Example 16 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertNoExceptionWhenHasPermissionsNamespaceIgnoreCase.
@Test
public void checkPermissionAssertNoExceptionWhenHasPermissionsNamespaceIgnoreCase() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
// user has permission to capital "FOO" and needs permission to lowercase "foo"
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("FOO", Arrays.asList(NamespacePermissionEnum.READ)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
} catch (AccessDeniedException e) {
fail();
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 17 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertErrorWhenAnnotationFieldRefersToNonString.
@Test
public void checkPermissionAssertErrorWhenAnnotationFieldRefersToNonString() throws Exception {
// Mock a join point of the method call
// mockMethod(1);
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", Integer.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "aNumber" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { 1 });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(IllegalStateException.class, e.getClass());
assertEquals("Object must be of type class java.lang.String or interface java.util.Collection. Actual object.class = class java.lang.Integer", e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 18 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenCurrentUserHasNoAnyRequiredPermissions.
@Test
public void checkPermissionAssertAccessDeniedWhenCurrentUserHasNoAnyRequiredPermissions() throws Exception {
// Mock a join point of the method call
// mockMethod("foo");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethodMultiplePermissions", String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.WRITE_DESCRIPTIVE_CONTENT)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ OR WRITE]\" permission(s) to the namespace \"foo\"", userId), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 19 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertMultipleAccessDeniedExceptionsAreGatheredIntoSingleMessageWhenMultipleAnnotations.
@Test
public void checkPermissionAssertMultipleAccessDeniedExceptionsAreGatheredIntoSingleMessageWhenMultipleAnnotations() throws Exception {
// Mock a join point of the method call
// mockMethodMultipleAnnotations("namespace1", "namespace2");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethodMultipleAnnotations", String.class, String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace1", "namespace2" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo", "bar" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
// User has no permissions
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"foo\"%n" + "User \"%s\" does not have \"[WRITE]\" permission(s) to the namespace \"bar\"", userId, userId), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
JoinPoint(org.aspectj.lang.JoinPoint)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Example 20 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method assertAdviceEnabled.
/**
* Asserts that the namespace security advice is enabled. Try calling a secured method with a mock user in the context with invalid permissions. The
* expectation is that the method call fails with AccessDeniedException if the advice is enabled.
*/
@Test
public void assertAdviceEnabled() {
// put a fake user with no permissions into the security context
// the security context is cleared on the after() method of this test suite
String username = "username";
Class<?> generatedByClass = getClass();
ApplicationUser applicationUser = new ApplicationUser(generatedByClass);
applicationUser.setUserId(username);
applicationUser.setNamespaceAuthorizations(Collections.emptySet());
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
try {
businessObjectDefinitionServiceImpl.createBusinessObjectDefinition(new BusinessObjectDefinitionCreateRequest(NAMESPACE, BDEF_NAME, DATA_PROVIDER_NAME, null, null, null));
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
BusinessObjectDefinitionCreateRequest(org.finra.herd.model.api.xml.BusinessObjectDefinitionCreateRequest)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Aggregations
SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)43
ApplicationUser (org.finra.herd.model.dto.ApplicationUser)40
Test (org.junit.Test)34
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)33
AccessDeniedException (org.springframework.security.access.AccessDeniedException)29
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)23
Method (java.lang.reflect.Method)22
JoinPoint (org.aspectj.lang.JoinPoint)22
MethodSignature (org.aspectj.lang.reflect.MethodSignature)22
NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)22
Job (org.finra.herd.model.api.xml.Job)6
Authentication (org.springframework.security.core.Authentication)6
GrantedAuthority (org.springframework.security.core.GrantedAuthority)5
ObjectNotFoundException (org.finra.herd.model.ObjectNotFoundException)4
LinkedHashSet (java.util.LinkedHashSet)3
UserAuthorizations (org.finra.herd.model.api.xml.UserAuthorizations)3
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
HashSet (java.util.HashSet)2
List (java.util.List)2
