Example 1 with ActionDescriptor
use of org.simbasecurity.api.service.thrift.ActionDescriptor in project simba-os by cegeka.
the class RequestActionFactoryTest method testCreate.
@Test
public void testCreate() {
ActionDescriptor actionDescriptor = new ActionDescriptor(new HashSet<>(), new HashMap<>(), null, null, null, null);
actionDescriptor.getActionTypes().add(ActionType.MAKE_COOKIE);
actionDescriptor.getActionTypes().add(ActionType.REDIRECT);
List<Action> result = requestActionFactory.create(actionDescriptor);
Assert.assertEquals(2, result.size());
for (Action aResult : result) {
AbstractAction action = (AbstractAction) aResult;
HttpServletRequest request = action.getHttpServletRequest();
Assert.assertNotNull(request);
Assert.assertEquals(REQUEST_VALUE, request.getHeader(REQUEST_HEADER));
HttpServletResponse response = action.getHttpServletResponse();
Assert.assertNotNull(response);
Assert.assertTrue(response.containsHeader(RESPONSE_HEADER));
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ActionDescriptor(org.simbasecurity.api.service.thrift.ActionDescriptor)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Test(org.junit.Test)
Example 2 with ActionDescriptor
use of org.simbasecurity.api.service.thrift.ActionDescriptor in project simba-os by cegeka.
the class SimbaFilter method doFilter.
private void doFilter(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws ServletException, IOException {
if (isUrlExcluded(request)) {
chain.doFilter(request, response);
return;
}
RequestData requestData = RequestUtil.createRequestData(request, simbaWebURL, simbeEidSuccessUrl);
FilterActionFactory actionFactory = new FilterActionFactory(request, response, chain);
THttpClient tHttpClient = null;
try {
tHttpClient = new THttpClient(SimbaConfiguration.getSimbaAuthenticationURL());
TProtocol tProtocol = new TJSONProtocol(tHttpClient);
AuthenticationFilterService.Client authenticationClient = new AuthenticationFilterService.Client(tProtocol);
ActionDescriptor actionDescriptor = authenticationClient.processRequest(requestData, authenticationChainName);
actionFactory.execute(actionDescriptor);
} catch (Exception e) {
throw new ServletException(e);
} finally {
if (tHttpClient != null) {
tHttpClient.close();
}
}
}
Also used :
FilterActionFactory(org.simbasecurity.client.filter.action.FilterActionFactory)
TJSONProtocol(org.apache.thrift.protocol.TJSONProtocol)
AuthenticationFilterService(org.simbasecurity.api.service.thrift.AuthenticationFilterService)
TProtocol(org.apache.thrift.protocol.TProtocol)
RequestData(org.simbasecurity.api.service.thrift.RequestData)
ActionDescriptor(org.simbasecurity.api.service.thrift.ActionDescriptor)
THttpClient(org.apache.thrift.transport.THttpClient)
THttpClient(org.apache.thrift.transport.THttpClient)
IOException(java.io.IOException)
Example 3 with ActionDescriptor
use of org.simbasecurity.api.service.thrift.ActionDescriptor in project simba-os by cegeka.
the class SimbaJAXWSHandler method handleMessage.
@Override
public boolean handleMessage(final SOAPMessageContext context) {
if (isInboundMessage(context)) {
try {
final SOAPHeader header = context.getMessage().getSOAPHeader();
final HttpServletRequest httpServletRequest = (HttpServletRequest) context.get(MessageContext.SERVLET_REQUEST);
final ServletContext servletContext = (ServletContext) context.get(MessageContext.SERVLET_CONTEXT);
final RequestData requestData = RequestUtil.createWSSERequestData(httpServletRequest, header, getSimbaWebURL(servletContext));
THttpClient tHttpClient = null;
try {
tHttpClient = new THttpClient(getSimbaURL(servletContext));
TProtocol tProtocol = new TJSONProtocol(tHttpClient);
AuthenticationFilterService.Client authenticationClient = new AuthenticationFilterService.Client(tProtocol);
ActionDescriptor actionDescriptor = authenticationClient.processRequest(requestData, "wsLoginChain");
if (!actionDescriptor.getActionTypes().contains(ActionType.DO_FILTER_AND_SET_PRINCIPAL)) {
throw new SimbaWSAuthenticationException("Authentication Failed");
}
String username = actionDescriptor.getPrincipal();
Principal principal = null;
if (username != null) {
principal = new UserPrincipal(username);
}
if (principal != null) {
context.put(SimbaPrincipal.SIMBA_USER_CTX_KEY, principal);
context.setScope(SimbaPrincipal.SIMBA_USER_CTX_KEY, MessageContext.Scope.APPLICATION);
}
} finally {
if (tHttpClient != null) {
tHttpClient.close();
}
}
} catch (Exception e) {
throw new SimbaWSAuthenticationException("Authentication Failed", e);
}
}
return true;
}
Also used :
AuthenticationFilterService(org.simbasecurity.api.service.thrift.AuthenticationFilterService)
ActionDescriptor(org.simbasecurity.api.service.thrift.ActionDescriptor)
THttpClient(org.apache.thrift.transport.THttpClient)
UserPrincipal(com.sun.security.auth.UserPrincipal)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
TJSONProtocol(org.apache.thrift.protocol.TJSONProtocol)
TProtocol(org.apache.thrift.protocol.TProtocol)
RequestData(org.simbasecurity.api.service.thrift.RequestData)
ServletContext(javax.servlet.ServletContext)
THttpClient(org.apache.thrift.transport.THttpClient)
SOAPHeader(javax.xml.soap.SOAPHeader)
SimbaPrincipal(org.simbasecurity.client.principal.SimbaPrincipal)
UserPrincipal(com.sun.security.auth.UserPrincipal)
Principal(java.security.Principal)
Example 4 with ActionDescriptor
use of org.simbasecurity.api.service.thrift.ActionDescriptor in project simba-os by cegeka.
