Examples with AuthnProvider com.emc.storageos.db.client.model.AuthnProvider used on opensource projects

Search in sources :

Example 11 with AuthnProvider

use of com.emc.storageos.db.client.model.AuthnProvider in project coprhd-controller by CoprHD.

the class DbClientTest method testAlternateIdFromStringSet.

/**
 * Tests object lookup by alias
 *
 * @throws IOException
 */
@Test
public void testAlternateIdFromStringSet() throws IOException {
    _logger.info("Starting testAlternateIdFromStringSet");
    DbClient dbClient = _dbClient;
    String altId = UUID.randomUUID().toString();
    // persist
    AuthnProvider provider = new AuthnProvider();
    provider.setId(URIUtil.createId(AuthnProvider.class));
    provider.setLabel("test-provider");
    provider.setDescription("test provider");
    StringSet domains = new StringSet();
    domains.add("test1.com");
    domains.add("test2.com");
    provider.setDomains(domains);
    dbClient.persistObject(provider);
    // verify
    AuthnProvider stdQueryResult = dbClient.queryObject(AuthnProvider.class, provider.getId());
    Assert.assertTrue(stdQueryResult.getId().equals(provider.getId()));
    Assert.assertTrue(stdQueryResult.getLabel().equals(provider.getLabel()));
    Assert.assertEquals(stdQueryResult.getDomains().size(), provider.getDomains().size());
    for (String domain : domains) {
        Assert.assertTrue(stdQueryResult.getDomains().contains(domain));
    }
    // query by altid
    for (String domain : domains) {
        URIQueryResultList altIdResult = new URIQueryResultList();
        dbClient.queryByConstraint(AlternateIdConstraint.Factory.getAuthnProviderDomainConstraint(domain), altIdResult);
        Assert.assertTrue(altIdResult.iterator().hasNext());
    }
    stdQueryResult.getDomains().remove("test2.com");
    domains.remove("test2.com");
    domains.add("test3.com");
    stdQueryResult.getDomains().add("test3.com");
    dbClient.persistObject(stdQueryResult);
    stdQueryResult = dbClient.queryObject(AuthnProvider.class, provider.getId());
    Assert.assertTrue(stdQueryResult.getId().equals(provider.getId()));
    Assert.assertTrue(stdQueryResult.getLabel().equals(provider.getLabel()));
    // query by altid
    for (String domain : domains) {
        URIQueryResultList altIdResult = new URIQueryResultList();
        dbClient.queryByConstraint(AlternateIdConstraint.Factory.getAuthnProviderDomainConstraint(domain), altIdResult);
        Assert.assertTrue(altIdResult.iterator().hasNext());
    }
    URIQueryResultList altIdResult = new URIQueryResultList();
    dbClient.queryByConstraint(AlternateIdConstraint.Factory.getAuthnProviderDomainConstraint("test-subtenant"), altIdResult);
    Assert.assertFalse(altIdResult.iterator().hasNext());
}
Also used : DbClient(com.emc.storageos.db.client.DbClient) InternalDbClient(com.emc.storageos.db.client.upgrade.InternalDbClient) AuthnProvider(com.emc.storageos.db.client.model.AuthnProvider) StringSet(com.emc.storageos.db.client.model.StringSet) URIQueryResultList(com.emc.storageos.db.client.constraint.URIQueryResultList) Test(org.junit.Test)

Example 12 with AuthnProvider

use of com.emc.storageos.db.client.model.AuthnProvider in project coprhd-controller by CoprHD.

the class DbClientGeoTest method testEncryption.

