use of org.dcache.auth.attributes.LoginAttribute in project dcache by dCache.
the class UserResource method getUserAttributes.
@GET
@ApiOperation(value = "Provide information about the current user.", notes = "An introspection endpoint to allow the client to discover " + "information about the current user.")
@Produces(MediaType.APPLICATION_JSON)
public UserAttributes getUserAttributes(@Context HttpServletRequest request) {
UserAttributes user = new UserAttributes();
Subject subject = RequestUser.getSubject();
if (Subjects.isNobody(subject)) {
user.setStatus(UserAttributes.AuthenticationStatus.ANONYMOUS);
user.setUid(null);
user.setGids(null);
user.setRoles(null);
} else {
user.setStatus(UserAttributes.AuthenticationStatus.AUTHENTICATED);
user.setUid(Subjects.getUid(subject));
user.setUsername(Subjects.getUserName(subject));
List<Long> gids = Arrays.stream(Subjects.getGids(subject)).boxed().collect(Collectors.toList());
user.setGids(gids);
List<String> emails = Subjects.getEmailAddresses(subject);
user.setEmail(emails.isEmpty() ? null : emails);
for (LoginAttribute attribute : getLoginAttributes(request)) {
if (attribute instanceof HomeDirectory) {
user.setHomeDirectory(((HomeDirectory) attribute).getHome());
} else if (attribute instanceof RootDirectory) {
user.setRootDirectory(((RootDirectory) attribute).getRoot());
} else if (attribute instanceof Role) {
if (user.getRoles() == null) {
user.setRoles(new ArrayList<>());
}
user.getRoles().add(((Role) attribute).getRole());
} else if (attribute instanceof UnassertedRole) {
if (user.getUnassertedRoles() == null) {
user.setUnassertedRoles(new ArrayList<>());
}
user.getUnassertedRoles().add(((UnassertedRole) attribute).getRole());
}
}
}
return user;
}
use of org.dcache.auth.attributes.LoginAttribute in project dcache by dCache.
the class OmniSessionPlugin method session.
@Override
public void session(Set<Principal> principals, Set<Object> sessionAttributes) throws AuthenticationException {
Configuration config = file.get().orElseThrow(() -> new AuthenticationException("bad config file"));
List<LoginAttribute> attributes = config.attributesFor(principals);
Set<Class> existingSessionAttributes = sessionAttributes.stream().map(Object::getClass).collect(Collectors.toSet());
attributes.stream().filter(a -> !existingSessionAttributes.contains(a.getClass())).forEach(sessionAttributes::add);
}
use of org.dcache.auth.attributes.LoginAttribute in project dcache by dCache.
the class ParsedConfiguration method attributesFor.
@Override
public List<LoginAttribute> attributesFor(Set<Principal> principals) throws AuthenticationException {
Set<Class<? extends LoginAttribute>> addedAttributes = new HashSet<>();
List<LoginAttribute> attributesToAdd = new ArrayList<>();
StringBuilder errorLineNumbers = new StringBuilder();
int errorLineNumberToAdd = -1;
for (ParsedLine line : configLines) {
if (!principals.stream().anyMatch(p -> line.predicate.test(p))) {
continue;
}
if (line.isFailure()) {
if (errorLineNumberToAdd != -1) {
if (errorLineNumbers.length() != 0) {
errorLineNumbers.append(", ");
}
errorLineNumbers.append(errorLineNumberToAdd);
}
errorLineNumberToAdd = line.lineNumber;
LOGGER.debug("Login touched bad line {}: {}", line.lineNumber, line.error);
} else {
if (errorLineNumberToAdd == -1) {
for (LoginAttribute attribute : line.attributes) {
if (!addedAttributes.contains(attribute.getClass())) {
addedAttributes.add(attribute.getClass());
attributesToAdd.add(attribute);
LOGGER.debug("Adding attribute from line {}: {}", line.lineNumber, attribute);
} else {
LOGGER.debug("Skipping attribute from line {}: {}", line.lineNumber, attribute);
}
}
}
}
}
if (errorLineNumberToAdd != -1) {
boolean moreThanOneErrorLine = errorLineNumbers.length() > 0;
if (moreThanOneErrorLine) {
errorLineNumbers.append(" and ");
}
errorLineNumbers.append(errorLineNumberToAdd);
String msg = "Bad " + (moreThanOneErrorLine ? "lines" : "line") + ": " + errorLineNumbers;
LOGGER.debug("Aborting login: {}", msg);
throw new AuthenticationException(msg);
}
for (LoginAttribute attribute : defaultAttributes) {
if (!addedAttributes.contains(attribute.getClass())) {
addedAttributes.add(attribute.getClass());
attributesToAdd.add(attribute);
LOGGER.debug("Adding default attribute {}", attribute);
} else {
LOGGER.debug("Skipping default attribute {}, already applied", attribute);
}
}
if (attributesToAdd.isEmpty()) {
throw new AuthenticationException("Unknown user");
}
return attributesToAdd;
}
use of org.dcache.auth.attributes.LoginAttribute in project dcache by dCache.
the class SrmHandler method dispatch.
private Object dispatch(Subject subject, String requestName, Object request) throws CacheException, InterruptedException, SRMException, NoRouteToCellException {
X509Credential credential = Axis.getDelegatedCredential().orElse(null);
String remoteIP = Axis.getRemoteAddress();
String remoteHost = isClientDNSLookup ? InetAddresses.forUriString(remoteIP).getCanonicalHostName() : remoteIP;
Set<LoginAttribute> loginAttributes = AuthenticationHandler.getLoginAttributes(Axis.getHttpServletRequest());
Function<Object, SrmRequest> toMessage = req -> new SrmRequest(subject, loginAttributes, credential, remoteHost, requestName, req);
try {
switch(requestName) {
case "srmGetRequestTokens":
return dispatch((SrmGetRequestTokensRequest) request, toMessage);
case "srmGetRequestSummary":
return dispatch((SrmGetRequestSummaryRequest) request, toMessage);
case "srmReleaseFiles":
return dispatch((SrmReleaseFilesRequest) request, toMessage);
case "srmExtendFileLifeTime":
// special processing.
return dispatch(request, toMessage);
default:
return dispatch(request, toMessage);
}
} catch (ExecutionException e) {
Throwables.propagateIfInstanceOf(e.getCause(), SRMException.class);
Throwables.propagateIfInstanceOf(e.getCause(), CacheException.class);
Throwables.propagateIfInstanceOf(e.getCause(), NoRouteToCellException.class);
Throwables.throwIfUnchecked(e);
throw new RuntimeException(e);
}
}
use of org.dcache.auth.attributes.LoginAttribute in project dcache by dCache.
the class Gplazma2LoginStrategy method convertLoginReply.
private LoginReply convertLoginReply(org.dcache.gplazma.LoginReply gPlazmaLoginReply) {
Set<Object> sessionAttributes = gPlazmaLoginReply.getSessionAttributes();
Set<LoginAttribute> loginAttributes = sessionAttributes.stream().filter(LoginAttribute.class::isInstance).map(LoginAttribute.class::cast).collect(Collectors.toSet());
sessionAttributes.stream().filter(RootDirectory.class::isInstance).map(RootDirectory.class::cast).filter(att -> !att.getRoot().equals("/")).map(att -> FsPath.create(att.getRoot())).map(_createPrefixRestriction).forEach(loginAttributes::add);
Subject replyUser = filterPrincipals(gPlazmaLoginReply.getSubject(), AUTHENTICATION_OUTPUT, "LoginReply");
return new LoginReply(replyUser, loginAttributes);
}
Aggregations