Example 1 with LoginReply
use of org.dcache.auth.LoginReply in project dcache by dCache.
the class AccessLogHandler method userEventTriggered.
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof LoginEvent) {
LoginReply loginReply = ((LoginEvent) evt).getLoginReply();
Subject subject = loginReply.getSubject();
NetLoggerBuilder log = new NetLoggerBuilder(INFO, "org.dcache.xrootd.login").omitNullValues();
log.add("session", CDC.getSession());
log.add("user.dn", Subjects.getDn(subject));
log.add("user.sub", Subjects.getPrincipalNames(subject, OidcSubjectPrincipal.class));
log.add("user.jti", Subjects.getPrincipalNames(subject, JwtJtiPrincipal.class));
log.add("user.mapped", subject);
log.toLogger(logger);
}
ctx.fireUserEventTriggered(evt);
}
Also used :
OidcSubjectPrincipal(org.dcache.auth.OidcSubjectPrincipal)
LoginEvent(org.dcache.xrootd.door.LoginEvent)
LoginReply(org.dcache.auth.LoginReply)
JwtJtiPrincipal(org.dcache.auth.JwtJtiPrincipal)
Subject(javax.security.auth.Subject)
NetLoggerBuilder(org.dcache.util.NetLoggerBuilder)
Example 2 with LoginReply
use of org.dcache.auth.LoginReply in project dcache by dCache.
the class SrmService method messageArrived.
public SrmResponse messageArrived(SrmRequest request) throws SRMException {
try {
CertPath certPath = getFirst(request.getSubject().getPublicCredentials(CertPath.class), null);
LoginReply login = new LoginReply(request.getSubject(), request.getLoginAttributes());
SRMUser user = userManager.persist(certPath, login);
String requestName = request.getRequestName();
Class<?> requestClass = request.getRequest().getClass();
String capitalizedRequestName = Character.toUpperCase(requestName.charAt(0)) + requestName.substring(1);
LOGGER.debug("About to call {} handler", requestName);
Constructor<?> handlerConstructor;
Object handler;
Method handleGetResponseMethod;
try {
Class<?> handlerClass = Class.forName("org.dcache.srm.handler." + capitalizedRequestName);
handlerConstructor = handlerClass.getConstructor(SRMUser.class, requestClass, AbstractStorageElement.class, SRM.class, String.class);
handler = handlerConstructor.newInstance(user, request.getRequest(), storage, srm, request.getRemoteHost());
if (handler instanceof CredentialAwareHandler) {
CredentialAwareHandler credentialAware = (CredentialAwareHandler) handler;
RequestCredential requestCredential = saveRequestCredential(request.getSubject(), request.getCredential());
credentialAware.setCredential(requestCredential);
}
handleGetResponseMethod = handlerClass.getMethod("getResponse");
} catch (ClassNotFoundException e) {
if (LOGGER.isDebugEnabled()) {
LOGGER.info("handler discovery and dynamic loading failed", e);
} else {
LOGGER.info("handler discovery and dynamic loading failed");
}
throw new SRMNotSupportedException(requestName + " is unsupported");
}
Object result = handleGetResponseMethod.invoke(handler);
return new SrmResponse(id, result);
} catch (CertificateEncodingException | KeyStoreException e) {
throw new SRMInternalErrorException("Failed to process certificate chain.", e);
} catch (InvocationTargetException | NoSuchMethodException | InstantiationException | IllegalAccessException | RuntimeException e) {
LOGGER.error("Please report this failure to support@dcache.org", e);
throw new SRMInternalErrorException("Internal error (server log contains additional information)");
}
}
Also used :
SRMUser(org.dcache.srm.SRMUser)
SRMNotSupportedException(org.dcache.srm.SRMNotSupportedException)
RequestCredential(org.dcache.srm.request.RequestCredential)
LoginReply(org.dcache.auth.LoginReply)
SRM(org.dcache.srm.SRM)
SRMInternalErrorException(org.dcache.srm.SRMInternalErrorException)
CertPath(java.security.cert.CertPath)
SrmResponse(org.dcache.srm.SrmResponse)
AbstractStorageElement(org.dcache.srm.AbstractStorageElement)
CredentialAwareHandler(org.dcache.srm.handler.CredentialAwareHandler)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Method(java.lang.reflect.Method)
KeyStoreException(java.security.KeyStoreException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Example 3 with LoginReply
use of org.dcache.auth.LoginReply in project dcache by dCache.
