Search in sources :

Example 26 with ContextPolicy

use of org.codice.ddf.security.policy.context.ContextPolicy in project ddf by codice.

the class WebSSOFilter method getHandlerList.

private List<AuthenticationHandler> getHandlerList(String path) {
    List<AuthenticationHandler> handlers = new ArrayList<>();
    String handlerAuthMethod;
    if (contextPolicyManager != null) {
        ContextPolicy policy = contextPolicyManager.getContextPolicy(path);
        if (policy != null) {
            Collection<String> authMethods = policy.getAuthenticationMethods();
            for (String authMethod : authMethods) {
                for (AuthenticationHandler handler : this.handlerList) {
                    handlerAuthMethod = handler.getAuthenticationType();
                    LOGGER.trace("Handler auth method: {} - desired auth method {}", handlerAuthMethod, authMethod);
                    if (handler.getAuthenticationType().equalsIgnoreCase(authMethod)) {
                        handlers.add(handler);
                    }
                }
            }
        }
    } else {
        // if no manager, get a list of all the handlers.
        handlers.addAll(this.handlerList);
    }
    LOGGER.trace("Returning {} handlers that support desired auth methods for path {}", handlers.size(), path);
    return handlers;
}
Also used : ArrayList(java.util.ArrayList) AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)

Example 27 with ContextPolicy

use of org.codice.ddf.security.policy.context.ContextPolicy in project ddf by codice.

the class PolicyManager method getContextPolicy.

private ContextPolicy getContextPolicy(String path, Map<String, ContextPolicy> policyStore, List<String> whiteListContexts, int depth) {
    ContextPolicy entry;
    entry = policyStore.get(path);
    if (entry != null) {
        return entry;
    } else if (whiteListContexts.contains(path)) {
        return null;
    } else {
        String pathFragment = rollbackPath(path);
        if (StringUtils.isNotEmpty(pathFragment) && depth <= traversalDepth) {
            return getContextPolicy(pathFragment, policyStore, whiteListContexts, ++depth);
        } else {
            // if we get down to the point where we can never get an entry, return the default
            return policyStore.get(ROOT_CONTEXT);
        }
    }
}
Also used : ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)

Example 28 with ContextPolicy

use of org.codice.ddf.security.policy.context.ContextPolicy in project ddf by codice.

the class PolicyManager method setContextPolicy.

@Override
public void setContextPolicy(String path, ContextPolicy newContextPolicy) {
    if (path == null) {
        throw new IllegalArgumentException("Context path cannot be null.");
    }
    if (!path.startsWith(ROOT_CONTEXT)) {
        throw new IllegalArgumentException("Context path must start with /");
    }
    if (newContextPolicy == null) {
        throw new IllegalArgumentException("Context policy cannot be null.");
    }
    LOGGER.debug("setContextPolicy called with path = {}", path);
    // gather all authorization types & required attributes
    Map<String, List<ContextAttributeMapping>> contextsToAttrs = new HashMap<>();
    Map<String, List<String>> contextsToAuths = new HashMap<>();
    for (ContextPolicy contextPolicy : getPolicyStore().values()) {
        contextsToAttrs.put(contextPolicy.getContextPath(), new ArrayList<>(contextPolicy.getAllowedAttributes()));
        contextsToAuths.put(contextPolicy.getContextPath(), new ArrayList<>(contextPolicy.getAuthenticationMethods()));
    }
    // duplicate and add the new context policy
    List<ContextAttributeMapping> newContextAttrs = newContextPolicy.getAllowedAttributes().stream().map(contextAttribute -> new DefaultContextAttributeMapping(contextAttribute.getContext(), contextAttribute.getAttributeName(), contextAttribute.getAttributeValue())).collect(Collectors.toList());
    Collection<String> newContextAuths = new ArrayList<>();
    newContextAuths.addAll(newContextPolicy.getAuthenticationMethods());
    if (newContextAttrs != null) {
        contextsToAttrs.put(path, new ArrayList<>(newContextAttrs));
    }
    contextsToAuths.put(path, new ArrayList<>(newContextAuths));
    setPolicyStore(contextsToAuths, contextsToAttrs);
}
Also used : Arrays(java.util.Arrays) StringUtils(org.apache.commons.lang.StringUtils) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) FileAlterationObserver(org.apache.commons.io.monitor.FileAlterationObserver) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Map(java.util.Map) ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping) Path(java.nio.file.Path) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) PropertiesLoader(org.codice.ddf.platform.util.properties.PropertiesLoader) Logger(org.slf4j.Logger) FileAlterationListener(org.apache.commons.io.monitor.FileAlterationListener) SecurityLogger(ddf.security.audit.SecurityLogger) Collection(java.util.Collection) FileAlterationMonitor(org.apache.commons.io.monitor.FileAlterationMonitor) Set(java.util.Set) PrivilegedAction(java.security.PrivilegedAction) Collectors(java.util.stream.Collectors) File(java.io.File) PropertyResolver(org.codice.ddf.configuration.PropertyResolver) TimeUnit(java.util.concurrent.TimeUnit) List(java.util.List) FileFilter(java.io.FileFilter) Paths(java.nio.file.Paths) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping) AccessController(java.security.AccessController) Collections(java.util.Collections) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) ArrayList(java.util.ArrayList) List(java.util.List) ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)