@Test
public void testEncryption() {
    DbClient dbClient = getDbClient();
    // create a geo-replicated object with an encrypted field
    AuthnProvider authProvider = new AuthnProvider();
    authProvider.setId(URIUtil.createId(AuthnProvider.class));
    authProvider.setManagerPassword("password");
    dbClient.createObject(authProvider);
    // create a local object with an encrypted field
    Vcenter vc = new Vcenter();
    vc.setId(URIUtil.createId(Vcenter.class));
    vc.setPassword("password");
    dbClient.createObject(vc);
    AuthnProvider q0 = dbClient.queryObject(AuthnProvider.class, authProvider.getId());
    Assert.assertNotNull(q0);
    Assert.assertEquals(q0.getManagerPassword(), "password");
    Vcenter k0 = dbClient.queryObject(Vcenter.class, vc.getId());
    Assert.assertNotNull(k0);
    Assert.assertEquals(k0.getPassword(), "password");
    // null out geo encryption provider; make sure local object is still valid
    TypeMap.setEncryptionProviders(_encryptionProvider, null);
    Vcenter k1 = dbClient.queryObject(Vcenter.class, vc.getId());
    Assert.assertNotNull(k1);
    Assert.assertEquals(k1.getPassword(), "password");
    // geo-replicated object should be encrypted
    AuthnProvider q1 = dbClient.queryObject(AuthnProvider.class, authProvider.getId());
    Assert.assertNotNull(q1);
    Assert.assertFalse(q1.getManagerPassword().equals("password"));
    // restore geo encryption provider and null out local
    TypeMap.setEncryptionProviders(null, _geoEncryptionProvider);
    AuthnProvider q2 = dbClient.queryObject(AuthnProvider.class, authProvider.getId());
    Assert.assertNotNull(q2);
    Assert.assertEquals(q2.getManagerPassword(), "password");
    Vcenter k2 = dbClient.queryObject(Vcenter.class, vc.getId());
    Assert.assertNotNull(k2);
    Assert.assertFalse(k2.getPassword().equals("password"));
    // now just to make sure the encryption keys are different, lets swap them
    // and make sure the queries are not successful
    TypeMap.setEncryptionProviders(_geoEncryptionProvider, _encryptionProvider);
    try {
        AuthnProvider q3 = dbClient.queryObject(AuthnProvider.class, authProvider.getId());
        Assert.fail("geo repliated object query after swapping encryption providers succeeded; failure expected");
    } catch (Exception e) {
    // this is expected; test passes
    }
    try {
        Vcenter k3 = dbClient.queryObject(Vcenter.class, vc.getId());
        Assert.fail("local object query after swapping encryption providers succeeded; failure expected");
    } catch (Exception e) {
    // this is expected; test passes
    }
}
Also used : Vcenter(com.emc.storageos.db.client.model.Vcenter) DbClient(com.emc.storageos.db.client.DbClient) AuthnProvider(com.emc.storageos.db.client.model.AuthnProvider) DatabaseException(com.emc.storageos.db.exceptions.DatabaseException) Test(org.junit.Test)

Example 13 with AuthnProvider

use of com.emc.storageos.db.client.model.AuthnProvider in project coprhd-controller by CoprHD.

the class ImmutableAuthenticationProviders method getInstance.

/**
 * Factory method to retrieve an instance of this class
 *
 * @param dbclient: db client to access the configurations
 * @param _localAuthenticationProvider: the local auth provider, which must always be passed in and will
 *            be added in the list first.
 * @param providerConfigs: provider configurations from db
 * @return
 */
public static ImmutableAuthenticationProviders getInstance(DbClient dbclient, CoordinatorClient coordinator, AuthenticationProvider _localAuthenticationProvider, List<AuthnProvider> providerConfigs) {
    List<AuthenticationProvider> authenticationProviders = new ArrayList<AuthenticationProvider>();
    authenticationProviders.add(_localAuthenticationProvider);
    if (providerConfigs == null) {
        // bail here
        _log.info("Skipping load authentication providers from the database");
        return new ImmutableAuthenticationProviders(authenticationProviders);
    }
    _log.info("Loading authentication providers from the database");
    for (AuthnProvider authenticationConfiguration : providerConfigs) {
        _log.debug("Adding auth provider with ID {}", authenticationConfiguration.getId());
        if (authenticationConfiguration.getInactive() || authenticationConfiguration.getDisable()) {
            _log.info("Skipping authentication provider {} because it is inactive", authenticationConfiguration.getId());
            continue;
        }
        try {
            AuthenticationProvider provider = getAuthenticationProvider(coordinator, authenticationConfiguration, dbclient);
            if (null != provider) {
                authenticationProviders.add(provider);
            }
        } catch (Exception e) {
            _log.error("Failed to create authentication configuration {} with exception {}", authenticationConfiguration.getId(), e);
        }
    }
    _log.info("Loaded {} authentication handlers", authenticationProviders.size());
    return new ImmutableAuthenticationProviders(authenticationProviders);
}
Also used : AuthnProvider(com.emc.storageos.db.client.model.AuthnProvider) ArrayList(java.util.ArrayList) AuthenticationException(org.springframework.ldap.AuthenticationException) APIException(com.emc.storageos.svcs.errorhandling.resources.APIException) CommunicationException(org.springframework.ldap.CommunicationException) SecurityException(com.emc.storageos.security.exceptions.SecurityException) PartialResultException(org.springframework.ldap.PartialResultException) NameNotFoundException(org.springframework.ldap.NameNotFoundException)

Example 14 with AuthnProvider

use of com.emc.storageos.db.client.model.AuthnProvider in project coprhd-controller by CoprHD.

the class StorageOSLdapPersonAttributeDao method getAuthnProviderDomains.

