Search in sources :

Example 6 with SecurityUserWrapper

use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.

the class JobServiceTest method testGetJobAssertNoErrorGivenJobRunningAndUserDoesHasPermissions.

@Test
public void testGetJobAssertNoErrorGivenJobRunningAndUserDoesHasPermissions() throws Exception {
    jobDefinitionServiceTestHelper.createJobDefinition(ACTIVITI_XML_TEST_USER_TASK_WITH_CLASSPATH);
    Job job = jobService.createAndStartJob(jobServiceTestHelper.createJobCreateRequest(TEST_ACTIVITI_NAMESPACE_CD, TEST_ACTIVITI_JOB_NAME));
    String username = "username";
    ApplicationUser applicationUser = new ApplicationUser(getClass());
    applicationUser.setUserId(username);
    applicationUser.setNamespaceAuthorizations(new HashSet<>());
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization(TEST_ACTIVITI_NAMESPACE_CD, Arrays.asList(NamespacePermissionEnum.READ)));
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
    try {
        jobService.getJob(job.getId(), false);
    } catch (AccessDeniedException e) {
        fail();
    }
}
Also used : ApplicationUser(org.finra.herd.model.dto.ApplicationUser) AccessDeniedException(org.springframework.security.access.AccessDeniedException) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization) Job(org.finra.herd.model.api.xml.Job) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.Test)

Example 7 with SecurityUserWrapper

use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.

the class JobServiceTest method testGetJobAssertNoErrorGivenJobCompletedAndUserDoesHasPermissions.

@Test
public void testGetJobAssertNoErrorGivenJobCompletedAndUserDoesHasPermissions() throws Exception {
    jobDefinitionServiceTestHelper.createJobDefinition(null);
    Job job = jobService.createAndStartJob(jobServiceTestHelper.createJobCreateRequest(TEST_ACTIVITI_NAMESPACE_CD, TEST_ACTIVITI_JOB_NAME));
    String username = "username";
    ApplicationUser applicationUser = new ApplicationUser(getClass());
    applicationUser.setUserId(username);
    applicationUser.setNamespaceAuthorizations(new HashSet<>());
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization(TEST_ACTIVITI_NAMESPACE_CD, Arrays.asList(NamespacePermissionEnum.READ)));
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
    try {
        jobService.getJob(job.getId(), false);
    } catch (AccessDeniedException e) {
        fail();
    }
}
Also used : ApplicationUser(org.finra.herd.model.dto.ApplicationUser) AccessDeniedException(org.springframework.security.access.AccessDeniedException) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization) Job(org.finra.herd.model.api.xml.Job) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.Test)

Example 8 with SecurityUserWrapper

use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.

the class CurrentUserServiceTest method testGetCurrentUser.

@Test
public void testGetCurrentUser() throws Exception {
    // Create a set of test namespace authorizations.
    Set<NamespaceAuthorization> namespaceAuthorizations = new LinkedHashSet<>();
    namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE, SUPPORTED_NAMESPACE_PERMISSIONS));
    namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE_2, SUPPORTED_NAMESPACE_PERMISSIONS));
    // Create test roles
    List<SecurityRoleEntity> securityRoleEntities = securityRoleDaoTestHelper.createTestSecurityRoles();
    // Fetch the security role codes to add to the application user.
    Set<String> roles = securityRoleEntities.stream().map(SecurityRoleEntity::getCode).collect(Collectors.toSet());
    // Override the security context to return an application user populated with test values.
    Authentication originalAuthentication = SecurityContextHolder.getContext().getAuthentication();
    try {
        SecurityContextHolder.getContext().setAuthentication(new Authentication() {

            @Override
            public String getName() {
                return null;
            }

            @Override
            public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
            }

            @Override
            public boolean isAuthenticated() {
                return false;
            }

            @Override
            public Object getPrincipal() {
                List<SimpleGrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority(SECURITY_FUNCTION), new SimpleGrantedAuthority(SECURITY_FUNCTION_2));
                ApplicationUser applicationUser = new ApplicationUser(this.getClass());
                applicationUser.setUserId(USER_ID);
                applicationUser.setRoles(roles);
                applicationUser.setNamespaceAuthorizations(namespaceAuthorizations);
                return new SecurityUserWrapper(USER_ID, STRING_VALUE, true, true, true, true, authorities, applicationUser);
            }

            @Override
            public Object getDetails() {
                return null;
            }

            @Override
            public Object getCredentials() {
                return null;
            }

            @Override
            public Collection<? extends GrantedAuthority> getAuthorities() {
                return null;
            }
        });
        // Get the current user information.
        UserAuthorizations userAuthorizations = currentUserService.getCurrentUser();
        // Validate the response object.
        assertEquals(new UserAuthorizations(USER_ID, new ArrayList<>(namespaceAuthorizations), new ArrayList<>(roles), Arrays.asList(SECURITY_FUNCTION, SECURITY_FUNCTION_2)), userAuthorizations);
    } finally {
        // Restore the original authentication.
        SecurityContextHolder.getContext().setAuthentication(originalAuthentication);
    }
}
Also used : LinkedHashSet(java.util.LinkedHashSet) ApplicationUser(org.finra.herd.model.dto.ApplicationUser) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) Authentication(org.springframework.security.core.Authentication) Collection(java.util.Collection) SecurityRoleEntity(org.finra.herd.model.jpa.SecurityRoleEntity) ArrayList(java.util.ArrayList) List(java.util.List) UserAuthorizations(org.finra.herd.model.api.xml.UserAuthorizations) Test(org.junit.Test)

Example 9 with SecurityUserWrapper

use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertNoExceptionWhenMultipleAnnotationsAndAllPermissionsValid.

