Example 6 with UPAuthenticationToken
use of org.codice.ddf.security.handler.api.UPAuthenticationToken in project ddf by codice.
the class UserManagerImpl method authenticate.
/**
* @param authentication The {@link Authentication} that proves the users identity. {@link org.apache.ftpserver.usermanager.AnonymousAuthentication} is not permitted
* @return {@link User} upon successful authorization
* @throws AuthenticationFailedException upon unsuccessful authorization
*/
public User authenticate(Authentication authentication) throws AuthenticationFailedException {
UPAuthenticationToken upAuthenticationToken;
String username;
User user;
if (authentication instanceof UsernamePasswordAuthentication) {
username = ((UsernamePasswordAuthentication) authentication).getUsername();
upAuthenticationToken = new UPAuthenticationToken(username, ((UsernamePasswordAuthentication) authentication).getPassword());
try {
Subject subject = securityManager.getSubject(upAuthenticationToken);
if (subject != null) {
if (!doesExist(username)) {
user = createUser(username, subject);
} else {
user = getUserByName(username);
updateUserSubject(user, subject);
}
return user;
}
} catch (SecurityServiceException e) {
LOGGER.info("Failure to retrieve subject.", e);
throw new AuthenticationFailedException("Failure to retrieve subject.");
}
}
throw new AuthenticationFailedException("Authentication failed");
}
Also used :
SecurityServiceException(ddf.security.service.SecurityServiceException)
FtpUser(ddf.catalog.ftp.user.FtpUser)
User(org.apache.ftpserver.ftplet.User)
AuthenticationFailedException(org.apache.ftpserver.ftplet.AuthenticationFailedException)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
UsernamePasswordAuthentication(org.apache.ftpserver.usermanager.UsernamePasswordAuthentication)
Subject(ddf.security.Subject)
Example 7 with UPAuthenticationToken
use of org.codice.ddf.security.handler.api.UPAuthenticationToken in project ddf by codice.
the class UPBSTValidator method getUsernameTokenFromTarget.
private UPAuthenticationToken getUsernameTokenFromTarget(ReceivedToken validateTarget) {
Object token = validateTarget.getToken();
if ((token instanceof BinarySecurityTokenType) && UPAuthenticationToken.UP_TOKEN_VALUE_TYPE.equals(((BinarySecurityTokenType) token).getValueType())) {
String encodedCredential = ((BinarySecurityTokenType) token).getValue();
LOGGER.debug("Encoded username/password credential: {}", encodedCredential);
BaseAuthenticationToken base = null;
try {
base = UPAuthenticationToken.parse(encodedCredential, true);
return new UPAuthenticationToken(base.getPrincipal().toString(), base.getCredentials().toString(), base.getRealm());
} catch (WSSecurityException e) {
LOGGER.info("Unable to parse {} from encodedToken.", UPAuthenticationToken.class.getSimpleName(), e);
return null;
}
}
return null;
}
Also used :
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)
PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)
Example 8 with UPAuthenticationToken
use of org.codice.ddf.security.handler.api.UPAuthenticationToken in project ddf by codice.
the class UPBSTValidatorTest method setup.
@Before
public void setup() {
niceValidator.setContextName("realm");
meanValidator.setContextName("realm");
stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(new Merlin());
when(stsPropertiesMBean.getCallbackHandler()).thenReturn(callbacks -> {
});
UPAuthenticationToken upAuthenticationToken = new UPAuthenticationToken("good", "password", "realm");
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setValueType(UPAuthenticationToken.UP_TOKEN_VALUE_TYPE);
binarySecurityTokenType.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenType.setId(UPAuthenticationToken.BST_USERNAME_LN);
binarySecurityTokenType.setValue(upAuthenticationToken.getEncodedCredentials());
upbstToken = new JAXBElement<>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenType);
failedLoginDelayer = mock(FailedLoginDelayer.class);
}
Also used :
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
QName(javax.xml.namespace.QName)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
Merlin(org.apache.wss4j.common.crypto.Merlin)
FailedLoginDelayer(org.codice.ddf.security.common.FailedLoginDelayer)
Before(org.junit.Before)
Example 9 with UPAuthenticationToken
use of org.codice.ddf.security.handler.api.UPAuthenticationToken in project ddf by codice.
