Example 26 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenNoPermissionsNamespaceTrimmed.
@Test
public void checkPermissionAssertAccessDeniedWhenNoPermissionsNamespaceTrimmed() throws Exception {
// Mock a join point of the method call
// mockMethod(" foo ");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { BLANK_TEXT + "foo" + BLANK_TEXT });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
// User has permission to "bar" but the actual namespace given is " foo "
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("bar", Arrays.asList(NamespacePermissionEnum.READ)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 27 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertNoExceptionWhenHasPermissions.
/**
* Test case where the current user has both the namespace and the appropriate permissions.
*/
@Test
public void checkPermissionAssertNoExceptionWhenHasPermissions() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.READ)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
} catch (AccessDeniedException e) {
fail();
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 28 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenCurrentUserHasWrongNamespace.
/**
* Test the case where user has the appropriate permission, but not for the namespace the method is invoked.
*/
@Test
public void checkPermissionAssertAccessDeniedWhenCurrentUserHasWrongNamespace() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
// User has READ but for namespace "bar", not "foo"
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("bar", Arrays.asList(NamespacePermissionEnum.READ)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 29 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenCurrentUserHasNullPermissions.
@Test
public void checkPermissionAssertAccessDeniedWhenCurrentUserHasNullPermissions() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", null));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 30 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenCurrentUserHasWrongPermissionType.
/**
* Test the case where user has the namespace but does not have the permission
*/
@Test
public void checkPermissionAssertAccessDeniedWhenCurrentUserHasWrongPermissionType() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
// User has WRITE permissions, but the method requires READ
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.WRITE)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Aggregations
NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)33
Test (org.junit.Test)29
ApplicationUser (org.finra.herd.model.dto.ApplicationUser)25
SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)22
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)20
AccessDeniedException (org.springframework.security.access.AccessDeniedException)17
Method (java.lang.reflect.Method)14
JoinPoint (org.aspectj.lang.JoinPoint)14
MethodSignature (org.aspectj.lang.reflect.MethodSignature)14
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)14
LinkedHashSet (java.util.LinkedHashSet)7
ArrayList (java.util.ArrayList)5
HashSet (java.util.HashSet)5
AbstractAppTest (org.finra.herd.app.AbstractAppTest)5
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5
MockFilterChain (org.springframework.mock.web.MockFilterChain)4
MockFilterConfig (org.springframework.mock.web.MockFilterConfig)4
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)4
Job (org.finra.herd.model.api.xml.Job)3
UserAuthorizations (org.finra.herd.model.api.xml.UserAuthorizations)3
