use of org.platformlayer.auth.AuthenticationToken in project platformlayer by platformlayer.
the class SimpleMultitenantConfiguration method build.
public static MultitenantConfiguration build(Configuration configuration, EncryptionStore encryptionStore, AuthenticationService authenticationService, AuthenticationTokenValidator authenticationTokenValidator) throws OpsException {
String projectKey = configuration.lookup("multitenant.project", null);
String username = configuration.lookup("multitenant.user", null);
String password = configuration.lookup("multitenant.password", null);
String certAlias = configuration.lookup("multitenant.cert", null);
CertificateAndKey certificateAndKey = null;
if (certAlias != null) {
certificateAndKey = encryptionStore.getCertificateAndKey(certAlias);
}
String message = "Invalid multitenant configuration";
if (username == null || projectKey == null) {
throw new OpsException(message);
}
AuthenticationToken authn = null;
if (certificateAndKey != null) {
try {
authn = authenticationService.authenticateWithCertificate(username, certificateAndKey.getPrivateKey(), certificateAndKey.getCertificateChain());
} catch (PlatformlayerAuthenticationClientException e) {
throw new OpsException(message, e);
}
} else if (password != null) {
log.warn("Using password authentication with multitenant");
if (!ApplicationMode.isDevelopment()) {
throw new IllegalStateException();
}
try {
authn = authenticationService.authenticateWithPassword(username, password);
} catch (PlatformlayerAuthenticationClientException e) {
throw new OpsException(message, e);
}
}
if (authn == null) {
throw new OpsException(message);
}
ProjectAuthorization authz = authenticationTokenValidator.validateToken(authn, projectKey);
if (authz == null) {
throw new OpsException(message);
}
// {
// try {
// project = userRepository.findProject(user, projectKey);
// } catch (RepositoryException e) {
// throw new OpsException(message, e);
// }
//
// if (project == null) {
// throw new OpsException(message);
// }
// }
List<PlatformLayerKey> mappedItems = Lists.newArrayList();
for (String key : Splitter.on(",").split(configuration.lookup("multitenant.keys", ""))) {
String[] tokens = key.split("/");
if (tokens.length != 2) {
throw new IllegalStateException();
}
String serviceType = tokens[0];
String itemType = tokens[1];
mappedItems.add(PlatformLayerKey.fromServiceAndItem(serviceType, itemType));
}
if (mappedItems.isEmpty()) {
throw new OpsException(message);
}
MultitenantConfiguration config = new SimpleMultitenantConfiguration(authz, mappedItems);
return config;
}
use of org.platformlayer.auth.AuthenticationToken in project platformlayer by platformlayer.
the class OpsAuthenticationFilter method findCredentials.
// protected void populateScope(Scope authenticatedScope, Authentication auth) throws Exception {
// authenticatedScope.put(Authentication.class, auth);
//
// OpsProject project;
// OpsUser user = null;
// if (auth instanceof DirectAuthentication) {
// project = ((DirectAuthentication) auth).getOpsProject();
// if (project == null) {
// throw new IllegalStateException();
// }
// } else {
// KeystoneUser keystoneUser = new KeystoneUser((KeystoneUserAuthentication) auth);
// user = keystoneUser;
//
// // String projectKey = auth.getProject().getName();
// // project = authenticationService.findProject(user, projectKey);
// //
// // if (project == null) {
// // log.warn("Project not found: " + projectKey);
// // throw new SecurityException();
// // }
// }
//
// OpsAuthentication opsAuthentication = new OpsAuthentication(auth, user, project);
//
// authenticatedScope.put(OpsAuthentication.class, opsAuthentication);
// }
protected AuthenticationCredentials findCredentials(HttpServletRequest httpRequest) throws Exception {
AuthenticationCredentials creds = null;
final String authToken = httpRequest.getHeader("X-Auth-Token");
if (authToken != null) {
creds = new AuthenticationCredentials() {
@Override
public AuthenticationToken getToken() {
return new PlatformlayerAuthenticationToken(authToken);
}
};
}
if (creds == null) {
// Direct authentication
// TODO: Enforce SSL?
String authKey = httpRequest.getHeader("X-Auth-Key");
String authSecret = httpRequest.getHeader("X-Auth-Secret");
if (authKey != null && authSecret != null) {
creds = DirectAuthentication.build(authKey, authSecret);
}
}
return creds;
}
Aggregations