Example 11 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class TokenManagerTests method testVerifyAndResolveTokens.
/**
* Token tests for verify and resolve
*/
@Test
public void testVerifyAndResolveTokens() throws Exception {
commonDefaultSetupForSingleNodeTests();
// Test - new ticket issue
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("root");
userDAO.setIsLocal(true);
StringSet groups = new StringSet();
groups.add("gr1");
groups.add("gr2");
userDAO.setGroups(groups);
StringSet attributes = new StringSet();
attributes.add("atrr1");
attributes.add("attr2");
userDAO.setAttributes(attributes);
final String token = _tokenManager.getToken(userDAO);
Assert.assertNotNull(token);
Token tokenVerif = (Token) _tokenManager.verifyToken(token);
Assert.assertNotNull(tokenVerif);
StorageOSUserDAO gotUser = _tokenManager.resolveUser(tokenVerif);
Assert.assertTrue(gotUser.getIsLocal());
Assert.assertEquals(userDAO.getUserName(), gotUser.getUserName());
Assert.assertEquals(gotUser.getGroups().size(), groups.size());
Assert.assertEquals(gotUser.getAttributes().size(), attributes.size());
// Try with a non local user, make sure local flag is preserved
StorageOSUserDAO userDAO2 = new StorageOSUserDAO();
userDAO2.setUserName("user@domain.com");
userDAO2.setIsLocal(false);
final String token2 = _tokenManager.getToken(userDAO2);
Assert.assertNotNull(token2);
Token tokenVerif2 = (Token) _tokenManager.verifyToken(token2);
Assert.assertNotNull(tokenVerif2);
// make sure the is local flag checks out
StorageOSUserDAO gotUser2 = _tokenManager.resolveUser(tokenVerif2);
Assert.assertFalse(gotUser2.getIsLocal());
}
Also used :
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
StringSet(com.emc.storageos.db.client.model.StringSet)
SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
BaseToken(com.emc.storageos.db.client.model.BaseToken)
Test(org.junit.Test)
Example 12 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class CustomAuthenticationManagerTest method testUserRefresh.
@Test
public void testUserRefresh() throws Exception {
AuthnProvider authConfig = createValidAuthProviderInDB();
// First try to refresh a user that does not exist in the DB- Should fail with a
// BadRequestException, where the message says that the parameter is not valid
String userName = "iShouldntExistAnywhereInTheWholeWideWorld@sanity.local".toLowerCase();
boolean exceptionWasCaught = false;
try {
_authManager.refreshUser(userName);
} catch (SecurityException e) {
// should not get here.
Assert.fail("Got a securityExcpetion instead of BadRequestException, message is " + e.getLocalizedMessage());
} catch (APIException e) {
// this is what is expected
String errorMessage = "Invalid value " + userName + " for parameter username";
assertServiceError(HttpStatus.SC_BAD_REQUEST, ServiceCode.API_PARAMETER_INVALID, errorMessage, e);
exceptionWasCaught = true;
} finally {
Assert.assertTrue("Refresh user call for a user that does not exist in DB did not throw an exception", exceptionWasCaught);
}
// try to refresh a user that doesn't exist in ldap, but exists in the DB- should
// fail with a BadRequestException- Search for {0} failed for this tenant, or
// could not be found for this tenant. make sure the user gets deleted
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setId(URIUtil.createId(StorageOSUserDAO.class));
userDAO.setUserName(userName);
_dbClient.createObject(userDAO);
exceptionWasCaught = false;
try {
_authManager.refreshUser(userName);
} catch (SecurityException e) {
Assert.fail("Got a securityExcpetion instead of BadRequestException, message is " + e.getLocalizedMessage());
} catch (APIException e) {
String errorMessage = "Search for " + userName + " failed for this tenant, or could not be found for this tenant.";
assertServiceError(HttpStatus.SC_BAD_REQUEST, ServiceCode.API_BAD_REQUEST, errorMessage, e);
exceptionWasCaught = true;
} finally {
Assert.assertTrue("Refresh user call for a user that does not exist in LDAP did not throw an exception", exceptionWasCaught);
}
StorageOSUserDAO userDAOAfterRefresh = _dbClient.queryObject(StorageOSUserDAO.class, userDAO.getId());
if (userDAOAfterRefresh != null) {
Assert.assertTrue(userDAOAfterRefresh.getInactive());
}
// disable the authProvider and refresh a user- should fail with a
// BadRequestException - Search for {0} failed for this tenant, or
// could not be found for this tenant. make sure the user gets deleted
cleanupProviders();
userName = "sanity_user@sanity.local".toLowerCase();
userDAO = new StorageOSUserDAO();
userDAO.setId(URIUtil.createId(StorageOSUserDAO.class));
userDAO.setUserName(userName);
_dbClient.createObject(userDAO);
exceptionWasCaught = false;
try {
_authManager.refreshUser(userName);
} catch (SecurityException e) {
Assert.fail("Got a securityExcpetion instead of BadRequestException, message is " + e.getLocalizedMessage());
