use of org.dcache.xrootd.door.LoginEvent in project dcache by dCache.
the class AccessLogHandler method userEventTriggered.
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof LoginEvent) {
LoginReply loginReply = ((LoginEvent) evt).getLoginReply();
Subject subject = loginReply.getSubject();
NetLoggerBuilder log = new NetLoggerBuilder(INFO, "org.dcache.xrootd.login").omitNullValues();
log.add("session", CDC.getSession());
log.add("user.dn", Subjects.getDn(subject));
log.add("user.sub", Subjects.getPrincipalNames(subject, OidcSubjectPrincipal.class));
log.add("user.jti", Subjects.getPrincipalNames(subject, JwtJtiPrincipal.class));
log.add("user.mapped", subject);
log.toLogger(logger);
}
ctx.fireUserEventTriggered(evt);
}
use of org.dcache.xrootd.door.LoginEvent in project dcache by dCache.
the class GplazmaLoginSciTokenValidator method validate.
@Override
public void validate(ChannelHandlerContext ctx, String token) throws XrootdException {
Subject tokenSubject = new Subject();
tokenSubject.getPrivateCredentials().add(new BearerTokenCredential(token));
LoginReply loginReply;
try {
LOGGER.debug("getting login reply with: {}.", tokenSubject.getPrivateCredentials());
loginReply = loginStrategy.login(tokenSubject);
} catch (PermissionDeniedCacheException e) {
throw new XrootdException(kXR_NotAuthorized, e.toString());
} catch (CacheException e) {
throw new XrootdException(kXR_ServerError, e.toString());
}
/**
* It is possible the the user is already logged in via a standard
* authentication protocol. In that case, the XrootdRedirectHandler
* in the door already has stored a Restriction object and user
* metadata. This needs to be overwritten with the current values.
*/
LOGGER.debug("notifying door of new login reply: {}.", loginReply);
ctx.fireUserEventTriggered(new LoginEvent(loginReply));
}
Aggregations