the class AddParameterToTargetActionTest method testExecute.
@Test
public void testExecute() throws Exception {
ActionDescriptor actionDescriptor = new ActionDescriptor(new HashSet<ActionType>(), new HashMap<String, String>(), null, null, null, null);
actionDescriptor.getActionTypes().add(ActionType.ADD_PARAMETER_TO_TARGET);
String redirectURL = "http://localhost/redirect";
actionDescriptor.setRedirectURL(redirectURL);
actionDescriptor.getParameterMap().put("param1", "firstParam");
actionDescriptor.getParameterMap().put("param2", "secondParam");
AddParameterToTargetAction action = new AddParameterToTargetAction(actionDescriptor);
action.execute();
String resultUrl = action.getActionDescriptor().getRedirectURL();
String expectedRedirectURL = redirectURL + "?param1=firstParam¶m2=secondParam";
assertEquals(expectedRedirectURL, resultUrl);
}
Also used :
ActionType(org.simbasecurity.api.service.thrift.ActionType)
ActionDescriptor(org.simbasecurity.api.service.thrift.ActionDescriptor)
Test(org.junit.Test)
Example 5 with ActionDescriptor
use of org.simbasecurity.api.service.thrift.ActionDescriptor in project simba-os by cegeka.
the class MakeCookieActionTest method testExecute_WithSecureCookies.
@Test
public void testExecute_WithSecureCookies() throws Exception {
MakeCookieAction.setSecureCookiesEnabled(true);
ActionDescriptor actionDescriptor = new ActionDescriptor(new HashSet<>(), new HashMap<>(), null, null, null, null);
actionDescriptor.getActionTypes().add(ActionType.MAKE_COOKIE);
actionDescriptor.setSsoToken(SSO_TOKEN);
MakeCookieAction action = new MakeCookieAction(actionDescriptor);
action.setRequest(request);
action.setResponse(response);
action.execute();
ArgumentCaptor<Cookie> captor = ArgumentCaptor.forClass(Cookie.class);
verify(response).addCookie(captor.capture());
Cookie cookie = captor.getValue();
assertThat(cookie.getName()).isEqualTo(RequestConstants.SIMBA_SSO_TOKEN);
assertThat(cookie.getValue()).isEqualTo(SSO_TOKEN.getToken());
assertThat(cookie.getSecure()).isTrue();
assertThat(cookie.isHttpOnly()).isTrue();
assertThat(cookie.getPath()).isEqualTo("/");
}
Also used :
Cookie(javax.servlet.http.Cookie)
ActionDescriptor(org.simbasecurity.api.service.thrift.ActionDescriptor)
Test(org.junit.Test)
Aggregations
ActionDescriptor (org.simbasecurity.api.service.thrift.ActionDescriptor)32
Test (org.junit.Test)23
RequestData (org.simbasecurity.api.service.thrift.RequestData)14
THttpClient (org.apache.thrift.transport.THttpClient)10
ActionType (org.simbasecurity.api.service.thrift.ActionType)10
Client (org.simbasecurity.api.service.thrift.AuthenticationFilterService.Client)7
SimbaCredentials (org.simbasecurity.dwclient.dropwizard.credentials.SimbaCredentials)7
ActionDescriptorBuilderForTests (org.simbasecurity.dwclient.test.stub.simba.ActionDescriptorBuilderForTests)7
SSOToken (org.simbasecurity.api.service.thrift.SSOToken)5
ContainerRequest (com.sun.jersey.spi.container.ContainerRequest)4
AuthenticationFilterService (org.simbasecurity.api.service.thrift.AuthenticationFilterService)4
LoginMapping (org.simbasecurity.core.domain.LoginMapping)4
LoginMappingEntity (org.simbasecurity.core.domain.LoginMappingEntity)4
TJSONProtocol (org.apache.thrift.protocol.TJSONProtocol)3
TProtocol (org.apache.thrift.protocol.TProtocol)3
SimbaPrincipal (org.simbasecurity.dwclient.dropwizard.credentials.SimbaPrincipal)3
IOException (java.io.IOException)2
FilterChain (javax.servlet.FilterChain)2
Cookie (javax.servlet.http.Cookie)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