/**
 * Test where a method is annotated with multiple NamespacePermission annotations. Asserts that the user will all permissions do not throw an exception.
 */
@Test
public void checkPermissionAssertNoExceptionWhenMultipleAnnotationsAndAllPermissionsValid() throws Exception {
    // Mock a join point of the method call
    // mockMethodMultipleAnnotations("foo", "bar");
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethodMultipleAnnotations", String.class, String.class);
    when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace1", "namespace2" });
    when(methodSignature.getMethod()).thenReturn(method);
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    when(joinPoint.getArgs()).thenReturn(new Object[] { "foo", "bar" });
    String userId = "userId";
    ApplicationUser applicationUser = new ApplicationUser(getClass());
    applicationUser.setUserId(userId);
    applicationUser.setNamespaceAuthorizations(new HashSet<>());
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.READ)));
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("bar", Arrays.asList(NamespacePermissionEnum.WRITE)));
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
    } catch (AccessDeniedException e) {
        fail();
    }
}
Also used : ApplicationUser(org.finra.herd.model.dto.ApplicationUser) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization) Method(java.lang.reflect.Method) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) JoinPoint(org.aspectj.lang.JoinPoint) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Example 10 with SecurityUserWrapper

use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenComplexCaseAndUserHasWrongPermission.

@Test
public void checkPermissionAssertAccessDeniedWhenComplexCaseAndUserHasWrongPermission() throws Exception {
    // Mock a join point of the method call
    // mockMethod(request);
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", BusinessObjectDataNotificationRegistrationCreateRequest.class);
    when(methodSignature.getParameterNames()).thenReturn(new String[] { "request" });
    when(methodSignature.getMethod()).thenReturn(method);
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    BusinessObjectDataNotificationRegistrationCreateRequest request = new BusinessObjectDataNotificationRegistrationCreateRequest();
    request.setBusinessObjectDataNotificationRegistrationKey(new NotificationRegistrationKey("ns1", null));
    request.setBusinessObjectDataNotificationFilter(new BusinessObjectDataNotificationFilter("ns2", null, null, null, null, null, null, null));
    request.setJobActions(Arrays.asList(new JobAction("ns3", null, null), new JobAction("ns4", null, null)));
    when(joinPoint.getArgs()).thenReturn(new Object[] { request });
    String userId = "userId";
    ApplicationUser applicationUser = new ApplicationUser(getClass());
    applicationUser.setUserId(userId);
    applicationUser.setNamespaceAuthorizations(new HashSet<>());
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns1", Arrays.asList(NamespacePermissionEnum.WRITE)));
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns2", Arrays.asList(NamespacePermissionEnum.READ)));
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns3", Arrays.asList(NamespacePermissionEnum.EXECUTE)));
    // User does not have the expected EXECUTE permission on ns4
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns4", Arrays.asList(NamespacePermissionEnum.READ)));
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
        fail();
    } catch (Exception e) {
        assertEquals(AccessDeniedException.class, e.getClass());
        assertEquals(String.format("User \"%s\" does not have \"[EXECUTE]\" permission(s) to the namespace \"ns4\"", userId), e.getMessage());
    }
}
Also used : ApplicationUser(org.finra.herd.model.dto.ApplicationUser) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) BusinessObjectDataNotificationRegistrationCreateRequest(org.finra.herd.model.api.xml.BusinessObjectDataNotificationRegistrationCreateRequest) BusinessObjectDataNotificationFilter(org.finra.herd.model.api.xml.BusinessObjectDataNotificationFilter) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization) Method(java.lang.reflect.Method) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AccessDeniedException(org.springframework.security.access.AccessDeniedException) JoinPoint(org.aspectj.lang.JoinPoint) JobAction(org.finra.herd.model.api.xml.JobAction) NotificationRegistrationKey(org.finra.herd.model.api.xml.NotificationRegistrationKey) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Aggregations

SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)43 ApplicationUser (org.finra.herd.model.dto.ApplicationUser)40 Test (org.junit.Test)34 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)33 AccessDeniedException (org.springframework.security.access.AccessDeniedException)29 AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)23 Method (java.lang.reflect.Method)22 JoinPoint (org.aspectj.lang.JoinPoint)22 MethodSignature (org.aspectj.lang.reflect.MethodSignature)22 NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)22 Job (org.finra.herd.model.api.xml.Job)6 Authentication (org.springframework.security.core.Authentication)6 GrantedAuthority (org.springframework.security.core.GrantedAuthority)5 ObjectNotFoundException (org.finra.herd.model.ObjectNotFoundException)4 LinkedHashSet (java.util.LinkedHashSet)3 UserAuthorizations (org.finra.herd.model.api.xml.UserAuthorizations)3 ArrayList (java.util.ArrayList)2 Collection (java.util.Collection)2 HashSet (java.util.HashSet)2 List (java.util.List)2