Example 66 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project ddf by codice.
the class GuestRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
BaseAuthenticationToken baseAuthenticationToken = (BaseAuthenticationToken) authenticationToken;
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
SimplePrincipalCollection principals = createPrincipalFromToken(baseAuthenticationToken);
simpleAuthenticationInfo.setPrincipals(principals);
simpleAuthenticationInfo.setCredentials(authenticationToken.getCredentials());
securityLogger.audit("Guest assertion generated for IP address: " + baseAuthenticationToken.getIpAddress());
return simpleAuthenticationInfo;
}
Also used :
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Example 67 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project ddf by codice.
the class GuestRealm method createPrincipalFromToken.
private SimplePrincipalCollection createPrincipalFromToken(BaseAuthenticationToken token) {
SimplePrincipalCollection principals = new SimplePrincipalCollection();
DefaultSecurityAssertionBuilder defaultSecurityAssertionBuilder = new DefaultSecurityAssertionBuilder();
Set<Map.Entry<URI, List<String>>> entries = claimsMap.entrySet();
AttributeStatementDefault attributeStatement = new AttributeStatementDefault();
for (Map.Entry<URI, List<String>> entry : entries) {
AttributeDefault attribute = new AttributeDefault();
attribute.setName(entry.getKey().toString());
for (String value : entry.getValue()) {
attribute.addValue(value);
}
attributeStatement.addAttribute(attribute);
}
defaultSecurityAssertionBuilder.addAttributeStatement(attributeStatement);
defaultSecurityAssertionBuilder.userPrincipal(new GuestPrincipal(token.getIpAddress()));
defaultSecurityAssertionBuilder.issuer("local");
defaultSecurityAssertionBuilder.notBefore(new Date());
// We don't really care how long it is "valid" for
defaultSecurityAssertionBuilder.notOnOrAfter(new Date(new Date().getTime() + 14400000L));
defaultSecurityAssertionBuilder.token(token);
defaultSecurityAssertionBuilder.tokenType(GUEST_TOKEN_TYPE);
SecurityAssertion securityAssertion = defaultSecurityAssertionBuilder.build();
Principal principal = securityAssertion.getPrincipal();
if (principal != null) {
principals.add(principal.getName(), getName());
}
principals.add(securityAssertion, getName());
return principals;
}
Also used :
DefaultSecurityAssertionBuilder(ddf.security.assertion.impl.DefaultSecurityAssertionBuilder)
AttributeDefault(ddf.security.assertion.impl.AttributeDefault)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
URI(java.net.URI)
Date(java.util.Date)
AttributeStatementDefault(ddf.security.assertion.impl.AttributeStatementDefault)
GuestPrincipal(ddf.security.principal.impl.GuestPrincipal)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Principal(java.security.Principal)
GuestPrincipal(ddf.security.principal.impl.GuestPrincipal)
Example 68 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project ddf by codice.
the class PKIRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
X500Principal principal = (X500Principal) token.getPrincipal();
X509Certificate[] certs = (X509Certificate[]) token.getCredentials();
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
SimplePrincipalCollection principalCollection = createPrincipalCollectionFromCertificate(principal);
simpleAuthenticationInfo.setPrincipals(principalCollection);
simpleAuthenticationInfo.setCredentials(certs);
return simpleAuthenticationInfo;
}
Also used :
SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo)
X500Principal(javax.security.auth.x500.X500Principal)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
X509Certificate(java.security.cert.X509Certificate)
Example 69 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project ddf by codice.
the class FilterPluginTest method setup.
