Example 11 with HandlerResultImpl
use of org.codice.ddf.security.handler.HandlerResultImpl in project ddf by codice.
the class BasicAuthenticationHandler method handleError.
@Override
public HandlerResult handleError(ServletRequest servletRequest, ServletResponse servletResponse, SecurityFilterChain chain) {
doAuthPrompt((HttpServletResponse) servletResponse);
HandlerResult result = new HandlerResultImpl(HandlerResult.Status.REDIRECTED, null);
result.setSource(SOURCE);
LOGGER.debug("In error handler for basic auth - prompted for auth credentials.");
return result;
}
Also used :
HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Example 12 with HandlerResultImpl
use of org.codice.ddf.security.handler.HandlerResultImpl in project ddf by codice.
the class OAuthHandler method getNormalizedToken.
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, SecurityFilterChain chain, boolean resolve) throws AuthenticationFailureException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (httpRequest.getMethod().equals("HEAD")) {
return processHeadRequest(httpResponse);
}
JEESessionStore sessionStore = new JEESessionStore();
JEEContext jeeContext = new JEEContext(httpRequest, httpResponse, sessionStore);
// time to try and pull credentials off of the request
LOGGER.debug("Doing OAuth authentication and authorization for path {}.", httpRequest.getContextPath());
OidcCredentials credentials;
StringBuffer requestUrlBuffer = httpRequest.getRequestURL();
requestUrlBuffer.append(httpRequest.getQueryString() == null ? "" : "?" + httpRequest.getQueryString());
String ipAddress = httpRequest.getRemoteAddr();
boolean isMachine = userAgentIsNotBrowser(httpRequest);
// machine to machine, check for Client Credentials Flow credentials
if (isMachine) {
try {
credentials = getCredentialsFromRequest(jeeContext);
} catch (IllegalArgumentException e) {
LOGGER.error("Problem with the OAuth Handler's OAuthHandlerConfiguration. " + "Check the OAuth Handler Configuration in the admin console.", e);
return noActionResult;
} catch (OAuthCredentialsException e) {
LOGGER.error("Problem extracting credentials from machine to machine request. " + "See OAuth2's \"Client Credential Flow\" for more information.", e);
return noActionResult;
}
} else {
LOGGER.info("The OAuth Handler does not handle user agent requests. Continuing to other handlers.");
return noActionResult;
}
// if the request has credentials, process it
if (credentials.getCode() != null || credentials.getAccessToken() != null || credentials.getIdToken() != null) {
LOGGER.info("Oidc credentials found/retrieved. Saving to session and continuing filter chain.");
OidcAuthenticationToken token = new OidcAuthenticationToken(credentials, jeeContext, ipAddress);
HandlerResult handlerResult = new HandlerResultImpl(Status.COMPLETED, token);
handlerResult.setSource(SOURCE);
return handlerResult;
} else {
LOGGER.info("No credentials found on user-agent request. " + "This handler does not support the acquisition of user agent credentials. Continuing to other handlers.");
return noActionResult;
}
}
Also used :
HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl)
JEEContext(org.pac4j.core.context.JEEContext)
OidcAuthenticationToken(org.codice.ddf.security.handler.OidcAuthenticationToken)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
JEESessionStore(org.pac4j.core.context.session.JEESessionStore)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
OidcCredentials(org.pac4j.oidc.credentials.OidcCredentials)
OAuthCredentialsException(org.pac4j.oauth.exception.OAuthCredentialsException)
Example 13 with HandlerResultImpl
use of org.codice.ddf.security.handler.HandlerResultImpl in project ddf by codice.
the class AssertionConsumerService method login.
private boolean login(org.opensaml.saml.saml2.core.Response samlResponse) {
if (!request.isSecure()) {
return false;
}
Map<String, Cookie> cookieMap = HttpUtils.getCookieMap(request);
if (cookieMap.containsKey("JSESSIONID") && sessionFactory != null) {
sessionFactory.getOrCreateSession(request).invalidate();
}
HandlerResult handlerResult = new HandlerResultImpl();
SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
simplePrincipalCollection.add(new SecurityAssertionSaml(samlResponse.getAssertions().get(0).getDOM()), "default");
SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, simplePrincipalCollection, request.getRemoteAddr());
handlerResult.setToken(samlToken);
handlerResult.setStatus(HandlerResult.Status.COMPLETED);
if (handlerResult.getStatus() != HandlerResult.Status.COMPLETED) {
LOGGER.debug("Failed to handle SAML assertion.");
return false;
}
if (handlerResult.getToken() instanceof BaseAuthenticationToken) {
((BaseAuthenticationToken) handlerResult.getToken()).setAllowGuest(contextPolicyManager.getGuestAccess());
}
request.setAttribute(AUTHENTICATION_TOKEN_KEY, handlerResult);
request.removeAttribute(ContextPolicy.NO_AUTH_POLICY);
try {
LOGGER.trace("Trying to login with provided SAML assertion.");
loginFilter.doFilter(request, null, (servletRequest, servletResponse) -> {
});
} catch (IOException | AuthenticationException e) {
LOGGER.debug("Failed to apply login filter to SAML assertion", e);
return false;
}
return true;
}
Also used :
Cookie(javax.servlet.http.Cookie)
AuthenticationException(org.codice.ddf.platform.filter.AuthenticationException)
HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl)
BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
IOException(java.io.IOException)
SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken)
SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml)
Example 14 with HandlerResultImpl
use of org.codice.ddf.security.handler.HandlerResultImpl in project ddf by codice.
