Search in sources :

Example 6 with AuthenticationHandler

use of org.codice.ddf.security.handler.api.AuthenticationHandler in project ddf by codice.

the class WebSSOFilterTest method testInit.

@Test
public void testInit() {
    final Logger logger = (Logger) LoggerFactory.getLogger(WebSSOFilter.class);
    logger.setLevel(Level.DEBUG);
    AuthenticationHandler handlerMock = mock(AuthenticationHandler.class);
    when(handlerMock.getAuthenticationType()).thenReturn("basic");
    ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
    when(policyManager.getSessionAccess()).thenReturn(true);
    WebSSOFilter webSSOFilter = new WebSSOFilter();
    webSSOFilter.setHandlerList(Collections.singletonList(handlerMock));
    webSSOFilter.setContextPolicyManager(policyManager);
    webSSOFilter.init();
    logger.setLevel(Level.OFF);
}
Also used : AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler) SecurityLogger(ddf.security.audit.SecurityLogger) Logger(ch.qos.logback.classic.Logger) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) Test(org.junit.Test)

Example 7 with AuthenticationHandler

use of org.codice.ddf.security.handler.api.AuthenticationHandler in project ddf by codice.

the class WebSSOFilterTest method testDoFilterResolvingOnSecondCall.

@Test
public void testDoFilterResolvingOnSecondCall() throws IOException, AuthenticationException {
    ContextPolicy testPolicy = mock(ContextPolicy.class);
    when(testPolicy.getAuthenticationMethods()).thenReturn(Collections.singletonList("basic"));
    ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
    when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
    when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
    when(policyManager.getSessionAccess()).thenReturn(false);
    WebSSOFilter filter = new WebSSOFilter();
    // set handlers
    AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
    when(handler1.getAuthenticationType()).thenReturn("basic");
    HandlerResult noActionResult = mock(HandlerResult.class);
    when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
    HandlerResult completedResult = mock(HandlerResult.class);
    when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
    when(completedResult.getToken()).thenReturn(null);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(true))).thenReturn(completedResult);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(false))).thenReturn(noActionResult);
    filter.setContextPolicyManager(policyManager);
    filter.setHandlerList(Collections.singletonList(handler1));
    filter.setSecurityLogger(mock(SecurityLogger.class));
    SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRequestURI()).thenReturn(MOCK_CONTEXT);
    HttpServletResponse response = mock(HttpServletResponse.class);
    try {
        filter.doFilter(request, response, filterChain);
    } catch (AuthenticationException e) {
    }
    verify(handler1, times(2)).getNormalizedToken(any(HttpServletRequest.class), any(HttpServletResponse.class), any(SecurityFilterChain.class), anyBoolean());
    // the next filter should NOT be called
    verify(filterChain, never()).doFilter(request, response);
    verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServletResponse(javax.servlet.ServletResponse) SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain) AuthenticationException(org.codice.ddf.platform.filter.AuthenticationException) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Example 8 with AuthenticationHandler

use of org.codice.ddf.security.handler.api.AuthenticationHandler in project ddf by codice.

the class WebSSOFilterTest method testDoFilterGetResultFromSession.

