Search in sources :

Example 6 with Subject

use of ddf.security.Subject in project ddf by codice.

the class TestRegistryStore method testInit.

@Test
public void testInit() throws Exception {
    RegistryStoreImpl registryStore = spy(new RegistryStoreImpl(context, cswSourceConfiguration, provider, factory, encryptionService) {

        @Override
        protected void validateOperation() {
        }

        @Override
        public boolean isAvailable() {
            return availability;
        }

        @Override
        protected SourceResponse query(QueryRequest queryRequest, ElementSetType elementSetName, List<QName> elementNames, Csw csw) throws UnsupportedQueryException {
            if (queryResults == null) {
                throw new UnsupportedQueryException("Test - Bad Query");
            }
            return new SourceResponseImpl(queryRequest, queryResults);
        }

        @Override
        public SourceResponse query(QueryRequest request) throws UnsupportedQueryException {
            return new SourceResponseImpl(request, Collections.singletonList(new Result() {

                @Override
                public Metacard getMetacard() {
                    MetacardImpl metacard = new MetacardImpl();
                    metacard.setAttribute(RegistryObjectMetacardType.REGISTRY_ID, "registryId");
                    metacard.setAttribute(Metacard.TITLE, "title");
                    return metacard;
                }

                @Override
                public Double getRelevanceScore() {
                    return null;
                }

                @Override
                public Double getDistanceInMeters() {
                    return null;
                }
            }));
        }

        @Override
        protected CapabilitiesType getCapabilities() {
            return mock(CapabilitiesType.class);
        }

        @Override
        public void configureCswSource() {
        }

        ;

        @Override
        protected Subject getSystemSubject() {
            return subject;
        }

        @Override
        BundleContext getBundleContext() {
            return context;
        }
    });
    registryStore.setFilterBuilder(filterBuilder);
    registryStore.setFilterAdapter(filterAdapter);
    registryStore.setConfigAdmin(configAdmin);
    registryStore.setMetacardMarshaller(new MetacardMarshaller(parser));
    registryStore.setSchemaTransformerManager(transformer);
    registryStore.setAutoPush(true);
    registryStore.setRegistryUrl("http://test.url:0101/example");
    properties = new Hashtable<>();
    properties.put(RegistryStoreImpl.ID, "registryId");
    registryStore.setMetacardMarshaller(marshaller);
    Csw csw = mock(Csw.class);
    when(factory.getClientForSubject(any())).thenReturn(csw);
    cswSourceConfiguration.setCswUrl("https://localhost");
    cswSourceConfiguration.setPollIntervalMinutes(1);
    queryResults.add(new ResultImpl(getDefaultMetacard()));
    registryStore.init();
    assertThat(registryStore.getRegistryId(), is("registryId"));
}
Also used : QueryRequest(ddf.catalog.operation.QueryRequest) SourceResponse(ddf.catalog.operation.SourceResponse) SourceResponseImpl(ddf.catalog.operation.impl.SourceResponseImpl) QName(javax.xml.namespace.QName) Csw(org.codice.ddf.spatial.ogc.csw.catalog.common.Csw) MetacardMarshaller(org.codice.ddf.registry.schemabindings.helper.MetacardMarshaller) UnsupportedQueryException(ddf.catalog.source.UnsupportedQueryException) ResultImpl(ddf.catalog.data.impl.ResultImpl) MetacardImpl(ddf.catalog.data.impl.MetacardImpl) Subject(ddf.security.Subject) Result(ddf.catalog.data.Result) Metacard(ddf.catalog.data.Metacard) CapabilitiesType(net.opengis.cat.csw.v_2_0_2.CapabilitiesType) ElementSetType(net.opengis.cat.csw.v_2_0_2.ElementSetType) BundleContext(org.osgi.framework.BundleContext) Test(org.junit.Test)

Example 7 with Subject

use of ddf.security.Subject in project ddf by codice.

the class ProfileInstallCommand method executeAsSystem.

private <T> T executeAsSystem(Callable<T> func) {
    Subject systemSubject = security.getSystemSubject();
    LOGGER.debug("System Subject retrieved: " + SubjectUtils.getName(systemSubject));
    if (systemSubject == null) {
        printError(SECURITY_ERROR);
        throw new IllegalStateException(SECURITY_ERROR);
    }
    return systemSubject.execute(func);
}
Also used : Subject(ddf.security.Subject)

Example 8 with Subject

use of ddf.security.Subject in project ddf by codice.

the class LoginFilter method doFilter.