/**
 * Gets all the domains supported by the authn providers that supports
 * the particular domain.
 *
 * @param domain to find the supported authn provider.
 * @return returns all the supported domains of each authn provider
 * supports the domain.
 */
private StringSet getAuthnProviderDomains(String domain) {
    StringSet authnProviderDomains = new StringSet();
    URIQueryResultList providers = new URIQueryResultList();
    try {
        _dbClient.queryByConstraint(AlternateIdConstraint.Factory.getAuthnProviderDomainConstraint(domain.toLowerCase()), providers);
    } catch (DatabaseException ex) {
        _log.error("Could not query for authn providers to check for existing domain {}", domain, ex.getStackTrace());
        throw ex;
    }
    // Add all the domains of the AuthnProvider if it is not in disabled state.
    // We expect only one authn provider here because, we cannot have multiple
    // authn provider supporting same domain.
    Iterator<URI> it = providers.iterator();
    if (it.hasNext()) {
        URI providerURI = it.next();
        AuthnProvider provider = _dbClient.queryObject(AuthnProvider.class, providerURI);
        if (provider != null && provider.getDisable() == false) {
            authnProviderDomains.addAll(provider.getDomains());
        }
    }
    return authnProviderDomains;
}
Also used : AuthnProvider(com.emc.storageos.db.client.model.AuthnProvider) StringSet(com.emc.storageos.db.client.model.StringSet) DatabaseException(com.emc.storageos.db.exceptions.DatabaseException) URI(java.net.URI) URIQueryResultList(com.emc.storageos.db.client.constraint.URIQueryResultList)

Example 15 with AuthnProvider

use of com.emc.storageos.db.client.model.AuthnProvider in project coprhd-controller by CoprHD.

the class CustomAuthenticationManagerTest method testGetUserGroups.

