Example 1 with LoginEvent
use of org.dcache.xrootd.door.LoginEvent in project dcache by dCache.
the class AccessLogHandler method userEventTriggered.
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
if (evt instanceof LoginEvent) {
LoginReply loginReply = ((LoginEvent) evt).getLoginReply();
Subject subject = loginReply.getSubject();
NetLoggerBuilder log = new NetLoggerBuilder(INFO, "org.dcache.xrootd.login").omitNullValues();
log.add("session", CDC.getSession());
log.add("user.dn", Subjects.getDn(subject));
log.add("user.sub", Subjects.getPrincipalNames(subject, OidcSubjectPrincipal.class));
log.add("user.jti", Subjects.getPrincipalNames(subject, JwtJtiPrincipal.class));
log.add("user.mapped", subject);
log.toLogger(logger);
}
ctx.fireUserEventTriggered(evt);
}
Also used :
OidcSubjectPrincipal(org.dcache.auth.OidcSubjectPrincipal)
LoginEvent(org.dcache.xrootd.door.LoginEvent)
LoginReply(org.dcache.auth.LoginReply)
JwtJtiPrincipal(org.dcache.auth.JwtJtiPrincipal)
Subject(javax.security.auth.Subject)
NetLoggerBuilder(org.dcache.util.NetLoggerBuilder)
Example 2 with LoginEvent
use of org.dcache.xrootd.door.LoginEvent in project dcache by dCache.
the class GplazmaLoginSciTokenValidator method validate.
@Override
public void validate(ChannelHandlerContext ctx, String token) throws XrootdException {
Subject tokenSubject = new Subject();
tokenSubject.getPrivateCredentials().add(new BearerTokenCredential(token));
LoginReply loginReply;
try {
LOGGER.debug("getting login reply with: {}.", tokenSubject.getPrivateCredentials());
loginReply = loginStrategy.login(tokenSubject);
} catch (PermissionDeniedCacheException e) {
throw new XrootdException(kXR_NotAuthorized, e.toString());
} catch (CacheException e) {
throw new XrootdException(kXR_ServerError, e.toString());
}
/**
* It is possible the the user is already logged in via a standard
* authentication protocol. In that case, the XrootdRedirectHandler
* in the door already has stored a Restriction object and user
* metadata. This needs to be overwritten with the current values.
*/
LOGGER.debug("notifying door of new login reply: {}.", loginReply);
ctx.fireUserEventTriggered(new LoginEvent(loginReply));
}
Also used :
PermissionDeniedCacheException(diskCacheV111.util.PermissionDeniedCacheException)
PermissionDeniedCacheException(diskCacheV111.util.PermissionDeniedCacheException)
CacheException(diskCacheV111.util.CacheException)
LoginReply(org.dcache.auth.LoginReply)
LoginEvent(org.dcache.xrootd.door.LoginEvent)
BearerTokenCredential(org.dcache.auth.BearerTokenCredential)
XrootdException(org.dcache.xrootd.core.XrootdException)
Subject(javax.security.auth.Subject)
Aggregations
Subject (javax.security.auth.Subject)2
LoginReply (org.dcache.auth.LoginReply)2
LoginEvent (org.dcache.xrootd.door.LoginEvent)2
CacheException (diskCacheV111.util.CacheException)1
PermissionDeniedCacheException (diskCacheV111.util.PermissionDeniedCacheException)1
BearerTokenCredential (org.dcache.auth.BearerTokenCredential)1
JwtJtiPrincipal (org.dcache.auth.JwtJtiPrincipal)1
OidcSubjectPrincipal (org.dcache.auth.OidcSubjectPrincipal)1
NetLoggerBuilder (org.dcache.util.NetLoggerBuilder)1
XrootdException (org.dcache.xrootd.core.XrootdException)1