/**
     * Validates an attached SAML assertion, or exchanges any other incoming
     * token for a SAML assertion via the STS.
     *
     * @param request
     * @param response
     * @param chain
     * @throws IOException
     * @throws ServletException
     */
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
    LOGGER.debug("Performing doFilter() on LoginFilter");
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    if (request.getAttribute(ContextPolicy.NO_AUTH_POLICY) != null) {
        LOGGER.debug("NO_AUTH_POLICY header was found, skipping login filter.");
        chain.doFilter(request, response);
    } else {
        // perform validation
        final Subject subject = validateRequest(httpRequest);
        if (subject != null) {
            httpRequest.setAttribute(SecurityConstants.SECURITY_SUBJECT, subject);
            LOGGER.debug("Now performing request as user {} for {}", subject.getPrincipal(), StringUtils.isNotBlank(httpRequest.getContextPath()) ? httpRequest.getContextPath() : httpRequest.getServletPath());
            subject.execute(() -> {
                PrivilegedExceptionAction<Void> action = () -> {
                    chain.doFilter(request, response);
                    return null;
                };
                SecurityAssertion securityAssertion = subject.getPrincipals().oneByType(SecurityAssertion.class);
                if (null != securityAssertion) {
                    HashSet emptySet = new HashSet();
                    javax.security.auth.Subject javaSubject = new javax.security.auth.Subject(true, securityAssertion.getPrincipals(), emptySet, emptySet);
                    javax.security.auth.Subject.doAs(javaSubject, action);
                } else {
                    LOGGER.debug("Subject had no security assertion.");
                }
                return null;
            });
        } else {
            LOGGER.debug("Could not attach subject to http request.");
        }
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) HashSet(java.util.HashSet)

Example 9 with Subject

use of ddf.security.Subject in project ddf by codice.

the class SecurityPluginTest method testBadSubjectCase.

@Test
public void testBadSubjectCase() throws Exception {
    Subject mockSubject = mock(Subject.class);
    ThreadContext.bind(mockSubject);
    CreateRequest request = new MockCreateRequest();
    request.getProperties().put(SecurityConstants.SECURITY_SUBJECT, new HashMap<>());
    SecurityPlugin plugin = new SecurityPlugin();
    request = plugin.processPreCreate(request);
    assertThat(request.getPropertyValue(SecurityConstants.SECURITY_SUBJECT), equalTo(mockSubject));
}
Also used : CreateRequest(ddf.catalog.operation.CreateRequest) Subject(ddf.security.Subject) Test(org.junit.Test)

Example 10 with Subject

use of ddf.security.Subject in project ddf by codice.

the class SecurityPluginTest method setupMockSubject.

private Subject setupMockSubject() {
    XSString mockAttributeValue = mock(XSString.class);
    when(mockAttributeValue.getValue()).thenReturn(TEST_USER);
    List<XMLObject> listOfAttributeValues = Arrays.asList(mockAttributeValue);
    Attribute mockAttribute = mock(Attribute.class);
    when(mockAttribute.getName()).thenReturn(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI);
    when(mockAttribute.getAttributeValues()).thenReturn(listOfAttributeValues);
    List<Attribute> listOfAttributes = Arrays.asList(mockAttribute);
    AttributeStatement mockAttributeStatement = mock(AttributeStatement.class);
    when(mockAttributeStatement.getAttributes()).thenReturn(listOfAttributes);
    List<AttributeStatement> listOfAttributeStatements = Arrays.asList(mockAttributeStatement);
    Subject mockSubject = mock(Subject.class);
    PrincipalCollection mockPrincipals = mock(PrincipalCollection.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    when(mockSecurityAssertion.getAttributeStatements()).thenReturn(listOfAttributeStatements);
    when(mockPrincipals.oneByType(SecurityAssertion.class)).thenReturn(mockSecurityAssertion);
    when(mockSubject.getPrincipals()).thenReturn(mockPrincipals);
    return mockSubject;
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) XMLObject(org.opensaml.core.xml.XMLObject) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) XSString(org.opensaml.core.xml.schema.XSString) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8