use of org.codice.ddf.security.handler.GuestAuthenticationToken in project ddf by codice.
the class WebSSOFilter method handleResultStatus.
private void handleResultStatus(HttpServletRequest httpRequest, HttpServletResponse httpResponse, HandlerResult result, String path, String ipAddress) throws AuthenticationChallengeException, AuthenticationFailureException {
if (result != null) {
switch(result.getStatus()) {
case REDIRECTED:
// handler handled the response - it is redirecting or whatever
// necessary to get their tokens
LOGGER.debug("Stopping filter chain - handled by plugins");
throw new AuthenticationChallengeException("Stopping filter chain - handled by plugins");
case NO_ACTION:
if (!contextPolicyManager.getGuestAccess()) {
LOGGER.warn("No handlers were able to determine required credentials, returning bad request to {}. Check policy configuration for path: {}", ipAddress, path);
returnSimpleResponse(HttpServletResponse.SC_BAD_REQUEST, httpResponse);
throw new AuthenticationFailureException("No handlers were able to determine required credentials");
}
result = new HandlerResultImpl(Status.COMPLETED, new GuestAuthenticationToken(ipAddress, securityLogger));
result.setSource("default");
// fall through
case COMPLETED:
if (result.getToken() == null) {
LOGGER.warn("Completed without credentials for {} - check context policy configuration for path: {}", ipAddress, path);
returnSimpleResponse(HttpServletResponse.SC_BAD_REQUEST, httpResponse);
throw new AuthenticationFailureException("Completed without credentials");
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Attaching result handler to the http request - token is instance of {} from classloader {}", result.getToken().getClass().getName(), result.getToken().getClass().getClassLoader());
}
if (result.getToken() instanceof BaseAuthenticationToken) {
((BaseAuthenticationToken) result.getToken()).setAllowGuest(contextPolicyManager.getGuestAccess());
}
httpRequest.setAttribute(AUTHENTICATION_TOKEN_KEY, result);
break;
default:
LOGGER.warn("Unexpected response from handler - ignoring. Remote IP: {}, Path: {}", ipAddress, path);
throw new AuthenticationFailureException("Unexpected response from handler");
}
} else {
LOGGER.warn("Expected login credentials from {} - didn't find any. Returning a bad request for path: {}", ipAddress, path);
returnSimpleResponse(HttpServletResponse.SC_BAD_REQUEST, httpResponse);
throw new AuthenticationFailureException("Didn't find any login credentials");
}
}
use of org.codice.ddf.security.handler.GuestAuthenticationToken in project ddf by codice.
the class Security method getGuestSubject.
/**
* Gets the guest {@link Subject} associated with the specified IP. Uses a cached subject when
* possible since the subject will not change between calls.
*
* @return system's {@link Subject}
*/
@Override
public Subject getGuestSubject(String ipAddress) {
Subject subject = null;
GuestAuthenticationToken token = new GuestAuthenticationToken(ipAddress, securityLogger);
LOGGER.debug("Getting new Guest user token for {}", ipAddress);
try {
SecurityManager securityManager = getSecurityManager();
if (securityManager != null) {
subject = securityManager.getSubject(token);
}
} catch (SecurityServiceException sse) {
LOGGER.info("Unable to request subject for guest user.", sse);
}
return subject;
}
use of org.codice.ddf.security.handler.GuestAuthenticationToken in project ddf by codice.
the class WebSSOFilterTest method testDoFilterReturnsGuestTokenWhenNoHandlersRegisteredAndGuestAccessEnabled.
@Test
public void testDoFilterReturnsGuestTokenWhenNoHandlersRegisteredAndGuestAccessEnabled() throws IOException, AuthenticationException {
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
when(policyManager.getGuestAccess()).thenReturn(true);
when(policyManager.getSessionAccess()).thenReturn(true);
WebSSOFilter filter = new WebSSOFilter();
filter.setContextPolicyManager(policyManager);
SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRequestURI()).thenReturn(MOCK_CONTEXT);
HttpServletResponse response = mock(HttpServletResponse.class);
filter.doFilter(request, response, filterChain);
ArgumentCaptor<HandlerResult> handlerResult = ArgumentCaptor.forClass(HandlerResult.class);
verify(request).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), handlerResult.capture());
assertTrue(handlerResult.getValue().getToken() instanceof GuestAuthenticationToken);
}
use of org.codice.ddf.security.handler.GuestAuthenticationToken in project ddf by codice.
the class GuestInterceptor method getSubject.
private synchronized Subject getSubject(String ipAddress) throws AuthenticationException {
Subject subject = guestSubjectCache.getIfPresent(ipAddress);
if (subject == null) {
if (securityManager == null) {
throw new AuthenticationException("Unable to create the guest subject, system is not ready.");
}
GuestAuthenticationToken token = new GuestAuthenticationToken(ipAddress, securityLogger);
LOGGER.debug("Getting new Guest user token for {}", ipAddress);
try {
subject = securityManager.getSubject(token);
// this should be a cache not a map so we can remove items, make this change
guestSubjectCache.put(ipAddress, subject);
} catch (SecurityServiceException sse) {
LOGGER.info("Unable to request subject for guest user.", sse);
}
} else {
LOGGER.debug("Using cached Guest user token for {}", ipAddress);
}
return subject;
}
Aggregations