the class MessageHandler method messageArrived.
public LoginMessage messageArrived(CellMessage envelope, LoginMessage message) throws CacheException {
ScheduledFuture<?> timeoutTask = scheduleTimeoutTask(envelope);
try {
LoginReply login = _loginStrategy.login(message.getSubject());
message.setSubject(login.getSubject());
message.setLoginAttributes(login.getLoginAttributes());
} catch (RuntimeException e) {
LOGGER.error("Login operation failed", e);
throw new PermissionDeniedCacheException(e.getMessage());
} finally {
timeoutTask.cancel(false);
}
return message;
}
Also used :
PermissionDeniedCacheException(diskCacheV111.util.PermissionDeniedCacheException)
LoginReply(org.dcache.auth.LoginReply)
Example 4 with LoginReply
use of org.dcache.auth.LoginReply in project dcache by dCache.
the class GplazmaLoginSciTokenValidator method validate.
@Override
public void validate(ChannelHandlerContext ctx, String token) throws XrootdException {
Subject tokenSubject = new Subject();
tokenSubject.getPrivateCredentials().add(new BearerTokenCredential(token));
LoginReply loginReply;
try {
LOGGER.debug("getting login reply with: {}.", tokenSubject.getPrivateCredentials());
loginReply = loginStrategy.login(tokenSubject);
} catch (PermissionDeniedCacheException e) {
throw new XrootdException(kXR_NotAuthorized, e.toString());
} catch (CacheException e) {
throw new XrootdException(kXR_ServerError, e.toString());
}
/**
* It is possible the the user is already logged in via a standard
* authentication protocol. In that case, the XrootdRedirectHandler
* in the door already has stored a Restriction object and user
* metadata. This needs to be overwritten with the current values.
*/
LOGGER.debug("notifying door of new login reply: {}.", loginReply);
ctx.fireUserEventTriggered(new LoginEvent(loginReply));
}
Also used :
PermissionDeniedCacheException(diskCacheV111.util.PermissionDeniedCacheException)
PermissionDeniedCacheException(diskCacheV111.util.PermissionDeniedCacheException)
CacheException(diskCacheV111.util.CacheException)
LoginReply(org.dcache.auth.LoginReply)
LoginEvent(org.dcache.xrootd.door.LoginEvent)
BearerTokenCredential(org.dcache.auth.BearerTokenCredential)
XrootdException(org.dcache.xrootd.core.XrootdException)
Subject(javax.security.auth.Subject)
Example 5 with LoginReply
use of org.dcache.auth.LoginReply in project dcache by dCache.
the class AbstractFtpDoorV1 method login.
/**
* Subject is logged in using the current login strategy.
*/
protected void login(Subject subject) throws CacheException {
LoginReply login = _loginStrategy.login(subject);
acceptLogin(login.getSubject(), login.getLoginAttributes(), login.getRestriction(), _settings.getRoot() == null ? null : FsPath.create(_settings.getRoot()));
}
Also used :
LoginReply(org.dcache.auth.LoginReply)
Aggregations
LoginReply (org.dcache.auth.LoginReply)11
Subject (javax.security.auth.Subject)5
PermissionDeniedCacheException (diskCacheV111.util.PermissionDeniedCacheException)4
CacheException (diskCacheV111.util.CacheException)3
CertificateException (java.security.cert.CertificateException)3
IOException (java.io.IOException)2
CertPath (java.security.cert.CertPath)2
SRMInternalErrorException (org.dcache.srm.SRMInternalErrorException)2
XrootdException (org.dcache.xrootd.core.XrootdException)2
LoginEvent (org.dcache.xrootd.door.LoginEvent)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ObjectInputStream (java.io.ObjectInputStream)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
Method (java.lang.reflect.Method)1
InetSocketAddress (java.net.InetSocketAddress)1
UnknownHostException (java.net.UnknownHostException)1
KeyStoreException (java.security.KeyStoreException)1
Principal (java.security.Principal)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
HashSet (java.util.HashSet)1
