Search in sources :

Example 81 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project shiro by apache.

the class CasRealm method doGetAuthenticationInfo.

/**
 * Authenticates a user and retrieves its information.
 *
 * @param token the authentication token
 * @throws AuthenticationException if there is an error during authentication.
 */
@Override
@SuppressWarnings("unchecked")
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    CasToken casToken = (CasToken) token;
    if (token == null) {
        return null;
    }
    String ticket = (String) casToken.getCredentials();
    if (!StringUtils.hasText(ticket)) {
        return null;
    }
    TicketValidator ticketValidator = ensureTicketValidator();
    try {
        // contact CAS server to validate service ticket
        Assertion casAssertion = ticketValidator.validate(ticket, getCasService());
        // get principal, user id and attributes
        AttributePrincipal casPrincipal = casAssertion.getPrincipal();
        String userId = casPrincipal.getName();
        log.debug("Validate ticket : {} in CAS server : {} to retrieve user : {}", new Object[] { ticket, getCasServerUrlPrefix(), userId });
        Map<String, Object> attributes = casPrincipal.getAttributes();
        // refresh authentication token (user id + remember me)
        casToken.setUserId(userId);
        String rememberMeAttributeName = getRememberMeAttributeName();
        String rememberMeStringValue = (String) attributes.get(rememberMeAttributeName);
        boolean isRemembered = rememberMeStringValue != null && Boolean.parseBoolean(rememberMeStringValue);
        if (isRemembered) {
            casToken.setRememberMe(true);
        }
        // create simple authentication info
        List<Object> principals = CollectionUtils.asList(userId, attributes);
        PrincipalCollection principalCollection = new SimplePrincipalCollection(principals, getName());
        return new SimpleAuthenticationInfo(principalCollection, ticket);
    } catch (TicketValidationException e) {
        throw new CasAuthenticationException("Unable to validate ticket [" + ticket + "]", e);
    }
}
Also used : SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)

Example 82 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project shiro by apache.

the class CasRealm method doGetAuthorizationInfo.

/**
 * Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user : id + attributes).
 *
 * @param principals the primary identifying principals of the AuthorizationInfo that should be retrieved.
 * @return the AuthorizationInfo associated with this principals.
 */
@Override
@SuppressWarnings("unchecked")
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    // retrieve user information
    SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
    List<Object> listPrincipals = principalCollection.asList();
    Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
    // create simple authorization info
    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    // add default roles
    addRoles(simpleAuthorizationInfo, split(defaultRoles));
    // add default permissions
    addPermissions(simpleAuthorizationInfo, split(defaultPermissions));
    // get roles from attributes
    List<String> attributeNames = split(roleAttributeNames);
    for (String attributeName : attributeNames) {
        String value = attributes.get(attributeName);
        addRoles(simpleAuthorizationInfo, split(value));
    }
    // get permissions from attributes
    attributeNames = split(permissionAttributeNames);
    for (String attributeName : attributeNames) {
        String value = attributes.get(attributeName);
        addPermissions(simpleAuthorizationInfo, split(value));
    }
    return simpleAuthorizationInfo;
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) Map(java.util.Map)

Example 83 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project vertx-auth by vert-x3.

the class ShiroUser method setAuthProvider.

@Override
public void setAuthProvider(AuthProvider authProvider) {
    if (authProvider instanceof ShiroAuthProviderImpl) {
        ShiroAuthProviderImpl shiroAuthProvider = (ShiroAuthProviderImpl) authProvider;
        this.vertx = shiroAuthProvider.getVertx();
        this.securityManager = shiroAuthProvider.getSecurityManager();
        // before doing any shiro operations set the context
        SecurityUtils.setSecurityManager(securityManager);
        // generate the subject back from the provider
        SubjectContext subjectContext = new DefaultSubjectContext();
        PrincipalCollection coll = new SimplePrincipalCollection(username, shiroAuthProvider.getRealmName());
        subjectContext.setPrincipals(coll);
        subject = securityManager.createSubject(subjectContext);
    } else {
        throw new IllegalArgumentException("Not a ShiroAuthProviderImpl");
    }
}
Also used : SubjectContext(org.apache.shiro.subject.SubjectContext) DefaultSubjectContext(org.apache.shiro.subject.support.DefaultSubjectContext) DefaultSubjectContext(org.apache.shiro.subject.support.DefaultSubjectContext) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)

Example 84 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project killbill by killbill.

the class DefaultSecurityApi method invalidateJDBCAuthorizationCache.

private void invalidateJDBCAuthorizationCache(final String username) {
    final Collection<Realm> realms = ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getRealms();
    final KillBillJdbcRealm killBillJdbcRealm = (KillBillJdbcRealm) Iterables.tryFind(realms, new Predicate<Realm>() {

        @Override
        public boolean apply(@Nullable final Realm input) {
            return (input instanceof KillBillJdbcRealm);
        }
    }).orNull();
    if (killBillJdbcRealm != null) {
        final SimplePrincipalCollection principals = new SimplePrincipalCollection();
        principals.add(username, killBillJdbcRealm.getName());
        killBillJdbcRealm.clearCachedAuthorizationInfo(principals);
    }
}
Also used : KillBillJdbcRealm(org.killbill.billing.util.security.shiro.realm.KillBillJdbcRealm) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager) Realm(org.apache.shiro.realm.Realm) AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm) KillBillJdbcRealm(org.killbill.billing.util.security.shiro.realm.KillBillJdbcRealm)

Example 85 with SimplePrincipalCollection

use of org.apache.shiro.subject.SimplePrincipalCollection in project killbill by killbill.

the class TestKillBillAuth0Realm method testCheckAuth0Connection.

@Test(groups = "external", enabled = false)
public void testCheckAuth0Connection() throws Exception {
    // Convenience method to verify your Auth0 connectivity
    final Properties props = new Properties();
    props.setProperty("org.killbill.security.auth0.url", "https://XXX.us.auth0.com");
    props.setProperty("org.killbill.security.auth0.clientId", "YYY");
    props.setProperty("org.killbill.security.auth0.clientSecret", "ZZZ");
    props.setProperty("org.killbill.security.auth0.apiIdentifier", "WWW");
    props.setProperty("org.killbill.security.auth0.databaseConnectionName", "Username-Password-Authentication");
    props.setProperty("org.killbill.security.auth0.allowedClockSkew", "2000s");
    final ConfigSource customConfigSource = new SimplePropertyConfigSource(props);
    final SecurityConfig securityConfig = new ConfigurationObjectFactory(customConfigSource).build(SecurityConfig.class);
    final KillBillAuth0Realm auth0Realm = new KillBillAuth0Realm(securityConfig, clock);
    final String username = "test@example.com";
    final String password = "password";
    // Check authentication
    final AuthenticationToken token = new UsernamePasswordToken(username, password);
    final AuthenticationInfo authenticationInfo = auth0Realm.getAuthenticationInfo(token);
    System.out.println(authenticationInfo);
    // Check permissions
    final PrincipalCollection principals = new SimplePrincipalCollection(username, username);
    final AuthorizationInfo authorizationInfo = auth0Realm.doGetAuthorizationInfo(principals);
    System.out.println("Roles: " + authorizationInfo.getRoles());
    System.out.println("Permissions: " + authorizationInfo.getStringPermissions());
    // Check JWT
    final Claims claims = auth0Realm.verifyJWT("JWT");
    System.out.println("Token claims: " + claims);
}
Also used : SimplePropertyConfigSource(org.skife.config.SimplePropertyConfigSource) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) Claims(io.jsonwebtoken.Claims) ConfigurationObjectFactory(org.skife.config.ConfigurationObjectFactory) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) Properties(java.util.Properties) AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) SimplePropertyConfigSource(org.skife.config.SimplePropertyConfigSource) ConfigSource(org.skife.config.ConfigSource) SecurityConfig(org.killbill.billing.util.config.definition.SecurityConfig) Test(org.testng.annotations.Test)

Aggregations

SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)87 Test (org.junit.Test)38 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)34 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)12 Element (org.w3c.dom.Element)12 SecurityAssertion (ddf.security.assertion.SecurityAssertion)11 AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)11 DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)11 SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)10 Principal (java.security.Principal)10 SAMLAuthenticationToken (org.codice.ddf.security.handler.SAMLAuthenticationToken)10 ArrayList (java.util.ArrayList)9 Subject (org.apache.shiro.subject.Subject)9 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)8 Subject (ddf.security.Subject)7 AuthenticationException (org.apache.shiro.authc.AuthenticationException)7 Realm (org.apache.shiro.realm.Realm)7 SimpleSession (org.apache.shiro.session.mgt.SimpleSession)7 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6 Assertion (org.opensaml.saml.saml2.core.Assertion)6