Search in sources :

Example 1 with SubjectAccreditedImpl

use of org.exist.security.internal.SubjectAccreditedImpl in project exist by eXist-db.

the class ActiveDirectoryRealm method authenticate.

/*
	 * (non-Javadoc)
	 * 
	 * @see org.exist.security.Realm#authenticate(java.lang.String,
	 * java.lang.Object)
	 */
@Override
public Subject authenticate(final String username, Object credentials) throws AuthenticationException {
    String[] returnedAtts = { "sn", "givenName", "mail" };
    String searchFilter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
    // Create the search controls
    SearchControls searchCtls = new SearchControls();
    searchCtls.setReturningAttributes(returnedAtts);
    // Specify the search scope
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    LdapContext ctxGC = null;
    boolean ldapUser = false;
    try {
        ctxGC = ensureContextFactory().getLdapContext(username, String.valueOf(credentials));
        // Search objects in GC using filters
        NamingEnumeration<SearchResult> answer = ctxGC.search(((ContextFactory) ensureContextFactory()).getSearchBase(), searchFilter, searchCtls);
        while (answer.hasMoreElements()) {
            SearchResult sr = answer.next();
            Attributes attrs = sr.getAttributes();
            Map<String, Object> amap = null;
            if (attrs != null) {
                amap = new HashMap<>();
                NamingEnumeration<? extends Attribute> ne = attrs.getAll();
                while (ne.hasMore()) {
                    Attribute attr = ne.next();
                    amap.put(attr.getID(), attr.get());
                    ldapUser = true;
                }
                ne.close();
            }
        }
    } catch (NamingException e) {
        e.printStackTrace();
        throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
    }
    if (ldapUser) {
        AbstractAccount account = (AbstractAccount) getAccount(username);
        if (account == null) {
            try (final DBBroker broker = getDatabase().get(Optional.of(getSecurityManager().getSystemSubject()))) {
                // perform as SYSTEM user
                account = (AbstractAccount) getSecurityManager().addAccount(new UserAider(ID, username));
            } catch (Exception e) {
                throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
            }
        }
        return new SubjectAccreditedImpl(account, ctxGC);
    }
    return null;
}
Also used : Attribute(javax.naming.directory.Attribute) AuthenticationException(org.exist.security.AuthenticationException) AbstractAccount(org.exist.security.AbstractAccount) Attributes(javax.naming.directory.Attributes) SearchResult(javax.naming.directory.SearchResult) AuthenticationException(org.exist.security.AuthenticationException) NamingException(javax.naming.NamingException) DBBroker(org.exist.storage.DBBroker) SubjectAccreditedImpl(org.exist.security.internal.SubjectAccreditedImpl) SearchControls(javax.naming.directory.SearchControls) NamingException(javax.naming.NamingException) UserAider(org.exist.security.internal.aider.UserAider) LdapContext(javax.naming.ldap.LdapContext)

Example 2 with SubjectAccreditedImpl

use of org.exist.security.internal.SubjectAccreditedImpl in project exist by eXist-db.

the class IPRangeRealm method authenticate.

