Example 11 with BaseAuthenticationToken
use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class TestStsRealm method testDoGetAuthenticationInfoBase.
@Ignore
@Test
public void testDoGetAuthenticationInfoBase() throws ParserConfigurationException, SAXException, IOException {
Element issuedAssertion = this.readDocument("/saml.xml").getDocumentElement();
String assertionId = issuedAssertion.getAttributeNodeNS(null, "ID").getNodeValue();
final SecurityToken token = new SecurityToken(assertionId, issuedAssertion, null);
StsRealm realm = new StsRealm() {
protected SecurityToken requestSecurityToken(Object obj) {
return token;
}
protected STSClient configureStsClient() {
return null;
}
};
BaseAuthenticationToken authenticationToken = mock(BaseAuthenticationToken.class);
when(authenticationToken.getCredentialsAsXMLString()).thenReturn("creds");
AuthenticationInfo authenticationInfo = realm.doGetAuthenticationInfo(authenticationToken);
assertNotNull(authenticationInfo.getCredentials());
assertNotNull(authenticationInfo.getPrincipals());
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Element(org.w3c.dom.Element)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Example 12 with BaseAuthenticationToken
use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class TestStsRealm method testSupports.
@Test
public void testSupports() {
StsRealm realm = new StsRealm();
AuthenticationToken authenticationToken = mock(SAMLAuthenticationToken.class);
when(authenticationToken.getCredentials()).thenReturn("creds");
boolean supports = realm.supports(authenticationToken);
assertEquals(true, supports);
authenticationToken = mock(BSTAuthenticationToken.class);
when(authenticationToken.getCredentials()).thenReturn("creds");
supports = realm.supports(authenticationToken);
assertEquals(true, supports);
authenticationToken = mock(BaseAuthenticationToken.class);
when(authenticationToken.getCredentials()).thenReturn("creds");
supports = realm.supports(authenticationToken);
assertEquals(true, supports);
authenticationToken = mock(BaseAuthenticationToken.class);
when(authenticationToken.getCredentials()).thenReturn(null);
supports = realm.supports(authenticationToken);
assertEquals(false, supports);
supports = realm.supports(null);
assertEquals(false, supports);
WssStsRealm wssStsRealm = new WssStsRealm();
BaseAuthenticationToken baseAuthTok = mock(BaseAuthenticationToken.class);
when(baseAuthTok.isUseWssSts()).thenReturn(false);
when(baseAuthTok.getCredentials()).thenReturn("creds");
assertEquals(true, realm.supports(baseAuthTok));
assertEquals(false, wssStsRealm.supports(baseAuthTok));
when(baseAuthTok.isUseWssSts()).thenReturn(true);
assertEquals(false, realm.supports(baseAuthTok));
assertEquals(true, wssStsRealm.supports(baseAuthTok));
}
Also used :
BSTAuthenticationToken(org.codice.ddf.security.handler.api.BSTAuthenticationToken)
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
BSTAuthenticationToken(org.codice.ddf.security.handler.api.BSTAuthenticationToken)
SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
Test(org.junit.Test)
Example 13 with BaseAuthenticationToken
use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class AbstractPKIHandler method getNormalizedToken.
/**
* Handler implementing PKI authentication. Returns the {@link org.codice.ddf.security.handler.api.HandlerResult} containing
* a BinarySecurityToken if the operation was successful.
*
* @param request http request to obtain attributes from and to pass into any local filter chains required
* @param response http response to return http responses or redirects
* @param chain original filter chain (should not be called from your handler)
* @param resolve flag with true implying that credentials should be obtained, false implying return if no credentials are found.
