Example 1 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class BaseJavaDelegate method setSecurityContext.
/**
* Sets the security context per last updater of the current process instance's job definition.
*
* @param execution the current execution context
*/
protected void setSecurityContext(DelegateExecution execution) {
String processDefinitionId = execution.getProcessDefinitionId();
// Get process definition by process definition ID from Activiti.
ProcessDefinition processDefinition = activitiService.getProcessDefinitionById(processDefinitionId);
// Validate that we retrieved the process definition from Activiti.
if (processDefinition == null) {
throw new ObjectNotFoundException(String.format("Failed to find Activiti process definition for processDefinitionId=\"%s\".", processDefinitionId));
}
// Retrieve the process definition key.
String processDefinitionKey = processDefinition.getKey();
// Get the job definition key.
JobDefinitionAlternateKeyDto jobDefinitionKey = jobDefinitionHelper.getJobDefinitionKey(processDefinitionKey);
// Get the job definition from the Herd repository and validate that it exists.
JobDefinitionEntity jobDefinitionEntity = jobDefinitionDaoHelper.getJobDefinitionEntity(jobDefinitionKey.getNamespace(), jobDefinitionKey.getJobName());
// Set the security context per last updater of the job definition.
String updatedByUserId = jobDefinitionEntity.getUpdatedBy();
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(updatedByUserId);
userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser);
SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken(new SecurityUserWrapper(updatedByUserId, "", true, true, true, true, Collections.emptyList(), applicationUser), null));
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
JobDefinitionEntity(org.finra.herd.model.jpa.JobDefinitionEntity)
JobDefinitionAlternateKeyDto(org.finra.herd.model.dto.JobDefinitionAlternateKeyDto)
ObjectNotFoundException(org.finra.herd.model.ObjectNotFoundException)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
ProcessDefinition(org.activiti.engine.repository.ProcessDefinition)
Example 2 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class BaseJavaDelegateTest method assertAuthenticationUserIdEquals.
/**
* Asserts the given actual authentication's user ID is equal to the given expected user ID
*
* @param expectedUserId Expected user ID
* @param actualAuthentication Actual authentication object
*/
private void assertAuthenticationUserIdEquals(String expectedUserId, Authentication actualAuthentication) {
assertNotNull(actualAuthentication);
assertEquals(PreAuthenticatedAuthenticationToken.class, actualAuthentication.getClass());
PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = (PreAuthenticatedAuthenticationToken) actualAuthentication;
Object principal = preAuthenticatedAuthenticationToken.getPrincipal();
assertNotNull(principal);
assertEquals(SecurityUserWrapper.class, principal.getClass());
SecurityUserWrapper securityUserWrapper = (SecurityUserWrapper) principal;
assertEquals(expectedUserId, securityUserWrapper.getUsername());
assertNotNull(securityUserWrapper.getApplicationUser());
assertEquals(expectedUserId, securityUserWrapper.getApplicationUser().getUserId());
}
Also used :
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Example 3 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class AbstractAppTest method validateHttpHeaderApplicationUser.
/**
* Retrieves the user from the current spring security context and asserts that each of the properties of the user matches the given expected values.
* Asserts that the principal stored in the current security context user is an instance of {@link SecurityUserWrapper}.
*
* @param expectedUserId the expected user Id.
* @param expectedFirstName the expected first name.
* @param expectedLastName the expected last name.
* @param expectedEmail the expected e-mail.
* @param expectedRoles the expected roles.
* @param expectedSessionInitTime the expected session init time.
* @param expectedFunctions the expected functions.
*
* @throws Exception if any errors were encountered.
*/
protected void validateHttpHeaderApplicationUser(String expectedUserId, String expectedFirstName, String expectedLastName, String expectedEmail, Set<String> expectedRoles, String expectedSessionInitTime, String[] expectedFunctions, Set<NamespaceAuthorization> expectedNamespaceAuthorizations) throws Exception {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
assertNotNull(authentication);
Object principal = authentication.getPrincipal();
assertNotNull("expected principal to be not null, but was null", principal);
assertTrue("expected principal to be an instance of " + SecurityUserWrapper.class + ", but was an instance of " + principal.getClass(), principal instanceof SecurityUserWrapper);
SecurityUserWrapper user = (SecurityUserWrapper) principal;
ApplicationUser applicationUser = user.getApplicationUser();
assertEquals(expectedUserId, applicationUser.getUserId());
assertEquals(expectedFirstName, applicationUser.getFirstName());
assertEquals(expectedLastName, applicationUser.getLastName());
assertEquals(expectedEmail, applicationUser.getEmail());
assertEquals(expectedRoles, applicationUser.getRoles());
if (StringUtils.isNotBlank(expectedSessionInitTime)) {
assertEquals(DateUtils.parseDate(expectedSessionInitTime, HttpHeaderApplicationUserBuilder.CALENDAR_PATTERNS), applicationUser.getSessionInitTime());
}
assertNotNull(applicationUser.getSessionId());
assertEquals(HttpHeaderApplicationUserBuilder.class, applicationUser.getGeneratedByClass());
// Validate functions.