@Test
public void testDoFilterGetResultFromSession() throws Exception {
    PrincipalCollection principalCollectionMock = mock(PrincipalCollection.class);
    when(principalCollectionMock.byType(any())).thenReturn(Collections.singletonList("principal"));
    PrincipalHolder principalHolderMock = mock(PrincipalHolder.class);
    when(principalHolderMock.getPrincipals()).thenReturn(principalCollectionMock);
    HttpSession sessionMock = mock(HttpSession.class);
    when(sessionMock.getAttribute(SECURITY_TOKEN_KEY)).thenReturn(principalHolderMock);
    HttpServletRequest requestMock = mock(HttpServletRequest.class);
    when(requestMock.getSession(any(Boolean.class))).thenReturn(sessionMock);
    when(requestMock.getRequestURI()).thenReturn(MOCK_CONTEXT);
    when(requestMock.getRequestedSessionId()).thenReturn("JSESSIONID");
    HttpServletResponse responseMock = mock(HttpServletResponse.class);
    ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
    when(policyManager.getSessionAccess()).thenReturn(true);
    when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
    ContextPolicy testPolicy = mock(ContextPolicy.class);
    when(testPolicy.getAuthenticationMethods()).thenReturn(Collections.singletonList("basic"));
    when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
    AuthenticationHandler handlerMock = mock(AuthenticationHandler.class);
    when(handlerMock.getAuthenticationType()).thenReturn("basic");
    HandlerResult completedResult = mock(HandlerResult.class);
    when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
    when(completedResult.getToken()).thenReturn(mock(BaseAuthenticationToken.class));
    when(handlerMock.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), anyBoolean())).thenReturn(completedResult);
    SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
    WebSSOFilter filter = new WebSSOFilter();
    filter.setContextPolicyManager(policyManager);
    filter.setHandlerList(Collections.singletonList(handlerMock));
    filter.doFilter(requestMock, responseMock, filterChain);
    verify(sessionMock, times(1)).getAttribute(SECURITY_TOKEN_KEY);
    verify(handlerMock, times(0)).getNormalizedToken(any(), any(), any(), anyBoolean());
    verify(requestMock, times(1)).setAttribute(eq(AUTHENTICATION_TOKEN_KEY), any());
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServletResponse(javax.servlet.ServletResponse) HttpSession(javax.servlet.http.HttpSession) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) HttpServletResponse(javax.servlet.http.HttpServletResponse) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain) BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken) AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler) Mockito.anyBoolean(org.mockito.Mockito.anyBoolean) PrincipalHolder(ddf.security.common.PrincipalHolder) Test(org.junit.Test)

Example 9 with AuthenticationHandler

use of org.codice.ddf.security.handler.api.AuthenticationHandler in project ddf by codice.

the class WebSSOFilter method getHandlerList.

private List<AuthenticationHandler> getHandlerList(String path) {
    List<AuthenticationHandler> handlers = new ArrayList<>();
    String handlerAuthMethod;
    if (contextPolicyManager != null) {
        ContextPolicy policy = contextPolicyManager.getContextPolicy(path);
        if (policy != null) {
            Collection<String> authMethods = policy.getAuthenticationMethods();
            for (String authMethod : authMethods) {
                for (AuthenticationHandler handler : this.handlerList) {
                    handlerAuthMethod = handler.getAuthenticationType();
                    LOGGER.trace("Handler auth method: {} - desired auth method {}", handlerAuthMethod, authMethod);
                    if (handler.getAuthenticationType().equalsIgnoreCase(authMethod)) {
                        handlers.add(handler);
                    }
                }
            }
        }
    } else {
        // if no manager, get a list of all the handlers.
        handlers.addAll(this.handlerList);
    }
    LOGGER.trace("Returning {} handlers that support desired auth methods for path {}", handlers.size(), path);
    return handlers;
}
Also used : ArrayList(java.util.ArrayList) AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)

Aggregations

AuthenticationHandler (org.codice.ddf.security.handler.api.AuthenticationHandler)9 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)7 ContextPolicy (org.codice.ddf.security.policy.context.ContextPolicy)6 ContextPolicyManager (org.codice.ddf.security.policy.context.ContextPolicyManager)6 Test (org.junit.Test)6 ServletRequest (javax.servlet.ServletRequest)5 ServletResponse (javax.servlet.ServletResponse)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 SecurityFilterChain (org.codice.ddf.platform.filter.SecurityFilterChain)5 AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)3 SecurityLogger (ddf.security.audit.SecurityLogger)2 PrincipalHolder (ddf.security.common.PrincipalHolder)2 IOException (java.io.IOException)2 HttpSession (javax.servlet.http.HttpSession)2 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)2 BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)2 Mockito.anyBoolean (org.mockito.Mockito.anyBoolean)2 Logger (ch.qos.logback.classic.Logger)1 ArrayList (java.util.ArrayList)1