAuthenticationToken) authenticationToken;
OidcCredentials credentials = (OidcCredentials) oidcAuthenticationToken.getCredentials();
OidcConfiguration oidcConfiguration = oidcHandlerConfiguration.getOidcConfiguration();
OIDCProviderMetadata oidcProviderMetadata = oidcConfiguration.findProviderMetadata();
WebContext webContext = (WebContext) oidcAuthenticationToken.getContext();
OidcClient<OidcConfiguration> oidcClient = oidcHandlerConfiguration.getOidcClient(webContext.getFullRequestURL());
int connectTimeout = oidcHandlerConfiguration.getConnectTimeout();
int readTimeout = oidcHandlerConfiguration.getReadTimeout();
try {
OidcCredentialsResolver oidcCredentialsResolver = new OidcCredentialsResolver(oidcConfiguration, oidcClient, oidcProviderMetadata, connectTimeout, readTimeout);
oidcCredentialsResolver.resolveIdToken(credentials, webContext);
} catch (TechnicalException e) {
throw new AuthenticationException(e);
}
// problem getting id token, invalidate credentials
if (credentials.getIdToken() == null) {
webContext.getSessionStore().destroySession(webContext);
String msg = String.format("Could not fetch id token with Oidc credentials (%s). " + "This may be due to the credentials expiring. " + "Invalidating session in order to acquire valid credentials.", credentials);
LOGGER.warn(msg);
throw new AuthenticationException(msg);
}
OidcProfileCreator oidcProfileCreator = new CustomOidcProfileCreator(oidcConfiguration, oidcClient);
Optional<UserProfile> userProfile = oidcProfileCreator.create(credentials, webContext);
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
simpleAuthenticationInfo.setCredentials(credentials);
if (userProfile.isPresent()) {
OidcProfile oidcProfile = (OidcProfile) userProfile.get();
simpleAuthenticationInfo.setPrincipals(createPrincipalCollectionFromCredentials(oidcProfile));
} else {
simpleAuthenticationInfo.setPrincipals(new SimplePrincipalCollection());
}
return simpleAuthenticationInfo;
}
Also used :
WebContext(org.pac4j.core.context.WebContext)
TechnicalException(org.pac4j.core.exception.TechnicalException)
UserProfile(org.pac4j.core.profile.UserProfile)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
OidcAuthenticationToken(org.codice.ddf.security.handler.OidcAuthenticationToken)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
OidcCredentialsResolver(org.codice.ddf.security.oidc.resolver.OidcCredentialsResolver)
OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration)
OidcCredentials(org.pac4j.oidc.credentials.OidcCredentials)
OidcProfileCreator(org.pac4j.oidc.profile.creator.OidcProfileCreator)
OidcProfile(org.pac4j.oidc.profile.OidcProfile)
OIDCProviderMetadata(com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata)
Example 17 with SimpleAuthenticationInfo
use of org.apache.shiro.authc.SimpleAuthenticationInfo in project ddf by codice.
the class SamlRealm method doGetAuthenticationInfo.
/**
* Perform authentication based on the supplied token.
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
Object credential = null;
// perform validation
if (token instanceof SAMLAuthenticationToken) {
try {
samlAssertionValidator.validate((SAMLAuthenticationToken) token);
credential = token.getCredentials();
} catch (AuthenticationFailureException e) {
String msg = "Unable to validate request's authentication.";
LOGGER.info(msg);
throw new AuthenticationException(msg, e);
}
}
if (credential == null) {
String msg = "Unable to authenticate credential. A NULL credential was provided in the supplied authentication token. This may be due to an error with the SSO server that created the token.";
LOGGER.info(msg);
throw new AuthenticationException(msg);
}
LOGGER.debug("Received credentials.");
LOGGER.debug("Creating token authentication information with SAML.");
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
Element securityToken = checkForSecurityToken(credential);
SimplePrincipalCollection principals = createPrincipalFromToken(securityToken);
simpleAuthenticationInfo.setPrincipals(principals);
simpleAuthenticationInfo.setCredentials(credential);
return simpleAuthenticationInfo;
}
Also used :
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
Element(org.w3c.dom.Element)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
AuthenticationFailureException(org.codice.ddf.platform.filter.AuthenticationFailureException)
SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken)
Example 18 with SimpleAuthenticationInfo
use of org.apache.shiro.authc.SimpleAuthenticationInfo in project ddf by codice.