Example 29 with ContextPolicy

use of org.codice.ddf.security.policy.context.ContextPolicy in project admin-console-beta by connexta.

the class PolicyManagerServiceProperties method contextPolicyServiceToContextPolicyFields.

public ContextPolicyBin.ListImpl contextPolicyServiceToContextPolicyFields(ServiceReader serviceReader) {
    ContextPolicyManager policyManager = serviceReader.getServiceReference(ContextPolicyManager.class);
    List<ContextPolicyBin> policies = new ArrayList<>();
    Collection<ContextPolicy> allPolicies = policyManager.getAllContextPolicies();
    for (ContextPolicy policy : allPolicies) {
        Map<String, String> policyRequiredAttributes = policy.getAllowedAttributes().stream().collect(Collectors.toMap(ContextAttributeMapping::getAttributeName, ContextAttributeMapping::getAttributeValue));
        policies.add(new ContextPolicyBin(serviceReader).addClaimsMap(policyRequiredAttributes).authTypes(policy.getAuthenticationMethods()).addContextPath(policy.getContextPath()));
    }
    // Check if bin containing an identical context policy exists already, if so add the context
    // path to it
    // Do this after pulling the configuration so that values are matched to their appropriate enums
    List<ContextPolicyBin> collapsedBins = new ArrayList<>();
    for (ContextPolicyBin bin : policies) {
        boolean foundBin = false;
        for (ContextPolicyBin collapsedBin : collapsedBins) {
            if (ListUtils.isEqualList(bin.authTypes(), collapsedBin.authTypes()) && bin.claimsMapping().equals(collapsedBin.claimsMapping())) {
                for (ContextPath contextPath : bin.contextFields().getList()) {
                    collapsedBin.addContextPath(contextPath);
                }
                foundBin = true;
                break;
            }
        }
        if (!foundBin) {
            collapsedBins.add(bin);
        }
    }
    return new ContextPolicyBin.ListImpl(serviceReader).addAll(collapsedBins);
}
Also used : ContextPath(org.codice.ddf.admin.common.fields.common.ContextPath) ArrayList(java.util.ArrayList) ContextPolicyBin(org.codice.ddf.admin.security.common.fields.wcpm.ContextPolicyBin) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)

Aggregations

ContextPolicy (org.codice.ddf.security.policy.context.ContextPolicy)29 Test (org.junit.Test)12 HttpServletRequest (javax.servlet.http.HttpServletRequest)11 ContextPolicyManager (org.codice.ddf.security.policy.context.ContextPolicyManager)10 ArrayList (java.util.ArrayList)8 HttpServletResponse (javax.servlet.http.HttpServletResponse)8 AuthenticationHandler (org.codice.ddf.security.handler.api.AuthenticationHandler)6 ServletRequest (javax.servlet.ServletRequest)5 ServletResponse (javax.servlet.ServletResponse)5 SecurityFilterChain (org.codice.ddf.platform.filter.SecurityFilterChain)5 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)5 CollectionPermission (ddf.security.permission.CollectionPermission)4 HashMap (java.util.HashMap)4 List (java.util.List)4 ContextAttributeMapping (org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping)4 DefaultContextAttributeMapping (org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)4 Map (java.util.Map)3 HttpSession (javax.servlet.http.HttpSession)3 AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)3 ImmutableMap (com.google.common.collect.ImmutableMap)2