Examples with DesiredRole - org.dcache.auth.DesiredRole

Example 1 with DesiredRole

use of org.dcache.auth.DesiredRole in project dcache by dCache.

the class AuthenticationHandler method addAuthCredentialsToSubject.

private void addAuthCredentialsToSubject(HttpServletRequest request, Subject subject) throws PermissionDeniedCacheException {
    Optional<AuthInfo> optional = parseAuthenticationHeader(request);
    if (optional.isPresent()) {
        AuthInfo info = optional.get();
        switch(info.getScheme()) {
            case HttpServletRequest.BASIC_AUTH:
                if (!_isBasicAuthenticationEnabled) {
                    return;
                }
                try {
                    byte[] bytes = Base64.getDecoder().decode(info.getData().getBytes(StandardCharsets.US_ASCII));
                    String credential = new String(bytes, StandardCharsets.UTF_8);
                    int colon = credential.indexOf(":");
                    if (colon >= 0) {
                        String user = credential.substring(0, colon);
                        int lastHash = user.lastIndexOf('#');
                        if (lastHash != -1 && lastHash < (user.length() - 1)) {
                            Splitter.on(',').trimResults().omitEmptyStrings().split(user.substring(lastHash + 1)).forEach(r -> subject.getPrincipals().add(new DesiredRole(r)));
                            user = user.substring(0, lastHash);
                        }
                        String password = credential.substring(colon + 1);
                        subject.getPrivateCredentials().add(new PasswordCredential(user, password));
                    } else {
                        subject.getPrincipals().add(new LoginNamePrincipal(credential));
                    }
                } catch (IllegalArgumentException e) {
                    LOG.warn("Authentication Data in the header received is not Base64 encoded {}", request.getHeader("Authorization"));
                }
                break;
            case "BEARER":
                if (!_acceptBearerTokenUnencrypted && !request.isSecure()) {
                    throw new PermissionDeniedCacheException("not allowed to send bearer token unencrypted");
                }
                try {
                    subject.getPrivateCredentials().add(new BearerTokenCredential(info.getData()));
                } catch (IllegalArgumentException e) {
                    LOG.info("Bearer Token in invalid {}", request.getHeader("Authorization"));
                }
                break;
            default:
                LOG.debug("Unknown authentication scheme {}", info.getScheme());
        }
    }
}

Also used : PermissionDeniedCacheException(diskCacheV111.util.PermissionDeniedCacheException) PasswordCredential(org.dcache.auth.PasswordCredential) DesiredRole(org.dcache.auth.DesiredRole) BearerTokenCredential(org.dcache.auth.BearerTokenCredential) LoginNamePrincipal(org.dcache.auth.LoginNamePrincipal)

Aggregations

PermissionDeniedCacheException (diskCacheV111.util.PermissionDeniedCacheException)1 BearerTokenCredential (org.dcache.auth.BearerTokenCredential)1 DesiredRole (org.dcache.auth.DesiredRole)1 LoginNamePrincipal (org.dcache.auth.LoginNamePrincipal)1 PasswordCredential (org.dcache.auth.PasswordCredential)1