@Test
public void testGetUserGroups() throws Exception {
    cleanupProviders();
    AuthnProvider authConfig = createValidAuthProviderInDB();
    final String DOMAIN_USERS_GROUP = "Domain Users@sanity.local";
    final String OUTER_GROUP = "OuterGroup@sanity.local";
    final String INNER_GROUP = "InsideGroup@sanity.local";
    // look for a user with an unsupported domain
    String principalSearchFailedFormat = "Search for %s failed for this tenant, or could not be found for this tenant.";
    String user = "invaliduser@invalidDomain.com";
    UserDetails userDetails = null;
    try {
        userDetails = _authManager.getUserDetails(user);
        Assert.assertNull(userDetails);
    } catch (SecurityException e) {
        Assert.fail("Got a SecurityException when BadRequestException was expected. Details: " + e.getLocalizedMessage());
    } catch (BadRequestException e) {
        assertServiceError(HttpStatus.SC_BAD_REQUEST, ServiceCode.API_BAD_REQUEST, String.format(principalSearchFailedFormat, user), e);
    } catch (Exception e) {
        Assert.fail("Got a " + e.getClass().toString() + "when BadRequestException was expected. Details: " + e.getLocalizedMessage());
    }
    // look for a user that doesn't exist
    user = "iShouldntExistAnywhereInTheWholeWideWorld@sanity.local";
    try {
        _authManager.getUserDetails(user);
        Assert.assertNull(userDetails);
    } catch (SecurityException e) {
        Assert.fail("Got a SecurityException when BadRequestException was expected. Details: " + e.getLocalizedMessage());
    } catch (BadRequestException e) {
        assertServiceError(HttpStatus.SC_BAD_REQUEST, ServiceCode.API_BAD_REQUEST, String.format(principalSearchFailedFormat, user), e);
    } catch (Exception e) {
        Assert.fail("Got a " + e.getClass().toString() + "when BadRequestException was expected. Details: " + e.getLocalizedMessage());
    }
    // look for a user that does exist
    user = "userGroupsTestUser@sanity.local";
    try {
        userDetails = _authManager.getUserDetails(user);
        Assert.assertNotNull(userDetails);
        Assert.assertEquals(3, userDetails.getUserGroupList().size());
        Assert.assertTrue("user is supposed to be part of the root tenant " + _rootTenantId + "but is actually in tenant" + userDetails.getTenant(), _rootTenantId.toString().equals(userDetails.getTenant()));
        boolean isDomainUser = false;
        boolean isInsideGroup = false;
        boolean isOuterGroup = false;
        for (String groupName : userDetails.getUserGroupList()) {
            if (groupName.equalsIgnoreCase(DOMAIN_USERS_GROUP)) {
                isDomainUser = true;
            } else if (groupName.equalsIgnoreCase(INNER_GROUP)) {
                isInsideGroup = true;
            } else if (groupName.equalsIgnoreCase(OUTER_GROUP)) {
                isOuterGroup = true;
            }
        }
        Assert.assertTrue("isDomainUser = " + isDomainUser + ", isInsideGroup = " + isInsideGroup + ", isOuterGroup = " + isOuterGroup, isDomainUser && isInsideGroup && isOuterGroup);
    } catch (SecurityException e) {
        Assert.fail("Got a SecurityException. Details: " + e.getLocalizedMessage());
    } catch (BadRequestException e) {
        Assert.fail("Got a BadRequestException. Details: " + e.getLocalizedMessage());
    } catch (Exception e) {
        Assert.fail("Got a " + e.getClass().toString() + ". Details: " + e.getLocalizedMessage());
    }
    // now test the returned user has the right tenant- it should now be mapped to the
    // subtenant
    UserMapping tenantMapping = new UserMapping();
    tenantMapping.setDomain("sanity.local");
    tenantMapping.setGroups(Collections.singletonList(OUTER_GROUP.split("@")[0]));
    StringSetMap mappings = new StringSetMap();
    mappings.put(tenantMapping.getDomain(), tenantMapping.toString());
    URI subtenantId = URIUtil.createId(TenantOrg.class);
    TenantOrg subtenant = new TenantOrg();
    subtenant.setLabel("subtenant for user groups test");
    subtenant.setDescription("auth subtenan1t");
    subtenant.setId(subtenantId);
    subtenant.setParentTenant(new NamedURI(_rootTenantId, "subtenant"));
    subtenant.setUserMappings(mappings);
    _dbClient.persistObject(subtenant);
    try {
        userDetails = _authManager.getUserDetails(user);
        Assert.assertNotNull(userDetails);
        Assert.assertEquals(3, userDetails.getUserGroupList().size());
        boolean isDomainUser = false;
        boolean isInsideGroup = false;
        boolean isOuterGroup = false;
        for (String groupName : userDetails.getUserGroupList()) {
            if (groupName.equalsIgnoreCase(DOMAIN_USERS_GROUP)) {
                isDomainUser = true;
            } else if (groupName.equalsIgnoreCase(INNER_GROUP)) {
                isInsideGroup = true;
            } else if (groupName.equalsIgnoreCase(OUTER_GROUP)) {
                isOuterGroup = true;
            }
        }
        Assert.assertTrue("isDomainUser = " + isDomainUser + ", isInsideGroup = " + isInsideGroup + ", isOuterGroup = " + isOuterGroup, isDomainUser && isInsideGroup && isOuterGroup);
        Assert.assertTrue("user is supposed to be part of the subtenant " + subtenantId + " but is actually in tenant " + userDetails.getTenant() + " (root tenant is " + _rootTenantId + " )", subtenantId.toString().equals(userDetails.getTenant()));
    } catch (SecurityException e) {
        Assert.fail("Got a SecurityException. Details: " + e.getLocalizedMessage());
    } catch (BadRequestException e) {
        Assert.fail("Got a BadRequestException. Details: " + e.getLocalizedMessage());
    } catch (Exception e) {
        Assert.fail("Got a " + e.getClass().toString() + ". Details: " + e.getLocalizedMessage());
    }
}
Also used : StringSetMap(com.emc.storageos.db.client.model.StringSetMap) UserDetails(com.emc.storageos.security.resource.UserInfoPage.UserDetails) UserMapping(com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping) AuthnProvider(com.emc.storageos.db.client.model.AuthnProvider) NamedURI(com.emc.storageos.db.client.model.NamedURI) TenantOrg(com.emc.storageos.db.client.model.TenantOrg) BadRequestException(com.emc.storageos.svcs.errorhandling.resources.BadRequestException) NamedURI(com.emc.storageos.db.client.model.NamedURI) URI(java.net.URI) APIException(com.emc.storageos.svcs.errorhandling.resources.APIException) BadRequestException(com.emc.storageos.svcs.errorhandling.resources.BadRequestException) ExpectedException(org.junit.rules.ExpectedException)

Aggregations

AuthnProvider (com.emc.storageos.db.client.model.AuthnProvider)22 URI (java.net.URI)10 StringSet (com.emc.storageos.db.client.model.StringSet)9 URIQueryResultList (com.emc.storageos.db.client.constraint.URIQueryResultList)5 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)5 NamedURI (com.emc.storageos.db.client.model.NamedURI)4 DbClient (com.emc.storageos.db.client.DbClient)3 APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)3 ArrayList (java.util.ArrayList)3 Test (org.junit.Test)3 ContainmentConstraint (com.emc.storageos.db.client.constraint.ContainmentConstraint)2 StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)2 StringSetMap (com.emc.storageos.db.client.model.StringSetMap)2 TenantOrg (com.emc.storageos.db.client.model.TenantOrg)2 Vcenter (com.emc.storageos.db.client.model.Vcenter)2 InternalDbClient (com.emc.storageos.db.client.upgrade.InternalDbClient)2 UserMapping (com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping)2 List (java.util.List)2 AixSystem (com.emc.aix.AixSystem)1 HpuxSystem (com.emc.hpux.HpuxSystem)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial