Examples with BasicAuthenticationHandler - org.codice.ddf.security.handler.basic.BasicAuthenticationHandler

Example 1 with BasicAuthenticationHandler

use of org.codice.ddf.security.handler.basic.BasicAuthenticationHandler in project ddf by codice.

the class GuestHandler method getAuthToken.

/**
     * Returns BSTAuthenticationToken for the HttpServletRequest
     *
     * @param request http request to obtain attributes from and to pass into any local filter chains required
     * @return BSTAuthenticationToken
     */
private BaseAuthenticationToken getAuthToken(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
    //check for basic auth first
    String realm = (String) request.getAttribute(ContextPolicy.ACTIVE_REALM);
    BasicAuthenticationHandler basicAuthenticationHandler = new BasicAuthenticationHandler();
    HandlerResult handlerResult = basicAuthenticationHandler.getNormalizedToken(request, response, chain, false);
    if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
        return handlerResult.getToken();
    }
    //if basic fails, check for PKI
    PKIHandler pkiHandler = new PKIHandler();
    pkiHandler.setTokenFactory(tokenFactory);
    try {
        handlerResult = pkiHandler.getNormalizedToken(request, response, chain, false);
        if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
            return handlerResult.getToken();
        }
    } catch (ServletException e) {
        LOGGER.info("Encountered an exception while checking for PKI auth info.", e);
    }
    return new GuestAuthenticationToken(realm, request.getRemoteAddr());
}

Also used : ServletException(javax.servlet.ServletException) GuestAuthenticationToken(org.codice.ddf.security.handler.api.GuestAuthenticationToken) PKIHandler(org.codice.ddf.security.handler.pki.PKIHandler) BasicAuthenticationHandler(org.codice.ddf.security.handler.basic.BasicAuthenticationHandler) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)

Example 2 with BasicAuthenticationHandler

use of org.codice.ddf.security.handler.basic.BasicAuthenticationHandler in project ddf by codice.

the class IdpEndpoint method handleLogin.

protected org.opensaml.saml.saml2.core.Response handleLogin(AuthnRequest authnRequest, String authMethod, HttpServletRequest request, AuthObj authObj, boolean passive, boolean hasCookie) throws SecurityServiceException, WSSecurityException, SimpleSign.SignatureException, ConstraintViolationException {
    LOGGER.debug("Performing login for user. passive: {}, cookie: {}", passive, hasCookie);
    BaseAuthenticationToken token = null;
    request.setAttribute(ContextPolicy.ACTIVE_REALM, BaseAuthenticationToken.ALL_REALM);
    if (PKI.equals(authMethod)) {
        LOGGER.debug("Logging user in via PKI.");
        PKIHandler pkiHandler = new PKIHandler();
        pkiHandler.setTokenFactory(tokenFactory);
        try {
            HandlerResult handlerResult = pkiHandler.getNormalizedToken(request, null, null, false);
            if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
                token = handlerResult.getToken();
            }
        } catch (ServletException e) {
            LOGGER.info("Encountered an exception while checking for PKI auth info.", e);
        }
    } else if (USER_PASS.equals(authMethod)) {
        LOGGER.debug("Logging user in via BASIC auth.");
        if (authObj != null && authObj.username != null && authObj.password != null) {
            token = new UPAuthenticationToken(authObj.username, authObj.password, BaseAuthenticationToken.ALL_REALM);
        } else {
            BasicAuthenticationHandler basicAuthenticationHandler = new BasicAuthenticationHandler();
            HandlerResult handlerResult = basicAuthenticationHandler.getNormalizedToken(request, null, null, false);
            if (handlerResult.getStatus().equals(HandlerResult.Status.COMPLETED)) {
                token = handlerResult.getToken();
            }
        }
    } else if (SAML.equals(authMethod)) {
        LOGGER.debug("Logging user in via SAML assertion.");
        token = new SAMLAuthenticationToken(null, authObj.assertion, BaseAuthenticationToken.ALL_REALM);
    } else if (GUEST.equals(authMethod) && guestAccess) {
        LOGGER.debug("Logging user in as Guest.");
        token = new GuestAuthenticationToken(BaseAuthenticationToken.ALL_REALM, request.getRemoteAddr());
    } else {
        throw new IllegalArgumentException("Auth method is not supported.");
    }
    org.w3c.dom.Element samlToken = null;
    String statusCode;
    if (hasCookie) {
        samlToken = getSamlAssertion(request);
        statusCode = StatusCode.SUCCESS;
    } else {
        try {
            statusCode = StatusCode.AUTHN_FAILED;
            Subject subject = securityManager.getSubject(token);
            for (Object principal : subject.getPrincipals().asList()) {
                if (principal instanceof SecurityAssertion) {
                    SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
                    samlToken = securityToken.getToken();
                }
            }
            if (samlToken != null) {
                statusCode = StatusCode.SUCCESS;
            }
        } catch (SecurityServiceException e) {
            if (!passive) {
                throw e;
            } else {
                statusCode = StatusCode.AUTHN_FAILED;
            }
        }
    }
    LOGGER.debug("User log in successful.");
    return SamlProtocol.createResponse(SamlProtocol.createIssuer(SystemBaseUrl.constructUrl("/idp/login", true)), SamlProtocol.createStatus(statusCode), authnRequest.getID(), samlToken);
}

Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) GuestAuthenticationToken(org.codice.ddf.security.handler.api.GuestAuthenticationToken) PKIHandler(org.codice.ddf.security.handler.pki.PKIHandler) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) SecurityAssertion(ddf.security.assertion.SecurityAssertion) SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken) Subject(ddf.security.Subject) ServletException(javax.servlet.ServletException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Element(org.w3c.dom.Element) BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken) BasicAuthenticationHandler(org.codice.ddf.security.handler.basic.BasicAuthenticationHandler) SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject) SignableXMLObject(org.opensaml.xmlsec.signature.SignableXMLObject) XMLObject(org.opensaml.core.xml.XMLObject)

Aggregations

ServletException (javax.servlet.ServletException)2 GuestAuthenticationToken (org.codice.ddf.security.handler.api.GuestAuthenticationToken)2 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)2 BasicAuthenticationHandler (org.codice.ddf.security.handler.basic.BasicAuthenticationHandler)2 PKIHandler (org.codice.ddf.security.handler.pki.PKIHandler)2 Subject (ddf.security.Subject)1 SecurityAssertion (ddf.security.assertion.SecurityAssertion)1 SecurityServiceException (ddf.security.service.SecurityServiceException)1 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)1 BaseAuthenticationToken (org.codice.ddf.security.handler.api.BaseAuthenticationToken)1 SAMLAuthenticationToken (org.codice.ddf.security.handler.api.SAMLAuthenticationToken)1 UPAuthenticationToken (org.codice.ddf.security.handler.api.UPAuthenticationToken)1 XMLObject (org.opensaml.core.xml.XMLObject)1 SignableSAMLObject (org.opensaml.saml.common.SignableSAMLObject)1 SignableXMLObject (org.opensaml.xmlsec.signature.SignableXMLObject)1 Element (org.w3c.dom.Element)1