if (expectedFunctions != null) {
Set<String> functions = new HashSet<>();
for (GrantedAuthority grantedAuthority : user.getAuthorities()) {
functions.add(grantedAuthority.getAuthority());
}
for (String expectedFunction : expectedFunctions) {
assertTrue(functions.contains(expectedFunction));
}
}
// Validate namespace authorizations.
if (expectedNamespaceAuthorizations != null) {
assertEquals(expectedNamespaceAuthorizations, applicationUser.getNamespaceAuthorizations());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
Authentication(org.springframework.security.core.Authentication)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
HashSet(java.util.HashSet)
Example 4 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class SecurityFilterChainTest method assertAuthenticatedUserId.
/**
* Makes the following assertions about the given {@link Authentication}: <ol> <li>is not null</li> <li>principal is not null</li> <li>principal type is
* {@link org.finra.herd.model.dto.SecurityUserWrapper}</li> <li>principal applicationUser is not null</li> <li>principal applicationUser userId equals
* given userId</li> <li>principal applicationUser firstName equals given firstName</li> <li>principal applicationUser uesrId equals given userId</li>
* <li>principal applicationUser sessionInitTime equals given sessionInitTime</li> </ol>
*
* @param expectedUserId
* @param expectedFirstName
* @param expectedSessionInitTime
* @param authentication {@link Authentication} to assert
*/
private void assertAuthenticatedUserId(String expectedUserId, String expectedFirstName, Date expectedSessionInitTime, Authentication authentication) {
Assert.assertNotNull("authentication is null", authentication);
Assert.assertNotNull("authentication principal is null", authentication.getPrincipal());
Assert.assertEquals("authentication principal type", SecurityUserWrapper.class, authentication.getPrincipal().getClass());
SecurityUserWrapper securityUserWrapper = (SecurityUserWrapper) authentication.getPrincipal();
ApplicationUser applicationUser = securityUserWrapper.getApplicationUser();
Assert.assertNotNull("securityUserWrapper applicationUser is null", applicationUser);
Assert.assertEquals("securityUserWrapper applicationUser userId", expectedUserId, applicationUser.getUserId());
Assert.assertEquals("securityUserWrapper applicationUser firstName", expectedFirstName, applicationUser.getFirstName());
Assert.assertEquals("securityUserWrapper applicationUser sessionInitTime", expectedSessionInitTime, applicationUser.getSessionInitTime());
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
Example 5 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class JobServiceTestHelper method setCurrentUserNamespaceAuthorizations.
/**
* Sets specified namespace authorizations for the current user by updating the security context.
*
* @param namespace the namespace
* @param namespacePermissions the list of namespace permissions
*/
public void setCurrentUserNamespaceAuthorizations(String namespace, List<NamespacePermissionEnum> namespacePermissions) {
String username = AbstractServiceTest.USER_ID;
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(username);
Set<NamespaceAuthorization> namespaceAuthorizations = new LinkedHashSet<>();
namespaceAuthorizations.add(new NamespaceAuthorization(namespace, namespacePermissions));
applicationUser.setNamespaceAuthorizations(namespaceAuthorizations);
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
LinkedHashSet(java.util.LinkedHashSet)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Aggregations
SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)43
ApplicationUser (org.finra.herd.model.dto.ApplicationUser)40
Test (org.junit.Test)34
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)33
AccessDeniedException (org.springframework.security.access.AccessDeniedException)29
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)23
Method (java.lang.reflect.Method)22
JoinPoint (org.aspectj.lang.JoinPoint)22
MethodSignature (org.aspectj.lang.reflect.MethodSignature)22
NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)22
Job (org.finra.herd.model.api.xml.Job)6
Authentication (org.springframework.security.core.Authentication)6
GrantedAuthority (org.springframework.security.core.GrantedAuthority)5
ObjectNotFoundException (org.finra.herd.model.ObjectNotFoundException)4
LinkedHashSet (java.util.LinkedHashSet)3
UserAuthorizations (org.finra.herd.model.api.xml.UserAuthorizations)3
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
HashSet (java.util.HashSet)2
List (java.util.List)2
