Search in sources :

Example 36 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project incubator-atlas by apache.

the class AtlasLdapAuthenticationProvider method getLdapAuthentication.

private Authentication getLdapAuthentication(Authentication authentication) {
    if (isDebugEnabled) {
        LOG.debug("==> AtlasLdapAuthenticationProvider getLdapAuthentication");
    }
    try {
        // taking the user-name and password from the authentication
        // object.
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        // populating LDAP context source with LDAP URL and user-DN-pattern
        LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(ldapURL);
        ldapContextSource.setCacheEnvironmentProperties(false);
        ldapContextSource.setAnonymousReadOnly(true);
        // Creating BindAuthenticator using Ldap Context Source.
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        //String[] userDnPatterns = new String[] { rangerLdapUserDNPattern };
        String[] userDnPatterns = ldapUserDNPattern.split(";");
        bindAuthenticator.setUserDnPatterns(userDnPatterns);
        LdapAuthenticationProvider ldapAuthenticationProvider = null;
        if (!StringUtils.isEmpty(ldapGroupSearchBase) && !StringUtils.isEmpty(ldapGroupSearchFilter)) {
            // Creating LDAP authorities populator using Ldap context source and
            // Ldap group search base.
            // populating LDAP authorities populator with group search
            // base,group role attribute, group search filter.
            DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContextSource, ldapGroupSearchBase);
            defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(ldapGroupRoleAttribute);
            defaultLdapAuthoritiesPopulator.setGroupSearchFilter(ldapGroupSearchFilter);
            defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
            // Creating Ldap authentication provider using BindAuthenticator and Ldap authentication populator
            ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, defaultLdapAuthoritiesPopulator);
        } else {
            ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
        }
        // getting user authenticated
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
            if (groupsFromUGI) {
                authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
            }
            return authentication;
        } else {
            return authentication;
        }
    } catch (Exception e) {
        LOG.error("getLdapAuthentication LDAP Authentication Failed:", e);
    }
    if (isDebugEnabled) {
        LOG.debug("<== AtlasLdapAuthenticationProvider getLdapAuthentication");
    }
    return authentication;
}
Also used : BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator) DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource) User(org.apache.atlas.web.model.User) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) DefaultLdapAuthoritiesPopulator(org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) AuthenticationException(org.springframework.security.core.AuthenticationException) UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider)

Example 37 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project incubator-atlas by apache.

the class AtlasADAuthenticationProvider method getADAuthentication.

private Authentication getADAuthentication(Authentication authentication) {
    try {
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        ActiveDirectoryLdapAuthenticationProvider adAuthenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(adDomain, adURL);
        adAuthenticationProvider.setConvertSubErrorCodesToExceptions(true);
        adAuthenticationProvider.setUseAuthenticationRequestCredentials(true);
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = adAuthenticationProvider.authenticate(finalAuthentication);
            if (groupsFromUGI) {
                authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
            }
            return authentication;
        } else {
            LOG.error("AD Authentication Failed userName or userPassword is null or empty");
            return null;
        }
    } catch (Exception e) {
        LOG.error("AD Authentication Failed:", e);
        return null;
    }
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) User(org.apache.atlas.web.model.User) Authentication(org.springframework.security.core.Authentication) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ActiveDirectoryLdapAuthenticationProvider(org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Example 38 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project incubator-atlas by apache.

the class AtlasADAuthenticationProvider method getADBindAuthentication.

private Authentication getADBindAuthentication(Authentication authentication) {
    try {
        String userName = authentication.getName();
        String userPassword = "";
        if (authentication.getCredentials() != null) {
            userPassword = authentication.getCredentials().toString();
        }
        LdapContextSource ldapContextSource = new DefaultSpringSecurityContextSource(adURL);
        ldapContextSource.setUserDn(adBindDN);
        ldapContextSource.setPassword(adBindPassword);
        ldapContextSource.setReferral(adReferral);
        ldapContextSource.setCacheEnvironmentProperties(true);
        ldapContextSource.setAnonymousReadOnly(false);
        ldapContextSource.setPooled(true);
        ldapContextSource.afterPropertiesSet();
        if (adUserSearchFilter == null || adUserSearchFilter.trim().isEmpty()) {
            adUserSearchFilter = "(sAMAccountName={0})";
        }
        FilterBasedLdapUserSearch userSearch = new FilterBasedLdapUserSearch(adBase, adUserSearchFilter, ldapContextSource);
        userSearch.setSearchSubtree(true);
        BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource);
        bindAuthenticator.setUserSearch(userSearch);
        bindAuthenticator.afterPropertiesSet();
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
        if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
            final List<GrantedAuthority> grantedAuths = getAuthorities(userName);
            final UserDetails principal = new User(userName, userPassword, grantedAuths);
            final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
            authentication = ldapAuthenticationProvider.authenticate(finalAuthentication);
            if (groupsFromUGI) {
                authentication = getAuthenticationWithGrantedAuthorityFromUGI(authentication);
            }
            return authentication;
        } else {
            LOG.error("AD Authentication Failed userName or userPassword is null or empty");
            return null;
        }
    } catch (Exception e) {
        LOG.error("AD Authentication Failed:", e);
        return null;
    }
}
Also used : BindAuthenticator(org.springframework.security.ldap.authentication.BindAuthenticator) DefaultSpringSecurityContextSource(org.springframework.security.ldap.DefaultSpringSecurityContextSource) User(org.apache.atlas.web.model.User) LdapContextSource(org.springframework.ldap.core.support.LdapContextSource) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) FilterBasedLdapUserSearch(org.springframework.security.ldap.search.FilterBasedLdapUserSearch) LdapAuthenticationProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider) ActiveDirectoryLdapAuthenticationProvider(org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider)

Example 39 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project incubator-atlas by apache.

the class AtlasKnoxSSOAuthenticationFilter method doFilter.

