Search in sources :

Example 1 with GuestAuthenticationToken

use of org.codice.ddf.security.handler.GuestAuthenticationToken in project ddf by codice.

the class WebSSOFilter method handleResultStatus.

private void handleResultStatus(HttpServletRequest httpRequest, HttpServletResponse httpResponse, HandlerResult result, String path, String ipAddress) throws AuthenticationChallengeException, AuthenticationFailureException {
    if (result != null) {
        switch(result.getStatus()) {
            case REDIRECTED:
                // handler handled the response - it is redirecting or whatever
                // necessary to get their tokens
                LOGGER.debug("Stopping filter chain - handled by plugins");
                throw new AuthenticationChallengeException("Stopping filter chain - handled by plugins");
            case NO_ACTION:
                if (!contextPolicyManager.getGuestAccess()) {
                    LOGGER.warn("No handlers were able to determine required credentials, returning bad request to {}. Check policy configuration for path: {}", ipAddress, path);
                    returnSimpleResponse(HttpServletResponse.SC_BAD_REQUEST, httpResponse);
                    throw new AuthenticationFailureException("No handlers were able to determine required credentials");
                }
                result = new HandlerResultImpl(Status.COMPLETED, new GuestAuthenticationToken(ipAddress, securityLogger));
                result.setSource("default");
            // fall through
            case COMPLETED:
                if (result.getToken() == null) {
                    LOGGER.warn("Completed without credentials for {} - check context policy configuration for path: {}", ipAddress, path);
                    returnSimpleResponse(HttpServletResponse.SC_BAD_REQUEST, httpResponse);
                    throw new AuthenticationFailureException("Completed without credentials");
                }
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Attaching result handler to the http request - token is instance of {} from classloader {}", result.getToken().getClass().getName(), result.getToken().getClass().getClassLoader());
                }
                if (result.getToken() instanceof BaseAuthenticationToken) {
                    ((BaseAuthenticationToken) result.getToken()).setAllowGuest(contextPolicyManager.getGuestAccess());
                }
                httpRequest.setAttribute(AUTHENTICATION_TOKEN_KEY, result);
                break;
            default:
                LOGGER.warn("Unexpected response from handler - ignoring. Remote IP: {}, Path: {}", ipAddress, path);
                throw new AuthenticationFailureException("Unexpected response from handler");
        }
    } else {
        LOGGER.warn("Expected login credentials from {} - didn't find any. Returning a bad request for path: {}", ipAddress, path);
        returnSimpleResponse(HttpServletResponse.SC_BAD_REQUEST, httpResponse);
        throw new AuthenticationFailureException("Didn't find any login credentials");
    }
}
Also used : AuthenticationChallengeException(org.codice.ddf.platform.filter.AuthenticationChallengeException) GuestAuthenticationToken(org.codice.ddf.security.handler.GuestAuthenticationToken) HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl) BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken) AuthenticationFailureException(org.codice.ddf.platform.filter.AuthenticationFailureException)

Example 2 with GuestAuthenticationToken

use of org.codice.ddf.security.handler.GuestAuthenticationToken in project ddf by codice.

the class Security method getGuestSubject.

/**
 * Gets the guest {@link Subject} associated with the specified IP. Uses a cached subject when
 * possible since the subject will not change between calls.
 *
 * @return system's {@link Subject}
 */
@Override
public Subject getGuestSubject(String ipAddress) {
    Subject subject = null;
    GuestAuthenticationToken token = new GuestAuthenticationToken(ipAddress, securityLogger);
    LOGGER.debug("Getting new Guest user token for {}", ipAddress);
    try {
        SecurityManager securityManager = getSecurityManager();
        if (securityManager != null) {
            subject = securityManager.getSubject(token);
        }
    } catch (SecurityServiceException sse) {
        LOGGER.info("Unable to request subject for guest user.", sse);
    }
    return subject;
}
Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) GuestAuthenticationToken(org.codice.ddf.security.handler.GuestAuthenticationToken) SecurityManager(ddf.security.service.SecurityManager) Subject(ddf.security.Subject)

Example 3 with GuestAuthenticationToken

use of org.codice.ddf.security.handler.GuestAuthenticationToken in project ddf by codice.

the class WebSSOFilterTest method testDoFilterReturnsGuestTokenWhenNoHandlersRegisteredAndGuestAccessEnabled.

@Test
public void testDoFilterReturnsGuestTokenWhenNoHandlersRegisteredAndGuestAccessEnabled() throws IOException, AuthenticationException {
    ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
    when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
    when(policyManager.getGuestAccess()).thenReturn(true);
    when(policyManager.getSessionAccess()).thenReturn(true);
    WebSSOFilter filter = new WebSSOFilter();
    filter.setContextPolicyManager(policyManager);
    SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRequestURI()).thenReturn(MOCK_CONTEXT);
    HttpServletResponse response = mock(HttpServletResponse.class);
    filter.doFilter(request, response, filterChain);
    ArgumentCaptor<HandlerResult> handlerResult = ArgumentCaptor.forClass(HandlerResult.class);
    verify(request).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), handlerResult.capture());
    assertTrue(handlerResult.getValue().getToken() instanceof GuestAuthenticationToken);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain) GuestAuthenticationToken(org.codice.ddf.security.handler.GuestAuthenticationToken) HttpServletResponse(javax.servlet.http.HttpServletResponse) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) Test(org.junit.Test)

Example 4 with GuestAuthenticationToken

use of org.codice.ddf.security.handler.GuestAuthenticationToken in project ddf by codice.

the class GuestInterceptor method getSubject.

private synchronized Subject getSubject(String ipAddress) throws AuthenticationException {
    Subject subject = guestSubjectCache.getIfPresent(ipAddress);
    if (subject == null) {
        if (securityManager == null) {
            throw new AuthenticationException("Unable to create the guest subject, system is not ready.");
        }
        GuestAuthenticationToken token = new GuestAuthenticationToken(ipAddress, securityLogger);
        LOGGER.debug("Getting new Guest user token for {}", ipAddress);
        try {
            subject = securityManager.getSubject(token);
            // this should be a cache not a map so we can remove items, make this change
            guestSubjectCache.put(ipAddress, subject);
        } catch (SecurityServiceException sse) {
            LOGGER.info("Unable to request subject for guest user.", sse);
        }
    } else {
        LOGGER.debug("Using cached Guest user token for {}", ipAddress);
    }
    return subject;
}
Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) GuestAuthenticationToken(org.codice.ddf.security.handler.GuestAuthenticationToken) AuthenticationException(org.codice.ddf.platform.filter.AuthenticationException) Subject(ddf.security.Subject)

Aggregations

GuestAuthenticationToken (org.codice.ddf.security.handler.GuestAuthenticationToken)4 Subject (ddf.security.Subject)2 SecurityServiceException (ddf.security.service.SecurityServiceException)2 SecurityManager (ddf.security.service.SecurityManager)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 AuthenticationChallengeException (org.codice.ddf.platform.filter.AuthenticationChallengeException)1 AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)1 AuthenticationFailureException (org.codice.ddf.platform.filter.AuthenticationFailureException)1 SecurityFilterChain (org.codice.ddf.platform.filter.SecurityFilterChain)1 BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)1 HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)1 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)1 ContextPolicyManager (org.codice.ddf.security.policy.context.ContextPolicyManager)1 Test (org.junit.Test)1