Example 26 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class JobServiceTest method testGetJobAssertAccessDeniedGivenJobCompletedAndUserDoesNotHavePermissions.
@Test
public void testGetJobAssertAccessDeniedGivenJobCompletedAndUserDoesNotHavePermissions() throws Exception {
jobDefinitionServiceTestHelper.createJobDefinition(null);
Job job = jobService.createAndStartJob(jobServiceTestHelper.createJobCreateRequest(TEST_ACTIVITI_NAMESPACE_CD, TEST_ACTIVITI_JOB_NAME));
String username = "username";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(username);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
try {
jobService.getJob(job.getId(), false);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"%s\"", username, TEST_ACTIVITI_NAMESPACE_CD), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
Job(org.finra.herd.model.api.xml.Job)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
ObjectNotFoundException(org.finra.herd.model.ObjectNotFoundException)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Test(org.junit.Test)
Example 27 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class JobServiceTest method testGetJobAssertAccessDeniedGivenJobRunningAndUserDoesNotHavePermissions.
@Test
public void testGetJobAssertAccessDeniedGivenJobRunningAndUserDoesNotHavePermissions() throws Exception {
jobDefinitionServiceTestHelper.createJobDefinition(ACTIVITI_XML_TEST_USER_TASK_WITH_CLASSPATH);
Job job = jobService.createAndStartJob(jobServiceTestHelper.createJobCreateRequest(TEST_ACTIVITI_NAMESPACE_CD, TEST_ACTIVITI_JOB_NAME));
String username = "username";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(username);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
try {
jobService.getJob(job.getId(), false);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[READ]\" permission(s) to the namespace \"%s\"", username, TEST_ACTIVITI_NAMESPACE_CD), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
Job(org.finra.herd.model.api.xml.Job)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
ObjectNotFoundException(org.finra.herd.model.ObjectNotFoundException)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Test(org.junit.Test)
Example 28 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class JobServiceTest method testDeleteJobAssertNoErrorWhenUserHasPermissions.
@Test
public void testDeleteJobAssertNoErrorWhenUserHasPermissions() throws Exception {
// Start a job that will wait in a receive task
jobDefinitionServiceTestHelper.createJobDefinition(ACTIVITI_XML_TEST_RECEIVE_TASK_WITH_CLASSPATH);
Job job = jobService.createAndStartJob(jobServiceTestHelper.createJobCreateRequest(TEST_ACTIVITI_NAMESPACE_CD, TEST_ACTIVITI_JOB_NAME));
String username = "username";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(username);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization(TEST_ACTIVITI_NAMESPACE_CD, Arrays.asList(NamespacePermissionEnum.EXECUTE)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
try {
jobService.deleteJob(job.getId(), new JobDeleteRequest("test delete reason"));
} catch (AccessDeniedException e) {
fail();
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
JobDeleteRequest(org.finra.herd.model.api.xml.JobDeleteRequest)
Job(org.finra.herd.model.api.xml.Job)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Test(org.junit.Test)
Example 29 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class JobServiceTest method testDeleteJobAssertAccessDeniedWhenUserHasNoPermissions.
@Test
public void testDeleteJobAssertAccessDeniedWhenUserHasNoPermissions() throws Exception {
// Start a job that will wait in a receive task
jobDefinitionServiceTestHelper.createJobDefinition(ACTIVITI_XML_TEST_RECEIVE_TASK_WITH_CLASSPATH);
Job job = jobService.createAndStartJob(jobServiceTestHelper.createJobCreateRequest(TEST_ACTIVITI_NAMESPACE_CD, TEST_ACTIVITI_JOB_NAME));
String username = "username";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(username);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
try {
jobService.deleteJob(job.getId(), new JobDeleteRequest("test delete reason"));
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[EXECUTE]\" permission(s) to the namespace \"%s\"", username, TEST_ACTIVITI_NAMESPACE_CD), e.getMessage());
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
JobDeleteRequest(org.finra.herd.model.api.xml.JobDeleteRequest)
Job(org.finra.herd.model.api.xml.Job)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
ObjectNotFoundException(org.finra.herd.model.ObjectNotFoundException)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Test(org.junit.Test)
Example 30 with SecurityUserWrapper
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class CurrentUserServiceTest method testGetCurrentUserNoSecurityRolesAndFunctions.
@Test
public void testGetCurrentUserNoSecurityRolesAndFunctions() throws Exception {
// Create a set of test namespace authorizations.
Set<NamespaceAuthorization> namespaceAuthorizations = new LinkedHashSet<>();
namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE, SUPPORTED_NAMESPACE_PERMISSIONS));
namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE_2, SUPPORTED_NAMESPACE_PERMISSIONS));
// Override the security context to return an application user populated with test values.
Authentication originalAuthentication = SecurityContextHolder.getContext().getAuthentication();
try {
SecurityContextHolder.getContext().setAuthentication(new Authentication() {
@Override
public String getName() {
return null;
}
@Override
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
}
@Override
public boolean isAuthenticated() {
return false;
}
@Override
public Object getPrincipal() {
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
ApplicationUser applicationUser = new ApplicationUser(this.getClass());
applicationUser.setUserId(USER_ID);
applicationUser.setNamespaceAuthorizations(namespaceAuthorizations);
return new SecurityUserWrapper(USER_ID, STRING_VALUE, true, true, true, true, authorities, applicationUser);
}
@Override
public Object getDetails() {
return null;
}
@Override
public Object getCredentials() {
return null;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
});
// Get the current user information.
UserAuthorizations userAuthorizations = currentUserService.getCurrentUser();
// Validate the response object.
assertEquals(new UserAuthorizations(USER_ID, new ArrayList<>(namespaceAuthorizations), NO_SECURITY_ROLES, NO_SECURITY_FUNCTIONS), userAuthorizations);
} finally {
// Restore the original authentication.
SecurityContextHolder.getContext().setAuthentication(originalAuthentication);
}
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Authentication(org.springframework.security.core.Authentication)
Collection(java.util.Collection)
ArrayList(java.util.ArrayList)
List(java.util.List)
UserAuthorizations(org.finra.herd.model.api.xml.UserAuthorizations)
Test(org.junit.Test)
Aggregations
SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)43
ApplicationUser (org.finra.herd.model.dto.ApplicationUser)40
Test (org.junit.Test)34
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)33
AccessDeniedException (org.springframework.security.access.AccessDeniedException)29
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)23
Method (java.lang.reflect.Method)22
JoinPoint (org.aspectj.lang.JoinPoint)22
MethodSignature (org.aspectj.lang.reflect.MethodSignature)22
NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)22
Job (org.finra.herd.model.api.xml.Job)6
Authentication (org.springframework.security.core.Authentication)6
GrantedAuthority (org.springframework.security.core.GrantedAuthority)5
ObjectNotFoundException (org.finra.herd.model.ObjectNotFoundException)4
LinkedHashSet (java.util.LinkedHashSet)3
UserAuthorizations (org.finra.herd.model.api.xml.UserAuthorizations)3
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
HashSet (java.util.HashSet)2
List (java.util.List)2