/*
     * doFilter of AtlasKnoxSSOAuthenticationFilter is the first in the filter list so in this it check for the request
     * if the request is from browser and sso is enabled then it process the request against knox sso
     * else if it's ssoenable and the request is with local login string then it show's the appropriate msg
     * else if ssoenable is false then it contiunes with further filters as it was before sso
     */
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
    AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(httpResponse);
    responseWrapper.setHeader("X-Frame-Options", "DENY");
    if (!ssoEnabled) {
        filterChain.doFilter(servletRequest, servletResponse);
        return;
    }
    HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
    if (LOG.isDebugEnabled()) {
        LOG.debug("Knox doFilter {}", httpRequest.getRequestURI());
    }
    if (httpRequest.getSession() != null && httpRequest.getSession().getAttribute("locallogin") != null) {
        servletRequest.setAttribute("ssoEnabled", false);
        filterChain.doFilter(servletRequest, servletResponse);
        return;
    }
    if (jwtProperties == null || isAuthenticated()) {
        filterChain.doFilter(servletRequest, servletResponse);
        return;
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("Knox ssoEnabled  {} {}", ssoEnabled, httpRequest.getRequestURI());
    }
    //if jwt properties are loaded and is current not authenticated then it will go for sso authentication
    //Note : Need to remove !isAuthenticated() after knoxsso solve the bug from cross-origin script
    HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
    String serializedJWT = getJWTFromCookie(httpRequest);
    // if we get the hadoop-jwt token from the cookies then will process it further
    if (serializedJWT != null) {
        SignedJWT jwtToken = null;
        try {
            jwtToken = SignedJWT.parse(serializedJWT);
            boolean valid = validateToken(jwtToken);
            //if the public key provide is correct and also token is not expired the process token
            if (valid) {
                String userName = jwtToken.getJWTClaimsSet().getSubject();
                LOG.info("SSO login user : {} ", userName);
                //if we get the userName from the token then log into atlas using the same user
                if (userName != null && !userName.trim().isEmpty()) {
                    List<GrantedAuthority> grantedAuths = AtlasAuthenticationProvider.getAuthoritiesFromUGI(userName);
                    final UserDetails principal = new User(userName, "", grantedAuths);
                    final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
                    WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
                    ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
                    authenticationProvider.setSsoEnabled(ssoEnabled);
                    Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
                    SecurityContextHolder.getContext().setAuthentication(authentication);
                }
                filterChain.doFilter(servletRequest, httpServletResponse);
            } else {
                // if the token is not valid then redirect to knox sso
                redirectToKnox(httpRequest, httpServletResponse, filterChain);
            }
        } catch (ParseException e) {
            LOG.warn("Unable to parse the JWT token", e);
            redirectToKnox(httpRequest, httpServletResponse, filterChain);
        }
    } else {
        redirectToKnox(httpRequest, httpServletResponse, filterChain);
    }
}
Also used : User(org.springframework.security.core.userdetails.User) GrantedAuthority(org.springframework.security.core.GrantedAuthority) HttpServletResponse(javax.servlet.http.HttpServletResponse) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) SignedJWT(com.nimbusds.jwt.SignedJWT) HttpServletRequest(javax.servlet.http.HttpServletRequest) AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken) UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) ParseException(java.text.ParseException)

Example 40 with UserDetails

use of org.springframework.security.core.userdetails.UserDetails in project nikita-noark5-core by HiOA-ABI.

the class AuthenticationRestController method createAuthenticationToken.

@RequestMapping(value = "${jwt.route.authentication.path}", method = RequestMethod.POST)
public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device) throws AuthenticationException {
    // Perform the security
    final Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authenticationRequest.getUsername(), authenticationRequest.getPassword()));
    SecurityContextHolder.getContext().setAuthentication(authentication);
    // Reload password post-security so we can generate token
    final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
    final String token = jwtTokenUtil.generateToken(userDetails, device);
    // Return the token
    return ResponseEntity.ok(new JwtAuthenticationResponse(token));
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) JwtAuthenticationResponse(no.arkivlab.hioa.nikita.webapp.security.service.JwtAuthenticationResponse) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

UserDetails (org.springframework.security.core.userdetails.UserDetails)111 Test (org.junit.Test)42 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)33 Authentication (org.springframework.security.core.Authentication)32 GrantedAuthority (org.springframework.security.core.GrantedAuthority)17 UserDetailsService (org.springframework.security.core.userdetails.UserDetailsService)15 User (org.springframework.security.core.userdetails.User)14 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)10 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)9 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 LdapUserDetailsService (org.springframework.security.ldap.userdetails.LdapUserDetailsService)7 UserAccountBean (org.akaza.openclinica.bean.login.UserAccountBean)6 UserAccountDAO (org.akaza.openclinica.dao.login.UserAccountDAO)6 Transactional (org.springframework.transaction.annotation.Transactional)6 Date (java.util.Date)4 User (org.apache.atlas.web.model.User)4 User (org.hisp.dhis.user.User)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 AuthenticationException (org.springframework.security.core.AuthenticationException)4