Example 21 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project killbill by killbill.
the class TestKillBillJndiLdapRealm method testCheckLDAPConnection.
@Test(groups = "external", enabled = false)
public void testCheckLDAPConnection() throws Exception {
// Convenience method to verify your LDAP connectivity
final Properties props = new Properties();
props.setProperty("org.killbill.security.ldap.userDnTemplate", "uid={0},ou=users,dc=mycompany,dc=com");
props.setProperty("org.killbill.security.ldap.searchBase", "ou=groups,dc=mycompany,dc=com");
props.setProperty("org.killbill.security.ldap.groupSearchFilter", "memberOf=uid={0},ou=users,dc=mycompany,dc=com");
props.setProperty("org.killbill.security.ldap.groupNameId", "cn");
props.setProperty("org.killbill.security.ldap.url", "ldap://ldap:389");
props.setProperty("org.killbill.security.ldap.disableSSLCheck", "true");
props.setProperty("org.killbill.security.ldap.systemUsername", "cn=root");
props.setProperty("org.killbill.security.ldap.systemPassword", "password");
props.setProperty("org.killbill.security.ldap.authenticationMechanism", "simple");
props.setProperty("org.killbill.security.ldap.permissionsByGroup", "support-group: entitlement:*\n" + "finance-group: invoice:*, payment:*\n" + "ops-group: *:*");
final ConfigSource customConfigSource = new SimplePropertyConfigSource(props);
final SecurityConfig securityConfig = new ConfigurationObjectFactory(customConfigSource).build(SecurityConfig.class);
final KillBillJndiLdapRealm ldapRealm = new KillBillJndiLdapRealm(securityConfig);
final String username = "pierre";
final String password = "password";
// Check authentication
final UsernamePasswordToken token = new UsernamePasswordToken(username, password);
final AuthenticationInfo authenticationInfo = ldapRealm.getAuthenticationInfo(token);
System.out.println(authenticationInfo);
// Check permissions
final SimplePrincipalCollection principals = new SimplePrincipalCollection(username, username);
final AuthorizationInfo authorizationInfo = ldapRealm.queryForAuthorizationInfo(principals, ldapRealm.getContextFactory());
System.out.println("Roles: " + authorizationInfo.getRoles());
System.out.println("Permissions: " + authorizationInfo.getStringPermissions());
}
Also used :
SimplePropertyConfigSource(org.skife.config.SimplePropertyConfigSource)
ConfigSource(org.skife.config.ConfigSource)
SimplePropertyConfigSource(org.skife.config.SimplePropertyConfigSource)
SecurityConfig(org.killbill.billing.util.config.definition.SecurityConfig)
ConfigurationObjectFactory(org.skife.config.ConfigurationObjectFactory)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Properties(java.util.Properties)
AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Test(org.testng.annotations.Test)
Example 22 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project graylog2-server by Graylog2.
the class BearerTokenRealm method toAuthenticationInfo.
private AuthenticationInfo toAuthenticationInfo(AuthServiceResult result) {
String realmName = NAME + "/" + result.backendType();
@SuppressWarnings("ConstantConditions") final SimplePrincipalCollection principals = new SimplePrincipalCollection(ImmutableList.of(result.userProfileId(), result.sessionAttributes()), realmName);
return new SimpleAccount(principals, null, realmName);
}
Also used :
SimpleAccount(org.apache.shiro.authc.SimpleAccount)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Example 23 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project zeppelin by apache.
the class ShiroAuthenticationService method getAssociatedRoles.
/**
* Return the roles associated with the authenticated user if any otherwise returns empty set.
* TODO(prasadwagle) Find correct way to get user roles (see SHIRO-492)
*
* @return shiro roles
*/
@Override
public Set<String> getAssociatedRoles() {
Subject subject = org.apache.shiro.SecurityUtils.getSubject();
Set<String> roles = new HashSet<>();
Map<String, String> allRoles = null;
if (subject.isAuthenticated()) {
Collection<Realm> realmsList = getRealmsList();
for (Realm realm : realmsList) {
String name = realm.getClass().getName();
if (INI_REALM.equals(name)) {
allRoles = ((IniRealm) realm).getIni().get("roles");
break;
} else if (LDAP_REALM.equals(name)) {
try {
AuthorizationInfo auth = ((LdapRealm) realm).queryForAuthorizationInfo(new SimplePrincipalCollection(subject.getPrincipal(), realm.getName()), ((LdapRealm) realm).getContextFactory());
if (auth != null) {
roles = new HashSet<>(auth.getRoles());
}
} catch (NamingException e) {
LOGGER.error("Can't fetch roles", e);
}
break;
} else if (ACTIVE_DIRECTORY_GROUP_REALM.equals(name)) {
allRoles = ((ActiveDirectoryGroupRealm) realm).getListRoles();
break;
} else if (realm instanceof KnoxJwtRealm) {
roles = ((KnoxJwtRealm) realm).mapGroupPrincipals(getPrincipal());
break;
}
}
if (allRoles != null) {
for (Map.Entry<String, String> pair : allRoles.entrySet()) {
if (subject.hasRole(pair.getKey())) {
roles.add(pair.getKey());
}
}
}
}
return roles;
}
Also used :
IniRealm(org.apache.shiro.realm.text.IniRealm)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
KnoxJwtRealm(org.apache.zeppelin.realm.jwt.KnoxJwtRealm)
AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo)
Subject(org.apache.shiro.subject.Subject)
NamingException(javax.naming.NamingException)
LdapRealm(org.apache.zeppelin.realm.LdapRealm)
DefaultLdapRealm(org.apache.shiro.realm.ldap.DefaultLdapRealm)
IniRealm(org.apache.shiro.realm.text.IniRealm)
LdapRealm(org.apache.zeppelin.realm.LdapRealm)
Realm(org.apache.shiro.realm.Realm)
KnoxJwtRealm(org.apache.zeppelin.realm.jwt.KnoxJwtRealm)
DefaultLdapRealm(org.apache.shiro.realm.ldap.DefaultLdapRealm)
ActiveDirectoryGroupRealm(org.apache.zeppelin.realm.ActiveDirectoryGroupRealm)
JdbcRealm(org.apache.shiro.realm.jdbc.JdbcRealm)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 24 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project zeppelin by apache.