@Before
public void setup() {
AuthorizingRealm realm = mock(AuthorizingRealm.class);
when(realm.getName()).thenReturn("mockRealm");
when(realm.isPermitted(any(PrincipalCollection.class), any(Permission.class))).then(makeDecision());
Collection<org.apache.shiro.realm.Realm> realms = new ArrayList<>();
realms.add(realm);
DefaultSecurityManager manager = new DefaultSecurityManager();
manager.setRealms(realms);
SimplePrincipalCollection principalCollection = new SimplePrincipalCollection(new Principal() {
@Override
public String getName() {
return "testuser";
}
}, realm.getName());
Subject systemSubject = new MockSubject(manager, principalCollection);
plugin = new FilterPlugin(new Security()) {
@Override
protected Subject getSystemSubject() {
return systemSubject;
}
};
plugin.setPermissions(new PermissionsImpl());
plugin.setSubjectOperations(new SubjectUtils());
plugin.setSecurityLogger(mock(SecurityLogger.class));
QueryRequestImpl request = getSampleRequest();
Map<String, Serializable> properties = new HashMap<>();
Subject subject = new MockSubject(manager, principalCollection);
properties.put(SecurityConstants.SECURITY_SUBJECT, subject);
request.setProperties(properties);
incomingResponse = new QueryResponseImpl(request);
ResourceRequest resourceRequest = mock(ResourceRequest.class);
when(resourceRequest.getProperties()).thenReturn(properties);
resourceResponse = new ResourceResponseImpl(resourceRequest, mock(Resource.class));
resourceResponse.setProperties(properties);
DeleteRequest deleteRequest = mock(DeleteRequest.class);
when(deleteRequest.getProperties()).thenReturn(properties);
List<Metacard> deletedMetacards = new ArrayList<>();
deletedMetacards.add(getExactRolesMetacard());
deleteResponse = new DeleteResponseImpl(deleteRequest, properties, deletedMetacards);
List<Metacard> badDeletedMetacards = new ArrayList<>();
badDeletedMetacards.add(getMoreRolesMetacard());
badDeleteResponse = new DeleteResponseImpl(deleteRequest, properties, badDeletedMetacards);
createRequest = new CreateRequestImpl(getExactRolesMetacard());
createRequest.setProperties(properties);
badCreateRequest = new CreateRequestImpl(getMoreRolesMetacard());
badCreateRequest.setProperties(properties);
updateRequest = new UpdateRequestImpl(getExactRolesMetacard().getId(), getExactRolesMetacard());
updateRequest.setProperties(properties);
ResultImpl result1 = new ResultImpl(getMoreRolesMetacard());
ResultImpl result2 = new ResultImpl(getMissingRolesMetacard());
ResultImpl result3 = new ResultImpl(getExactRolesMetacard());
ResultImpl result4 = new ResultImpl(getNoRolesMetacard());
ResultImpl result5 = new ResultImpl(getNoSecurityAttributeMetacard());
incomingResponse.addResult(result1, false);
incomingResponse.addResult(result2, false);
incomingResponse.addResult(result3, false);
incomingResponse.addResult(result4, false);
incomingResponse.addResult(result5, true);
}
Also used :
SubjectUtils(ddf.security.service.impl.SubjectUtils)
Serializable(java.io.Serializable)
FilterPlugin(ddf.catalog.security.filter.plugin.FilterPlugin)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
ResultImpl(ddf.catalog.data.impl.ResultImpl)
Security(org.codice.ddf.security.impl.Security)
AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
PermissionsImpl(ddf.security.permission.impl.PermissionsImpl)
CollectionPermission(ddf.security.permission.CollectionPermission)
Permission(org.apache.shiro.authz.Permission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
ResourceResponseImpl(ddf.catalog.operation.impl.ResourceResponseImpl)
DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager)
DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject)
Subject(ddf.security.Subject)
QueryResponseImpl(ddf.catalog.operation.impl.QueryResponseImpl)
Metacard(ddf.catalog.data.Metacard)
DeleteResponseImpl(ddf.catalog.operation.impl.DeleteResponseImpl)
QueryRequestImpl(ddf.catalog.operation.impl.QueryRequestImpl)
CreateRequestImpl(ddf.catalog.operation.impl.CreateRequestImpl)
ResourceRequest(ddf.catalog.operation.ResourceRequest)
UpdateRequestImpl(ddf.catalog.operation.impl.UpdateRequestImpl)
DeleteRequest(ddf.catalog.operation.DeleteRequest)
Principal(java.security.Principal)
SecurityLogger(ddf.security.audit.SecurityLogger)
Before(org.junit.Before)
Example 70 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project ddf by codice.
the class AbstractDownloadsStatusEventPublisherTest method addSecurity.
private void addSecurity() {
org.apache.shiro.mgt.SecurityManager secManager = new DefaultSecurityManager();
PrincipalCollection principals = new SimplePrincipalCollection(USER_ID, "testrealm");
Subject subject = new Subject.Builder(secManager).principals(principals).session(new SimpleSession()).authenticated(true).buildSubject();
ThreadContext.bind(secManager);
ThreadContext.bind(subject);
}
Also used :
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager)
SimpleSession(org.apache.shiro.session.mgt.SimpleSession)
Subject(org.apache.shiro.subject.Subject)
Aggregations
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)87
Test (org.junit.Test)38
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)34
SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)12
Element (org.w3c.dom.Element)12
SecurityAssertion (ddf.security.assertion.SecurityAssertion)11
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)11
DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)11
SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)10
Principal (java.security.Principal)10
SAMLAuthenticationToken (org.codice.ddf.security.handler.SAMLAuthenticationToken)10
ArrayList (java.util.ArrayList)9
Subject (org.apache.shiro.subject.Subject)9
AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)8
Subject (ddf.security.Subject)7
AuthenticationException (org.apache.shiro.authc.AuthenticationException)7
Realm (org.apache.shiro.realm.Realm)7
SimpleSession (org.apache.shiro.session.mgt.SimpleSession)7
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6
Assertion (org.opensaml.saml.saml2.core.Assertion)6
