Examples with HandlerResult org.codice.ddf.security.handler.api.HandlerResult used on opensource projects

Example 36 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class SAMLAssertionHandlerTest method testGetNormalizedTokenFailurewithCookie.

/**
     * This test ensures the proper functionality of SAMLAssertionHandler's
     * method, getNormalizedToken(), when given an invalid HttpServletRequest.
     * Uses legacy SAML cookie
     */
@Test
public void testGetNormalizedTokenFailurewithCookie() {
    SAMLAssertionHandler handler = new SAMLAssertionHandler();
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    FilterChain chain = mock(FilterChain.class);
    when(request.getCookies()).thenReturn(null);
    HandlerResult result = handler.getNormalizedToken(request, response, chain, true);
    assertNotNull(result);
    assertEquals(HandlerResult.Status.NO_ACTION, result.getStatus());
}

Example 37 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class AssertionConsumerService method login.

private boolean login(org.opensaml.saml.saml2.core.Response samlResponse) {
    if (!request.isSecure()) {
        return false;
    }
    Map<String, Cookie> cookieMap = HttpUtils.getCookieMap(request);
    if (cookieMap.containsKey("JSESSIONID")) {
        sessionFactory.getOrCreateSession(request).invalidate();
    }
    String assertionValue = DOM2Writer.nodeToString(samlResponse.getAssertions().get(0).getDOM());
    String encodedAssertion;
    try {
        encodedAssertion = RestSecurity.deflateAndBase64Encode(assertionValue);
    } catch (IOException e) {
        LOGGER.info("Unable to deflate and encode assertion.", e);
        return false;
    }
    final String authHeader = RestSecurity.SAML_HEADER_PREFIX + encodedAssertion;
    HttpServletRequestWrapper wrappedRequest = new HttpServletRequestWrapper(request) {

        @Override
        public String getHeader(String name) {
            if (RestSecurity.AUTH_HEADER.equals(name)) {
                return authHeader;
            }
            return super.getHeader(name);
        }

        @Override
        public Object getAttribute(String name) {
            if (ContextPolicy.ACTIVE_REALM.equals(name)) {
                return "idp";
            }
            return super.getAttribute(name);
        }
    };
    SAMLAssertionHandler samlAssertionHandler = new SAMLAssertionHandler();
    LOGGER.trace("Processing SAML assertion with SAML Handler.");
    HandlerResult samlResult = samlAssertionHandler.getNormalizedToken(wrappedRequest, null, null, false);
    if (samlResult.getStatus() != HandlerResult.Status.COMPLETED) {
        LOGGER.debug("Failed to handle SAML assertion.");
        return false;
    }
    request.setAttribute(WebSSOFilter.DDF_AUTHENTICATION_TOKEN, samlResult);
    request.removeAttribute(ContextPolicy.NO_AUTH_POLICY);
    try {
        LOGGER.trace("Trying to login with provided SAML assertion.");
        loginFilter.doFilter(wrappedRequest, null, (servletRequest, servletResponse) -> {
        });
    } catch (IOException | ServletException e) {
        LOGGER.debug("Failed to apply login filter to SAML assertion", e);
        return false;
    }
    return true;
}

Example 38 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class AbstractBasicAuthenticationHandler method handleError.

@Override
public HandlerResult handleError(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws ServletException {
    String realm = (String) servletRequest.getAttribute(ContextPolicy.ACTIVE_REALM);
    doAuthPrompt(realm, (HttpServletResponse) servletResponse);
    HandlerResult result = new HandlerResult(HandlerResult.Status.REDIRECTED, null);
    result.setSource(realm + "-" + SOURCE);
    LOGGER.debug("In error handler for basic auth - prompted for auth credentials.");
    return result;
}

Example 39 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class AbstractBasicAuthenticationHandler method getNormalizedToken.

/**
     * Processes the incoming request to retrieve the username/password tokens. Handles responding
     * to the client that authentication is needed if they are not present in the request.
     * Returns the {@link org.codice.ddf.security.handler.api.HandlerResult} for the HTTP Request.
     *
     * @param request  http request to obtain attributes from and to pass into any local filter chains required
     * @param response http response to return http responses or redirects
     * @param chain    original filter chain (should not be called from your handler)
     * @param resolve  flag with true implying that credentials should be obtained, false implying return if no credentials are found.
     * @return
     */
@Override
public HandlerResult getNormalizedToken(ServletRequest request, ServletResponse response, FilterChain chain, boolean resolve) {
    String realm = (String) request.getAttribute(ContextPolicy.ACTIVE_REALM);
    HandlerResult handlerResult = new HandlerResult(HandlerResult.Status.NO_ACTION, null);
    handlerResult.setSource(realm + "-" + SOURCE);
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String path = httpRequest.getServletPath();
    LOGGER.debug("Handling request for path {}", path);
    LOGGER.debug("Doing authentication and authorization for path {}", path);
    BaseAuthenticationToken token = extractAuthenticationInfo(httpRequest);
    // we found credentials, attach to result and return with completed status
    if (token != null) {
        handlerResult.setToken(token);
        handlerResult.setStatus(HandlerResult.Status.COMPLETED);
        return handlerResult;
    }
    // we didn't find the credentials, see if we are to do anything or not
    if (resolve) {
        doAuthPrompt(realm, (HttpServletResponse) response);
        handlerResult.setStatus(HandlerResult.Status.REDIRECTED);
    }
    return handlerResult;
}

Example 40 with HandlerResult

use of org.codice.ddf.security.handler.api.HandlerResult in project ddf by codice.

the class GuestHandler method handleError.

@Override
public HandlerResult handleError(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws ServletException {
    HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
    String realm = (String) servletRequest.getAttribute(ContextPolicy.ACTIVE_REALM);
    httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    try {
        httpResponse.getWriter().write(INVALID_MESSAGE);
        httpResponse.flushBuffer();
    } catch (IOException e) {
        LOGGER.debug("Failed to send auth response: {}", e);
    }
    HandlerResult result = new HandlerResult();
    result.setSource(realm + "-GuestHandler");
    LOGGER.debug("In error handler for guest - returning action completed.");
    result.setStatus(HandlerResult.Status.REDIRECTED);
    return result;
}