Examples with BaseAuthenticationToken org.codice.ddf.security.handler.api.BaseAuthenticationToken used on opensource projects

Example 6 with BaseAuthenticationToken

use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.

the class AbstractBasicAuthenticationHandler method extractAuthInfo.

/**
     * Extract the Authorization header and parse into a username/password token.
     *
     * @param authHeader the authHeader string from the HTTP request
     * @return the initialized UPAuthenticationToken for this username, password, realm combination (or null)
     */
protected BaseAuthenticationToken extractAuthInfo(String authHeader, String realm) {
    BaseAuthenticationToken token = null;
    authHeader = authHeader.trim();
    String[] parts = authHeader.split(" ");
    if (parts.length == 2) {
        String authType = parts[0];
        String authInfo = parts[1];
        if (authType.equalsIgnoreCase(AUTHENTICATION_SCHEME_BASIC)) {
            byte[] decode = Base64.getDecoder().decode(authInfo);
            if (decode != null) {
                String userPass = new String(decode, StandardCharsets.UTF_8);
                String[] authComponents = userPass.split(":");
                if (authComponents.length == 2) {
                    token = getBaseAuthenticationToken(realm, authComponents[0], authComponents[1]);
                } else if ((authComponents.length == 1) && (userPass.endsWith(":"))) {
                    token = getBaseAuthenticationToken(realm, authComponents[0], "");
                }
            }
        }
    }
    return token;
}

Example 7 with BaseAuthenticationToken

use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.

the class IdpEndpoint method handleLogin.

protected org.opensaml.saml.saml2.core.Response handleLogin(AuthnRequest authnRequest, String authMethod, HttpServletRequest request, AuthObj authObj, boolean passive, boolean hasCookie) throws SecurityServiceException, WSSecurityException, SimpleSign.SignatureException, ConstraintViolationException {
    LOGGER.debug("Performing login for user. passive: {}, cookie: {}", passive, hasCookie);
    BaseAuthenticationToken token = null;
    request.setAttribute(ContextPolicy.ACTIVE_REALM, BaseAuthenticationToken.ALL_REALM);
    if (PKI.equals(authMethod)) {
        LOGGER.debug("Logging user in via PKI.");
        PKIHandler pkiHandler = new PKIHandler();
        pkiHandler.setTokenFactory(tokenFactory);
        try {
            HandlerResult handlerResult = pkiHandler.getNormalizedToken(request, null, null, false);
            if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
                token = handlerResult.getToken();
            }
        } catch (ServletException e) {
            LOGGER.info("Encountered an exception while checking for PKI auth info.", e);
        }
    } else if (USER_PASS.equals(authMethod)) {
        LOGGER.debug("Logging user in via BASIC auth.");
        if (authObj != null && authObj.username != null && authObj.password != null) {
            token = new UPAuthenticationToken(authObj.username, authObj.password, BaseAuthenticationToken.ALL_REALM);
        } else {
            BasicAuthenticationHandler basicAuthenticationHandler = new BasicAuthenticationHandler();
            HandlerResult handlerResult = basicAuthenticationHandler.getNormalizedToken(request, null, null, false);
            if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
                token = handlerResult.getToken();
            }
        }
    } else if (SAML.equals(authMethod)) {
        LOGGER.debug("Logging user in via SAML assertion.");
        token = new SAMLAuthenticationToken(null, authObj.assertion, BaseAuthenticationToken.ALL_REALM);
    } else if (GUEST.equals(authMethod) && guestAccess) {
        LOGGER.debug("Logging user in as Guest.");
        token = new GuestAuthenticationToken(BaseAuthenticationToken.ALL_REALM, request.getRemoteAddr());
    } else {
        throw new IllegalArgumentException("Auth method is not supported.");
    }
    org.w3c.dom.Element samlToken = null;
    String statusCode;
    if (hasCookie) {
        samlToken = getSamlAssertion(request);
        statusCode = StatusCode.SUCCESS;
    } else {
        try {
            statusCode = StatusCode.AUTHN_FAILED;
            Subject subject = securityManager.getSubject(token);
            for (Object principal : subject.getPrincipals().asList()) {
                if (principal instanceof SecurityAssertion) {
                    SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
                    samlToken = securityToken.getToken();
                }
            }
            if (samlToken != null) {
                statusCode = StatusCode.SUCCESS;
            }
        } catch (SecurityServiceException e) {
            if (!passive) {
                throw e;
            } else {
                statusCode = StatusCode.AUTHN_FAILED;
            }
        }
    }
    LOGGER.debug("User log in successful.");
    return SamlProtocol.createResponse(SamlProtocol.createIssuer(SystemBaseUrl.constructUrl("/idp/login", true)), SamlProtocol.createStatus(statusCode), authnRequest.getID(), samlToken);
}