@Override
public Subject authenticate(final String ipAddress, final Object credentials) throws AuthenticationException {
    // Elevaste to system privileges
    try (final DBBroker broker = getSecurityManager().database().get(Optional.of(getSecurityManager().getSystemSubject()))) {
        // Convert IP address
        final long ipToTest = ipToLong(InetAddress.getByName(ipAddress));
        // Get xquery service
        final XQuery queryService = broker.getBrokerPool().getXQueryService();
        if (queryService == null) {
            LOG.error("IPRange broker unable to retrieve XQueryService");
            return null;
        }
        // Construct XQuery
        final String query = "collection('/db/system/security/iprange/accounts')/account/" + "iprange[" + ipToTest + " ge number(start) and " + ipToTest + " le number(end)]/../name";
        final XQueryContext context = new XQueryContext(broker.getBrokerPool());
        final CompiledXQuery compiled = queryService.compile(context, query);
        final Properties outputProperties = new Properties();
        // Execute xQuery
        final Sequence result = queryService.execute(broker, compiled, null, outputProperties);
        final SequenceIterator i = result.iterate();
        // Get FIRST username when present
        final String username = i.hasNext() ? i.nextItem().getStringValue() : "";
        if (i.hasNext()) {
            LOG.warn("IP address {} matched multiple ipranges. Using first result only.", ipAddress);
        }
        if (!username.isEmpty()) {
            final Account account = getSecurityManager().getAccount(username);
            if (account != null) {
                LOG.info("IPRangeRealm trying {}", account.getName());
                return new SubjectAccreditedImpl((AbstractAccount) account, ipAddress);
            } else {
                LOG.info("IPRangeRealm couldn't resolve account for {}", username);
            }
        } else {
            LOG.info("IPRangeRealm xquery found no matches");
        }
        return null;
    } catch (final EXistException | UnknownHostException | XPathException | PermissionDeniedException e) {
        throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
    }
}
Also used : UnknownHostException(java.net.UnknownHostException) XPathException(org.exist.xquery.XPathException) CompiledXQuery(org.exist.xquery.CompiledXQuery) XQuery(org.exist.xquery.XQuery) CompiledXQuery(org.exist.xquery.CompiledXQuery) XQueryContext(org.exist.xquery.XQueryContext) Sequence(org.exist.xquery.value.Sequence) EXistException(org.exist.EXistException) Properties(java.util.Properties) DBBroker(org.exist.storage.DBBroker) SequenceIterator(org.exist.xquery.value.SequenceIterator) SubjectAccreditedImpl(org.exist.security.internal.SubjectAccreditedImpl)

Example 3 with SubjectAccreditedImpl

use of org.exist.security.internal.SubjectAccreditedImpl in project exist by eXist-db.

the class DigestAuthenticator method authenticate.

@Override
public Subject authenticate(HttpServletRequest request, HttpServletResponse response, boolean sendChallenge) throws IOException {
    final String credentials = request.getHeader("Authorization");
    if (credentials == null) {
        sendChallenge(request, response);
        return null;
    }
    final Digest digest = new Digest(request.getMethod());
    parseCredentials(digest, credentials);
    final SecurityManager secman = pool.getSecurityManager();
    final AccountImpl user = (AccountImpl) secman.getAccount(digest.username);
    if (user == null) {
        // If user does not exist then send a challenge request again
        if (sendChallenge) {
            sendChallenge(request, response);
        }
        return null;
    }
    if (!digest.check(user.getDigestPassword())) {
        // If password is incorrect then send a challenge request again
        if (sendChallenge) {
            sendChallenge(request, response);
        }
        return null;
    }
    return new SubjectAccreditedImpl(user, this);
}
Also used : SecurityManager(org.exist.security.SecurityManager) MessageDigest(java.security.MessageDigest) SubjectAccreditedImpl(org.exist.security.internal.SubjectAccreditedImpl) AccountImpl(org.exist.security.internal.AccountImpl)

Aggregations

SubjectAccreditedImpl (org.exist.security.internal.SubjectAccreditedImpl)3 DBBroker (org.exist.storage.DBBroker)2 UnknownHostException (java.net.UnknownHostException)1 MessageDigest (java.security.MessageDigest)1 Properties (java.util.Properties)1 NamingException (javax.naming.NamingException)1 Attribute (javax.naming.directory.Attribute)1 Attributes (javax.naming.directory.Attributes)1 SearchControls (javax.naming.directory.SearchControls)1 SearchResult (javax.naming.directory.SearchResult)1 LdapContext (javax.naming.ldap.LdapContext)1 EXistException (org.exist.EXistException)1 AbstractAccount (org.exist.security.AbstractAccount)1 AuthenticationException (org.exist.security.AuthenticationException)1 SecurityManager (org.exist.security.SecurityManager)1 AccountImpl (org.exist.security.internal.AccountImpl)1 UserAider (org.exist.security.internal.aider.UserAider)1 CompiledXQuery (org.exist.xquery.CompiledXQuery)1 XPathException (org.exist.xquery.XPathException)1 XQuery (org.exist.xquery.XQuery)1