use of org.dcache.auth.LoginReply in project dcache by dCache.
the class AccessLogHandler method userEventTriggered.
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof LoginEvent) {
LoginReply loginReply = ((LoginEvent) evt).getLoginReply();
Subject subject = loginReply.getSubject();
NetLoggerBuilder log = new NetLoggerBuilder(INFO, "org.dcache.xrootd.login").omitNullValues();
log.add("session", CDC.getSession());
log.add("user.dn", Subjects.getDn(subject));
log.add("user.sub", Subjects.getPrincipalNames(subject, OidcSubjectPrincipal.class));
log.add("user.jti", Subjects.getPrincipalNames(subject, JwtJtiPrincipal.class));
log.add("user.mapped", subject);
log.toLogger(logger);
}
ctx.fireUserEventTriggered(evt);
}
use of org.dcache.auth.LoginReply in project dcache by dCache.
the class SrmService method messageArrived.
public SrmResponse messageArrived(SrmRequest request) throws SRMException {
try {
CertPath certPath = getFirst(request.getSubject().getPublicCredentials(CertPath.class), null);
LoginReply login = new LoginReply(request.getSubject(), request.getLoginAttributes());
SRMUser user = userManager.persist(certPath, login);
String requestName = request.getRequestName();
Class<?> requestClass = request.getRequest().getClass();
String capitalizedRequestName = Character.toUpperCase(requestName.charAt(0)) + requestName.substring(1);
LOGGER.debug("About to call {} handler", requestName);
Constructor<?> handlerConstructor;
Object handler;
Method handleGetResponseMethod;
try {
Class<?> handlerClass = Class.forName("org.dcache.srm.handler." + capitalizedRequestName);
handlerConstructor = handlerClass.getConstructor(SRMUser.class, requestClass, AbstractStorageElement.class, SRM.class, String.class);
handler = handlerConstructor.newInstance(user, request.getRequest(), storage, srm, request.getRemoteHost());
if (handler instanceof CredentialAwareHandler) {
CredentialAwareHandler credentialAware = (CredentialAwareHandler) handler;
RequestCredential requestCredential = saveRequestCredential(request.getSubject(), request.getCredential());
credentialAware.setCredential(requestCredential);
}
handleGetResponseMethod = handlerClass.getMethod("getResponse");
} catch (ClassNotFoundException e) {
if (LOGGER.isDebugEnabled()) {
LOGGER.info("handler discovery and dynamic loading failed", e);
} else {
LOGGER.info("handler discovery and dynamic loading failed");
}
throw new SRMNotSupportedException(requestName + " is unsupported");
}
Object result = handleGetResponseMethod.invoke(handler);
return new SrmResponse(id, result);
} catch (CertificateEncodingException | KeyStoreException e) {
throw new SRMInternalErrorException("Failed to process certificate chain.", e);
} catch (InvocationTargetException | NoSuchMethodException | InstantiationException | IllegalAccessException | RuntimeException e) {
LOGGER.error("Please report this failure to support@dcache.org", e);
throw new SRMInternalErrorException("Internal error (server log contains additional information)");
}
}
use of org.dcache.auth.LoginReply in project dcache by dCache.
the class MessageHandler method messageArrived.
public LoginMessage messageArrived(CellMessage envelope, LoginMessage message) throws CacheException {
ScheduledFuture<?> timeoutTask = scheduleTimeoutTask(envelope);
try {
LoginReply login = _loginStrategy.login(message.getSubject());
message.setSubject(login.getSubject());
message.setLoginAttributes(login.getLoginAttributes());
} catch (RuntimeException e) {
LOGGER.error("Login operation failed", e);
throw new PermissionDeniedCacheException(e.getMessage());
} finally {
timeoutTask.cancel(false);
}
return message;
}
use of org.dcache.auth.LoginReply in project dcache by dCache.
the class GplazmaLoginSciTokenValidator method validate.
@Override
public void validate(ChannelHandlerContext ctx, String token) throws XrootdException {
Subject tokenSubject = new Subject();
tokenSubject.getPrivateCredentials().add(new BearerTokenCredential(token));
LoginReply loginReply;
try {
LOGGER.debug("getting login reply with: {}.", tokenSubject.getPrivateCredentials());
loginReply = loginStrategy.login(tokenSubject);
} catch (PermissionDeniedCacheException e) {
throw new XrootdException(kXR_NotAuthorized, e.toString());
} catch (CacheException e) {
throw new XrootdException(kXR_ServerError, e.toString());
}
/**
* It is possible the the user is already logged in via a standard
* authentication protocol. In that case, the XrootdRedirectHandler
* in the door already has stored a Restriction object and user
* metadata. This needs to be overwritten with the current values.
*/
LOGGER.debug("notifying door of new login reply: {}.", loginReply);
ctx.fireUserEventTriggered(new LoginEvent(loginReply));
}
use of org.dcache.auth.LoginReply in project dcache by dCache.
the class AbstractFtpDoorV1 method login.
/**
* Subject is logged in using the current login strategy.
*/
protected void login(Subject subject) throws CacheException {
LoginReply login = _loginStrategy.login(subject);
acceptLogin(login.getSubject(), login.getLoginAttributes(), login.getRestriction(), _settings.getRoot() == null ? null : FsPath.create(_settings.getRoot()));
}
Aggregations