the class AuthenticationEndpointTest method mockUser.
private void mockUser(String username, String password, String realm) throws SecurityServiceException {
Subject subject = mock(Subject.class);
SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
SecurityToken securityToken = mock(SecurityToken.class);
when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
PrincipalCollection collection = mock(PrincipalCollection.class);
Iterator iter = mock(Iterator.class);
when(iter.hasNext()).thenReturn(true, false);
when(iter.next()).thenReturn(securityAssertion);
when(collection.iterator()).thenReturn(iter);
when(subject.getPrincipals()).thenReturn(collection);
UPAuthenticationToken token = new UPAuthenticationToken(username, password, realm);
when(securityManager.getSubject(argThat(new UsernamePasswordTokenMatcher(token)))).thenReturn(subject);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Iterator(java.util.Iterator)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Subject(ddf.security.Subject)
Example 10 with UPAuthenticationToken
use of org.codice.ddf.security.handler.api.UPAuthenticationToken in project ddf by codice.
the class AuthenticationEndpoint method login.
@POST
public Response login(@Context HttpServletRequest request, @FormParam("username") String username, @FormParam("password") String password, @FormParam("prevurl") String prevurl) throws SecurityServiceException {
// Make sure we're using HTTPS
if (!request.isSecure()) {
throw new IllegalArgumentException("Authentication request must use TLS.");
}
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
// Get the realm from the previous url
String realm = BaseAuthenticationToken.DEFAULT_REALM;
ContextPolicy policy = contextPolicyManager.getContextPolicy(prevurl);
if (policy != null) {
realm = policy.getRealm();
}
// Create an authentication token
UPAuthenticationToken authenticationToken = new UPAuthenticationToken(username, password, realm);
// Authenticate
Subject subject = securityManager.getSubject(authenticationToken);
if (subject == null) {
throw new SecurityServiceException("Authentication failed");
}
for (Object principal : subject.getPrincipals()) {
if (principal instanceof SecurityAssertion) {
SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
if (securityToken == null) {
LOGGER.debug("Cannot add null security token to session");
continue;
}
// Create a session and add the security token
session = sessionFactory.getOrCreateSession(request);
SecurityTokenHolder holder = (SecurityTokenHolder) session.getAttribute(SecurityConstants.SAML_ASSERTION);
holder.addSecurityToken(realm, securityToken);
}
}
// Redirect to the previous url
URI redirect = uriInfo.getBaseUriBuilder().replacePath(prevurl).build();
return Response.seeOther(redirect).build();
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityTokenHolder(ddf.security.common.SecurityTokenHolder)
HttpSession(javax.servlet.http.HttpSession)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
URI(java.net.URI)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
Subject(ddf.security.Subject)
POST(javax.ws.rs.POST)
Aggregations
UPAuthenticationToken (org.codice.ddf.security.handler.api.UPAuthenticationToken)11
Subject (ddf.security.Subject)5
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)5
SecurityAssertion (ddf.security.assertion.SecurityAssertion)4
SecurityServiceException (ddf.security.service.SecurityServiceException)4
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)3
BaseAuthenticationToken (org.codice.ddf.security.handler.api.BaseAuthenticationToken)3
SecurityTokenHolder (ddf.security.common.SecurityTokenHolder)2
SecurityManager (ddf.security.service.SecurityManager)2
HttpSession (javax.servlet.http.HttpSession)2
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)2
AttributedString (org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)2
PasswordString (org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)2
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)2
Element (org.w3c.dom.Element)2
FtpUser (ddf.catalog.ftp.user.FtpUser)1
URI (java.net.URI)1
Principal (java.security.Principal)1
ArrayList (java.util.ArrayList)1