the class IdpHandler method doPaosRequest.
private HandlerResult doPaosRequest(ServletRequest request, ServletResponse response) {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
HandlerResult handlerResult = new HandlerResultImpl(HandlerResult.Status.REDIRECTED, null);
handlerResult.setSource(SOURCE);
String paosHeader = ((HttpServletRequest) request).getHeader(PAOS);
// some of these options aren't currently used, leaving these here as a marker for what
// isn't implemented
boolean wantChannelBind = paosHeader.contains("urn:oasis:names:tc:SAML:protocol:ext:channel-binding");
boolean wantHok = paosHeader.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
boolean wantSigned = paosHeader.contains("urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp:2.0:WantAuthnRequestsSigned");
boolean wantDelegation = paosHeader.contains("urn:oasis:names:tc:SAML:2.0:conditions:delegation");
LOGGER.trace("ECP Client requested: channel bind {}, holder of key {}, signatures {}, delegation {}", wantChannelBind, wantHok, wantSigned, wantDelegation);
LOGGER.trace("Configuring SAML Response for POST.");
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
LOGGER.trace("Signing SAML POST Response.");
String authnRequest;
String paosRequest;
String ecpRequest;
String ecpRelayState;
try {
IDPSSODescriptor idpssoDescriptor = idpMetadata.getDescriptor();
if (idpssoDescriptor == null) {
throw new AuthenticationFailureException(IDP_METADATA_MISSING);
}
authnRequest = createAndSignAuthnRequest(true, wantSigned && idpssoDescriptor.getWantAuthnRequestsSigned());
paosRequest = createPaosRequest((HttpServletRequest) request);
ecpRequest = createEcpRequest();
ecpRelayState = createEcpRelayState((HttpServletRequest) request);
} catch (WSSecurityException | AuthenticationFailureException e) {
LOGGER.debug("Unable to create and sign AuthnRequest.", e);
httpServletResponse.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
try {
httpServletResponse.flushBuffer();
} catch (IOException e1) {
LOGGER.debug("Failed to send error response", e1);
}
return handlerResult;
}
LOGGER.trace("Converting SAML Response to DOM");
String soapMessage = soapMessageTemplate.replace("{{" + PAOS_REQUEST + "}}", paosRequest);
soapMessage = soapMessage.replace("{{" + ECP_REQUEST + "}}", ecpRequest);
soapMessage = soapMessage.replace("{{" + SAML_REQUEST + "}}", authnRequest);
soapMessage = soapMessage.replace("{{" + ECP_RELAY_STATE + "}}", ecpRelayState);
soapMessage = soapMessage.replace("{{" + PAOS_RESPONSE + "}}", "");
try {
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
httpServletResponse.setContentType(PAOS_MIME);
httpServletResponse.getOutputStream().print(soapMessage);
httpServletResponse.flushBuffer();
} catch (IOException ioe) {
LOGGER.debug("Failed to send auth response", ioe);
}
return handlerResult;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
AuthenticationFailureException(org.codice.ddf.platform.filter.AuthenticationFailureException)
IOException(java.io.IOException)
Document(org.w3c.dom.Document)
Example 15 with HandlerResultImpl
use of org.codice.ddf.security.handler.HandlerResultImpl in project ddf by codice.
the class IdpHandler method handleError.
@Override
public HandlerResult handleError(ServletRequest servletRequest, ServletResponse servletResponse, SecurityFilterChain chain) throws AuthenticationFailureException {
HandlerResult result = new HandlerResultImpl(HandlerResult.Status.NO_ACTION, null);
result.setSource(SOURCE);
LOGGER.debug("In error handler for idp - no action taken.");
return result;
}
Also used :
HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Aggregations
HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)18
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)17
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
IOException (java.io.IOException)5
HttpServletResponse (javax.servlet.http.HttpServletResponse)5
AuthenticationFailureException (org.codice.ddf.platform.filter.AuthenticationFailureException)4
Test (org.junit.Test)4
SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)2
PrincipalHolder (ddf.security.common.PrincipalHolder)2
Cookie (javax.servlet.http.Cookie)2
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)2
SessionException (org.apache.shiro.session.SessionException)2
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2
AuthenticationChallengeException (org.codice.ddf.platform.filter.AuthenticationChallengeException)2
AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)2
BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)2
OidcAuthenticationToken (org.codice.ddf.security.handler.OidcAuthenticationToken)2
SAMLAuthenticationToken (org.codice.ddf.security.handler.SAMLAuthenticationToken)2
JEEContext (org.pac4j.core.context.JEEContext)2
JEESessionStore (org.pac4j.core.context.session.JEESessionStore)2
