Search in sources :

Example 1 with AuthenticationToken

use of org.platformlayer.auth.AuthenticationToken in project platformlayer by platformlayer.

the class SimpleMultitenantConfiguration method build.

public static MultitenantConfiguration build(Configuration configuration, EncryptionStore encryptionStore, AuthenticationService authenticationService, AuthenticationTokenValidator authenticationTokenValidator) throws OpsException {
    String projectKey = configuration.lookup("multitenant.project", null);
    String username = configuration.lookup("multitenant.user", null);
    String password = configuration.lookup("multitenant.password", null);
    String certAlias = configuration.lookup("multitenant.cert", null);
    CertificateAndKey certificateAndKey = null;
    if (certAlias != null) {
        certificateAndKey = encryptionStore.getCertificateAndKey(certAlias);
    }
    String message = "Invalid multitenant configuration";
    if (username == null || projectKey == null) {
        throw new OpsException(message);
    }
    AuthenticationToken authn = null;
    if (certificateAndKey != null) {
        try {
            authn = authenticationService.authenticateWithCertificate(username, certificateAndKey.getPrivateKey(), certificateAndKey.getCertificateChain());
        } catch (PlatformlayerAuthenticationClientException e) {
            throw new OpsException(message, e);
        }
    } else if (password != null) {
        log.warn("Using password authentication with multitenant");
        if (!ApplicationMode.isDevelopment()) {
            throw new IllegalStateException();
        }
        try {
            authn = authenticationService.authenticateWithPassword(username, password);
        } catch (PlatformlayerAuthenticationClientException e) {
            throw new OpsException(message, e);
        }
    }
    if (authn == null) {
        throw new OpsException(message);
    }
    ProjectAuthorization authz = authenticationTokenValidator.validateToken(authn, projectKey);
    if (authz == null) {
        throw new OpsException(message);
    }
    // {
    // try {
    // project = userRepository.findProject(user, projectKey);
    // } catch (RepositoryException e) {
    // throw new OpsException(message, e);
    // }
    // 
    // if (project == null) {
    // throw new OpsException(message);
    // }
    // }
    List<PlatformLayerKey> mappedItems = Lists.newArrayList();
    for (String key : Splitter.on(",").split(configuration.lookup("multitenant.keys", ""))) {
        String[] tokens = key.split("/");
        if (tokens.length != 2) {
            throw new IllegalStateException();
        }
        String serviceType = tokens[0];
        String itemType = tokens[1];
        mappedItems.add(PlatformLayerKey.fromServiceAndItem(serviceType, itemType));
    }
    if (mappedItems.isEmpty()) {
        throw new OpsException(message);
    }
    MultitenantConfiguration config = new SimpleMultitenantConfiguration(authz, mappedItems);
    return config;
}
Also used : OpsException(org.platformlayer.ops.OpsException) AuthenticationToken(org.platformlayer.auth.AuthenticationToken) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) PlatformlayerAuthenticationClientException(org.platformlayer.auth.PlatformlayerAuthenticationClientException) PlatformLayerKey(org.platformlayer.core.model.PlatformLayerKey) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) MultitenantConfiguration(org.platformlayer.ops.MultitenantConfiguration)

Example 2 with AuthenticationToken

use of org.platformlayer.auth.AuthenticationToken in project platformlayer by platformlayer.

the class OpsAuthenticationFilter method findCredentials.

// protected void populateScope(Scope authenticatedScope, Authentication auth) throws Exception {
// authenticatedScope.put(Authentication.class, auth);
// 
// OpsProject project;
// OpsUser user = null;
// if (auth instanceof DirectAuthentication) {
// project = ((DirectAuthentication) auth).getOpsProject();
// if (project == null) {
// throw new IllegalStateException();
// }
// } else {
// KeystoneUser keystoneUser = new KeystoneUser((KeystoneUserAuthentication) auth);
// user = keystoneUser;
// 
// // String projectKey = auth.getProject().getName();
// // project = authenticationService.findProject(user, projectKey);
// //
// // if (project == null) {
// // log.warn("Project not found: " + projectKey);
// // throw new SecurityException();
// // }
// }
// 
// OpsAuthentication opsAuthentication = new OpsAuthentication(auth, user, project);
// 
// authenticatedScope.put(OpsAuthentication.class, opsAuthentication);
// }
protected AuthenticationCredentials findCredentials(HttpServletRequest httpRequest) throws Exception {
    AuthenticationCredentials creds = null;
    final String authToken = httpRequest.getHeader("X-Auth-Token");
    if (authToken != null) {
        creds = new AuthenticationCredentials() {

            @Override
            public AuthenticationToken getToken() {
                return new PlatformlayerAuthenticationToken(authToken);
            }
        };
    }
    if (creds == null) {
        // Direct authentication
        // TODO: Enforce SSL?
        String authKey = httpRequest.getHeader("X-Auth-Key");
        String authSecret = httpRequest.getHeader("X-Auth-Secret");
        if (authKey != null && authSecret != null) {
            creds = DirectAuthentication.build(authKey, authSecret);
        }
    }
    return creds;
}
Also used : AuthenticationCredentials(org.platformlayer.model.AuthenticationCredentials) PlatformlayerAuthenticationToken(org.platformlayer.auth.PlatformlayerAuthenticationToken) AuthenticationToken(org.platformlayer.auth.AuthenticationToken) PlatformlayerAuthenticationToken(org.platformlayer.auth.PlatformlayerAuthenticationToken)

Aggregations

AuthenticationToken (org.platformlayer.auth.AuthenticationToken)2 CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)1 PlatformlayerAuthenticationClientException (org.platformlayer.auth.PlatformlayerAuthenticationClientException)1 PlatformlayerAuthenticationToken (org.platformlayer.auth.PlatformlayerAuthenticationToken)1 PlatformLayerKey (org.platformlayer.core.model.PlatformLayerKey)1 AuthenticationCredentials (org.platformlayer.model.AuthenticationCredentials)1 ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)1 MultitenantConfiguration (org.platformlayer.ops.MultitenantConfiguration)1 OpsException (org.platformlayer.ops.OpsException)1