the class LdapRealmTest method testRolesFor.
@Test
public void testRolesFor() throws NamingException {
LdapRealm realm = new LdapRealm();
realm.setGroupSearchBase("cn=groups,dc=apache");
realm.setGroupObjectClass("posixGroup");
realm.setMemberAttributeValueTemplate("cn={0},ou=people,dc=apache");
HashMap<String, String> rolesByGroups = new HashMap<>();
rolesByGroups.put("group-three", "zeppelin-role");
realm.setRolesByGroup(rolesByGroups);
LdapContextFactory ldapContextFactory = mock(LdapContextFactory.class);
LdapContext ldapCtx = mock(LdapContext.class);
Session session = mock(Session.class);
// expected search results
BasicAttributes group1 = new BasicAttributes();
group1.put(realm.getGroupIdAttribute(), "group-one");
group1.put(realm.getMemberAttribute(), "principal");
// user doesn't belong to this group
BasicAttributes group2 = new BasicAttributes();
group2.put(realm.getGroupIdAttribute(), "group-two");
group2.put(realm.getMemberAttribute(), "someoneelse");
// mapped to a different Zeppelin role
BasicAttributes group3 = new BasicAttributes();
group3.put(realm.getGroupIdAttribute(), "group-three");
group3.put(realm.getMemberAttribute(), "principal");
NamingEnumeration<SearchResult> results = enumerationOf(group1, group2, group3);
when(ldapCtx.search(any(String.class), any(String.class), any(SearchControls.class))).thenReturn(results);
Set<String> roles = realm.rolesFor(new SimplePrincipalCollection("principal", "ldapRealm"), "principal", ldapCtx, ldapContextFactory, session);
verify(ldapCtx).search("cn=groups,dc=apache", "(objectclass=posixGroup)", realm.getGroupSearchControls());
assertEquals(new HashSet(Arrays.asList("group-one", "zeppelin-role")), roles);
}
Also used :
BasicAttributes(javax.naming.directory.BasicAttributes)
HashMap(java.util.HashMap)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SearchResult(javax.naming.directory.SearchResult)
LdapContextFactory(org.apache.shiro.realm.ldap.LdapContextFactory)
SearchControls(javax.naming.directory.SearchControls)
LdapContext(javax.naming.ldap.LdapContext)
Session(org.apache.shiro.session.Session)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 25 with SimplePrincipalCollection
use of org.apache.shiro.subject.SimplePrincipalCollection in project neo4j by neo4j.
the class LdapRealmTest method shouldLogSuccessfulAuthorizationQueries.
@Test
public void shouldLogSuccessfulAuthorizationQueries() throws Exception {
// Given
when(config.get(SecuritySettings.ldap_use_starttls)).thenReturn(true);
LdapRealm realm = new TestLdapRealm(config, securityLog, false);
JndiLdapContextFactory jndiLdapContectFactory = mock(JndiLdapContextFactory.class);
when(jndiLdapContectFactory.getUrl()).thenReturn("ldap://myserver.org:12345");
// When
realm.doGetAuthorizationInfo(new SimplePrincipalCollection("olivia", "LdapRealm"));
// Then
verify(securityLog).debug(contains("{LdapRealm}: Queried for authorization info for user 'olivia'"));
}
Also used :
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Test(org.junit.Test)
Aggregations
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)55
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)26
Test (org.junit.Test)25
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)11
ArrayList (java.util.ArrayList)7
AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)7
DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)7
Realm (org.apache.shiro.realm.Realm)7
Principal (java.security.Principal)6
SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)6
UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)6
Subject (org.apache.shiro.subject.Subject)6
Subject (ddf.security.Subject)5
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)5
SimpleAccount (org.apache.shiro.authc.SimpleAccount)5
AuthorizingRealm (org.apache.shiro.realm.AuthorizingRealm)5
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)5
SecurityAssertion (ddf.security.assertion.SecurityAssertion)4
HashSet (java.util.HashSet)4
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)4