Example 8 with BaseAuthenticationToken

use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.

the class PKITokenValidator method getPKITokenFromTarget.

private PKIAuthenticationToken getPKITokenFromTarget(ReceivedToken validateTarget) {
    Object token = validateTarget.getToken();
    if ((token instanceof BinarySecurityTokenType) && PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE.equals(((BinarySecurityTokenType) token).getValueType())) {
        String encodedCredential = ((BinarySecurityTokenType) token).getValue();
        LOGGER.debug("Encoded username/password credential: {}", encodedCredential);
        BaseAuthenticationToken base = null;
        try {
            base = PKIAuthenticationToken.parse(encodedCredential, true);
            return new PKIAuthenticationToken(base.getPrincipal(), base.getCredentials().toString(), base.getRealm());
        } catch (WSSecurityException e) {
            LOGGER.info("Unable to parse {} from encodedToken.", PKIAuthenticationToken.class.getSimpleName(), e);
            return null;
        }
    }
    return null;
}

Example 9 with BaseAuthenticationToken

use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.

the class UPBSTValidator method getUsernameTokenFromTarget.

private UPAuthenticationToken getUsernameTokenFromTarget(ReceivedToken validateTarget) {
    Object token = validateTarget.getToken();
    if ((token instanceof BinarySecurityTokenType) && UPAuthenticationToken.UP_TOKEN_VALUE_TYPE.equals(((BinarySecurityTokenType) token).getValueType())) {
        String encodedCredential = ((BinarySecurityTokenType) token).getValue();
        LOGGER.debug("Encoded username/password credential: {}", encodedCredential);
        BaseAuthenticationToken base = null;
        try {
            base = UPAuthenticationToken.parse(encodedCredential, true);
            return new UPAuthenticationToken(base.getPrincipal().toString(), base.getCredentials().toString(), base.getRealm());
        } catch (WSSecurityException e) {
            LOGGER.info("Unable to parse {} from encodedToken.", UPAuthenticationToken.class.getSimpleName(), e);
            return null;
        }
    }
    return null;
}

Example 10 with BaseAuthenticationToken

use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.

the class AbstractStsRealm method doGetAuthenticationInfo.

/**
     * Perform authentication based on the supplied token.
     */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
    String method = "doGetAuthenticationInfo(    AuthenticationToken token )";
    Object credential;
    if (token instanceof SAMLAuthenticationToken) {
        credential = token.getCredentials();
    } else if (token instanceof BaseAuthenticationToken) {
        credential = ((BaseAuthenticationToken) token).getCredentialsAsXMLString();
    } else {
        credential = token.getCredentials().toString();
    }
    if (credential == null) {
        String msg = "Unable to authenticate credential.  A NULL credential was provided in the supplied authentication token. This may be due to an error with the SSO server that created the token.";
        LOGGER.info(msg);
        throw new AuthenticationException(msg);
    } else {
        //removed the credentials from the log message for now, I don't think we should be dumping user/pass into log
        LOGGER.debug("Received credentials.");
    }
    SecurityToken securityToken;
    if (token instanceof SAMLAuthenticationToken && credential instanceof SecurityToken) {
        securityToken = renewSecurityToken((SecurityToken) credential);
    } else {
        securityToken = requestSecurityToken(credential);
    }
    LOGGER.debug("Creating token authentication information with SAML.");
    SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    SecurityAssertion assertion = new SecurityAssertionImpl(securityToken);
    principals.add(assertion.getPrincipal(), NAME);
    principals.add(assertion, NAME);
    simpleAuthenticationInfo.setPrincipals(principals);
    simpleAuthenticationInfo.setCredentials(credential);
    return simpleAuthenticationInfo;
}