the class UsernamePasswordRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String credentials = (String) token.getCredentials();
String[] userpass = credentials.split(":");
if (userpass.length != 2) {
throw new AuthenticationException("Credentials were not in the correct format.");
}
String user = new String(Base64.getDecoder().decode(userpass[0]), StandardCharsets.UTF_8);
String pass = new String(Base64.getDecoder().decode(userpass[1]), StandardCharsets.UTF_8);
Subject subject = null;
for (JaasRealm jaasRealm : realmList) {
try {
subject = login(user, pass, jaasRealm.getName());
LOGGER.trace("Login succeeded for {} against realm {}", user, jaasRealm.getName());
break;
} catch (LoginException e) {
LOGGER.trace("Login failed for {} against realm {}", user, jaasRealm.getName());
}
}
if (subject != null) {
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
SimplePrincipalCollection principalCollection = createPrincipalCollectionFromSubject(subject);
simpleAuthenticationInfo.setPrincipals(principalCollection);
simpleAuthenticationInfo.setCredentials(credentials);
return simpleAuthenticationInfo;
}
throw new AuthenticationException("Login failed for user: " + user);
}
Also used :
JaasRealm(org.apache.karaf.jaas.config.JaasRealm)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
LoginException(javax.security.auth.login.LoginException)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Subject(javax.security.auth.Subject)
Example 19 with SimpleAuthenticationInfo
use of org.apache.shiro.authc.SimpleAuthenticationInfo in project ddf by codice.
the class AbstractStsRealm method doGetAuthenticationInfo.
/**
* Perform authentication based on the supplied token.
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
String method = "doGetAuthenticationInfo( AuthenticationToken token )";
Object credential;
if (token instanceof SAMLAuthenticationToken) {
credential = token.getCredentials();
} else if (token instanceof BaseAuthenticationToken) {
credential = ((BaseAuthenticationToken) token).getCredentialsAsXMLString();
} else {
credential = token.getCredentials().toString();
}
if (credential == null) {
String msg = "Unable to authenticate credential. A NULL credential was provided in the supplied authentication token. This may be due to an error with the SSO server that created the token.";
LOGGER.info(msg);
throw new AuthenticationException(msg);
} else {
//removed the credentials from the log message for now, I don't think we should be dumping user/pass into log
LOGGER.debug("Received credentials.");
}
SecurityToken securityToken;
if (token instanceof SAMLAuthenticationToken && credential instanceof SecurityToken) {
securityToken = renewSecurityToken((SecurityToken) credential);
} else {
securityToken = requestSecurityToken(credential);
}
LOGGER.debug("Creating token authentication information with SAML.");
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
SimplePrincipalCollection principals = new SimplePrincipalCollection();
SecurityAssertion assertion = new SecurityAssertionImpl(securityToken);
principals.add(assertion.getPrincipal(), NAME);
principals.add(assertion, NAME);
simpleAuthenticationInfo.setPrincipals(principals);
simpleAuthenticationInfo.setCredentials(credential);
return simpleAuthenticationInfo;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken)
SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)
Example 20 with SimpleAuthenticationInfo
use of org.apache.shiro.authc.SimpleAuthenticationInfo in project bamboobsc by billchen198318.
the class GreenStepBaseAuthorizingRealm method doGetAuthenticationInfo.
/**
* 認證
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
GreenStepBaseUsernamePasswordToken token = (GreenStepBaseUsernamePasswordToken) authenticationToken;
String account = token.getUsername();
AccountVO accountObj = new AccountVO();
accountObj.setAccount(account);
try {
DefaultResult<AccountVO> result = accountService.findByUK(accountObj);
if (result.getValue() == null) {
return null;
}
accountObj = result.getValue();
return new SimpleAuthenticationInfo(accountObj.getAccount(), accountObj.getPassword(), this.getName());
} catch (ServiceException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
Also used :
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
ServiceException(com.netsteadfast.greenstep.base.exception.ServiceException)
AccountVO(com.netsteadfast.greenstep.vo.AccountVO)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
ServiceException(com.netsteadfast.greenstep.base.exception.ServiceException)
Aggregations
SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)39
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)15
AuthenticationException (org.apache.shiro.authc.AuthenticationException)12
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)9
AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)5
AccountException (org.apache.shiro.authc.AccountException)4
Hash (org.apache.shiro.crypto.hash.Hash)4
Test (org.junit.Test)4
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)3
LockedAccountException (org.apache.shiro.authc.LockedAccountException)3
UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)3
HashRequest (org.apache.shiro.crypto.hash.HashRequest)3
PAM (org.jvnet.libpam.PAM)3
PAMException (org.jvnet.libpam.PAMException)3
UnixUser (org.jvnet.libpam.UnixUser)3
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)2
ByteSource (org.apache.shiro.util.ByteSource)2
UserDO (cn.dubidubi.model.base.UserDO)1
TbUser (cn.exrick.manager.pojo.TbUser)1
PmphUser (com.bc.pmpheep.back.po.PmphUser)1
