Examples with HandlerResult org.codice.ddf.security.handler.api.HandlerResult used on opensource projects

Example 61 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class PKIHandlerTest method testGetNormalizedTokenFailsWhenCrlFails.

/**
 * Tests that the PKIHandler returns REDIRECTED when the cert fails to pass the CRL check
 */
@Test
public void testGetNormalizedTokenFailsWhenCrlFails() throws Exception {
    PKIHandler handler = getPKIHandlerWithMockedCrl(false);
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    SecurityFilterChain chain = mock(SecurityFilterChain.class);
    when(request.getAttribute(("javax.servlet.request.X509Certificate"))).thenReturn(getTestCerts());
    // should return REDIRECTED
    HandlerResult handlerResult = handler.getNormalizedToken(request, response, chain, true);
    assertThat(handlerResult.getStatus(), equalTo(HandlerResult.Status.REDIRECTED));
}

Example 62 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class IdpHandlerTest method testGetNormalizedToken.

@Test
public void testGetNormalizedToken() throws Exception {
    when(httpRequest.getHeader("User-Agent")).thenReturn(BROWSER_USER_AGENT);
    HandlerResult handlerResult = idpHandler.getNormalizedToken(httpRequest, httpResponse, null, false);
    assertThat("Expected a non null handlerRequest", handlerResult, is(notNullValue(HandlerResult.class)));
    assertThat(handlerResult.getStatus(), equalTo(HandlerResult.Status.REDIRECTED));
}

Example 63 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class IdpHandlerTest method testGetNormalizedTokenLegacyClient.

@Test
public void testGetNormalizedTokenLegacyClient() throws Exception {
    HandlerResult handlerResult = idpHandler.getNormalizedToken(httpRequest, httpResponse, null, false);
    assertThat("Expected a non null handlerRequest", handlerResult, is(notNullValue(HandlerResult.class)));
    assertThat(handlerResult.getStatus(), equalTo(HandlerResult.Status.NO_ACTION));
}

Example 64 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class PKIHandler method getNormalizedToken.

/**
 * Handler implementing PKI authentication. Returns the {@link
 * org.codice.ddf.security.handler.api.HandlerResult} containing a BinarySecurityToken if the
 * operation was successful.
 *
 * @param request http request to obtain attributes from and to pass into any local filter chains
 *     required
 * @param response http response to return http responses or redirects
 * @param chain original filter chain (should not be called from your handler)
 * @param resolve flag with true implying that credentials should be obtained, false implying
 *     return if no credentials are found.
 * @return result of handling this request - status and optional tokens
 */
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, SecurityFilterChain chain, boolean resolve) {
    HandlerResult handlerResult = new HandlerResultImpl(HandlerResult.Status.NO_ACTION, null);
    handlerResult.setSource(SOURCE);
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String path = httpRequest.getServletPath();
    LOGGER.debug("Doing PKI authentication and authorization for path {}", path);
    // doesn't matter what the resolve flag is set to, we do the same action
    X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
    AuthenticationToken token = tokenFactory.fromCertificates(certs, request.getRemoteAddr());
    HttpServletResponse httpResponse = response instanceof HttpServletResponse ? (HttpServletResponse) response : null;
    // The httpResponse was null, return no action and try to process with other handlers
    if (httpResponse == null && resolve) {
        LOGGER.debug("HTTP Response was null for request {}", path);
        return handlerResult;
    }
    // No auth info was extracted, return NO_ACTION
    if (token == null) {
        return handlerResult;
    }
    // WebSSOFilter
    if (crlChecker == null) {
        crlChecker = new CrlChecker(securityLogger);
    }
    if (crlChecker.passesCrlCheck(certs) && ocspService.passesOcspCheck(certs)) {
        handlerResult.setToken(token);
        handlerResult.setStatus(HandlerResult.Status.COMPLETED);
    } else {
        if (httpResponse == null) {
            LOGGER.error("Error returning revoked certificate request because the HTTP response object is invalid.");
        } else {
            try {
                httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Your certificate is revoked.");
                httpResponse.flushBuffer();
                LOGGER.info("The certificate used to complete the request has been revoked.");
            } catch (Exception e) {
                LOGGER.error("Error returning revoked certificate request.");
            }
        }
        handlerResult.setStatus(HandlerResult.Status.REDIRECTED);
    }
    return handlerResult;
}

Example 65 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class LoginFilterTest method testInvalidReference.

@Test
public void testInvalidReference() throws Exception {
    HandlerResult result = new HandlerResultImpl(HandlerResult.Status.COMPLETED, referenceTokenMock);
    when(requestMock.getAttribute(AUTHENTICATION_TOKEN_KEY)).thenReturn(result);
    when(sessionMock.getAttribute(SECURITY_TOKEN_KEY)).thenReturn(badPrincipalHolderMock);
    loginFilter.doFilter(requestMock, responseMock, FAIL_FILTER_CHAIN);
    verify(requestMock, times(0)).setAttribute(any(), any());
}