* @return result of handling this request - status and optional tokens
* @throws ServletException
*/
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, FilterChain chain, boolean resolve) throws ServletException {
String realm = (String) request.getAttribute(ContextPolicy.ACTIVE_REALM);
HandlerResult handlerResult = new HandlerResult(HandlerResult.Status.NO_ACTION, null);
handlerResult.setSource(realm + "-" + SOURCE);
HttpServletRequest httpRequest = (HttpServletRequest) request;
String path = httpRequest.getServletPath();
LOGGER.debug("Doing PKI authentication and authorization for path {}", path);
//doesn't matter what the resolve flag is set to, we do the same action
BaseAuthenticationToken token = extractAuthenticationInfo(realm, (X509Certificate[]) httpRequest.getAttribute("javax.servlet.request.X509Certificate"));
X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
HttpServletResponse httpResponse = response instanceof HttpServletResponse ? (HttpServletResponse) response : null;
// The httpResponse was null, return no action and try to process with other handlers
if (httpResponse == null && resolve) {
LOGGER.debug("HTTP Response was null for request {}", path);
return handlerResult;
}
// No auth info was extracted, return NO_ACTION
if (token == null) {
return handlerResult;
}
// CRL was specified, check against CRL and return the result or throw a ServletException to the WebSSOFilter
if (crlChecker.passesCrlCheck(certs)) {
handlerResult.setToken(token);
handlerResult.setStatus(HandlerResult.Status.COMPLETED);
} else {
String errorMsg = "The certificate used to complete the request has been revoked.";
LOGGER.info(errorMsg);
throw new ServletException(errorMsg);
}
return handlerResult;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
X509Certificate(java.security.cert.X509Certificate)
Example 14 with BaseAuthenticationToken
use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class AbstractBasicAuthenticationHandler method getNormalizedToken.
/**
* Processes the incoming request to retrieve the username/password tokens. Handles responding
* to the client that authentication is needed if they are not present in the request.
* Returns the {@link org.codice.ddf.security.handler.api.HandlerResult} for the HTTP Request.
*
* @param request http request to obtain attributes from and to pass into any local filter chains required
* @param response http response to return http responses or redirects
* @param chain original filter chain (should not be called from your handler)
* @param resolve flag with true implying that credentials should be obtained, false implying return if no credentials are found.
* @return
*/
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, FilterChain chain, boolean resolve) {
String realm = (String) request.getAttribute(ContextPolicy.ACTIVE_REALM);
HandlerResult handlerResult = new HandlerResult(HandlerResult.Status.NO_ACTION, null);
handlerResult.setSource(realm + "-" + SOURCE);
HttpServletRequest httpRequest = (HttpServletRequest) request;
String path = httpRequest.getServletPath();
LOGGER.debug("Handling request for path {}", path);
LOGGER.debug("Doing authentication and authorization for path {}", path);
BaseAuthenticationToken token = extractAuthenticationInfo(httpRequest);
// we found credentials, attach to result and return with completed status
if (token != null) {
handlerResult.setToken(token);
handlerResult.setStatus(HandlerResult.Status.COMPLETED);
return handlerResult;
}
// we didn't find the credentials, see if we are to do anything or not
if (resolve) {
doAuthPrompt(realm, (HttpServletResponse) response);
handlerResult.setStatus(HandlerResult.Status.REDIRECTED);
}
return handlerResult;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Example 15 with BaseAuthenticationToken
use of org.codice.ddf.security.handler.api.BaseAuthenticationToken in project ddf by codice.
the class LoginFilter method validateRequest.
private Subject validateRequest(final HttpServletRequest httpRequest) throws IOException, ServletException {
Subject subject = null;
Object ddfAuthToken = httpRequest.getAttribute(DDF_AUTHENTICATION_TOKEN);
if (ddfAuthToken instanceof HandlerResult) {
HandlerResult result = (HandlerResult) ddfAuthToken;
BaseAuthenticationToken thisToken = result.getToken();
/*
* If the user has already authenticated they will have a valid SAML token. Validate
* that here and create the subject from the token.
*/
if (thisToken instanceof SAMLAuthenticationToken) {
subject = handleAuthenticationToken(httpRequest, (SAMLAuthenticationToken) thisToken);
} else if (thisToken != null) {
subject = handleAuthenticationToken(httpRequest, thisToken);
}
}
return subject;
}
Also used :
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken)
Subject(ddf.security.Subject)
Aggregations
BaseAuthenticationToken (org.codice.ddf.security.handler.api.BaseAuthenticationToken)15
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)5
SAMLAuthenticationToken (org.codice.ddf.security.handler.api.SAMLAuthenticationToken)4
UPAuthenticationToken (org.codice.ddf.security.handler.api.UPAuthenticationToken)4
Test (org.junit.Test)4
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)3
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)3
Subject (ddf.security.Subject)2
SecurityAssertion (ddf.security.assertion.SecurityAssertion)2
ServletException (javax.servlet.ServletException)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
AttributedString (org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)2
PasswordString (org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)2
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
PKIAuthenticationToken (org.codice.ddf.security.handler.api.PKIAuthenticationToken)2
Element (org.w3c.dom.Element)2
SecurityAssertionImpl (ddf.security.assertion.impl.SecurityAssertionImpl)1
SecurityServiceException (ddf.security.service.SecurityServiceException)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