} catch (APIException e) {
String errorMessage = "Search for " + userName + " failed for this tenant, or could not be found for this tenant.";
assertServiceError(HttpStatus.SC_BAD_REQUEST, ServiceCode.API_BAD_REQUEST, errorMessage, e);
exceptionWasCaught = true;
} finally {
Assert.assertTrue("Refresh user call for a user who is not supported by any authentication handler did not throw an exception", exceptionWasCaught);
}
userDAOAfterRefresh = _dbClient.queryObject(StorageOSUserDAO.class, userDAO.getId());
if (userDAOAfterRefresh != null) {
Assert.assertTrue(userDAOAfterRefresh.getInactive());
}
// enable the authProvider and test user refresh - should not throw
authConfig = createValidAuthProviderInDB();
userDAO = new StorageOSUserDAO();
userDAO.setId(URIUtil.createId(StorageOSUserDAO.class));
userDAO.setUserName(userName);
_dbClient.createObject(userDAO);
try {
// refresh the user
_authManager.refreshUser(userName);
} catch (SecurityException e) {
Assert.fail("Got a FatalSecurityException, message is " + e.getLocalizedMessage());
} catch (APIException e) {
Assert.fail("Got a BadRequestException, message is " + e.getLocalizedMessage());
}
userDAOAfterRefresh = _dbClient.queryObject(StorageOSUserDAO.class, userDAO.getId());
Assert.assertNotNull(userDAOAfterRefresh.getTenantId());
Assert.assertTrue("sanity_user@sanity.local is supposed to be mapped to root tenant", _rootTenantId.toString().equals(userDAOAfterRefresh.getTenantId()));
}
Also used :
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
APIException(com.emc.storageos.svcs.errorhandling.resources.APIException)
AuthnProvider(com.emc.storageos.db.client.model.AuthnProvider)
Example 13 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class CassandraTokenManager method updateDBWithUser.
@Override
public StorageOSUserDAO updateDBWithUser(final StorageOSUserDAO userDAO, final List<StorageOSUserDAO> userRecords) {
StorageOSUserDAO user = null;
for (StorageOSUserDAO record : userRecords) {
if (!record.getInactive()) {
// update the record, most of the cases this is a NO-OP
// because user info does not change much
record.updateFrom(userDAO);
user = record;
_dbClient.persistObject(record);
}
}
return user;
}
Also used :
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
Example 14 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class CassandraTokenManager method getToken.
/**
* Persist/Update the StorageOSUserDAO record
* generates a new token or reuses an existing token.
*
* @return token as a String
*/
@Override
public String getToken(StorageOSUserDAO userDAO) {
try {
// always use lower case username for comparing/saving to db
userDAO.setUserName(userDAO.getUserName().toLowerCase());
// find an active user record, if there is one with an active token
List<StorageOSUserDAO> userRecords = getUserRecords(userDAO.getUserName());
StorageOSUserDAO user = updateDBWithUser(userDAO, userRecords);
// do we have a user account to use?
if (user == null) {
// No, create one
userDAO.setId(URIUtil.createId(StorageOSUserDAO.class));
_dbClient.persistObject(userDAO);
user = userDAO;
} else {
// check count
List<Token> tokensForUserId = getTokensForUserId(user.getId());
int maxTokens = user.getUserName().equalsIgnoreCase(PROXY_USER) ? _maxTokensForProxyUser : _maxTokensPerUserId;
double alertTokensSize = (maxTokens * TOKEN_WARNING_EIGHTY_PERCENT);
if (tokensForUserId.size() >= maxTokens) {
throw APIException.unauthorized.maxNumberOfTokenExceededForUser();
} else if (tokensForUserId.size() == (int) alertTokensSize) {
_log.warn("Prior to creating new token, user {} had {} tokens.", user.getUserName(), tokensForUserId.size());
}
}
return _tokenEncoder.encode(TokenOnWire.createTokenOnWire(createNewToken(user)));
} catch (DatabaseException ex) {
_log.error("Exception while persisting user information {}", userDAO.getUserName(), ex);
} catch (SecurityException e) {
_log.error("Token encoding exception. ", e);
}
return null;
}
Also used :
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
Token(com.emc.storageos.db.client.model.Token)
SecurityException(com.emc.storageos.security.exceptions.SecurityException)
DatabaseException(com.emc.storageos.db.exceptions.DatabaseException)
DecommissionedConstraint(com.emc.storageos.db.client.constraint.DecommissionedConstraint)
Example 15 with StorageOSUserDAO
use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.
the class CassandraTokenValidator method resolveUser.
/**
* Gets a userDAO record from a token or proxytoken
*/
@Override
public StorageOSUserDAO resolveUser(BaseToken token) {
if (token == null) {
return null;
}
URI userId = null;
// Skip expiration verification for proxy tokens.
// verify it is still valid, if not remove it from db and send back null
boolean isProxy = token instanceof ProxyToken;
if (isProxy) {
userId = ((ProxyToken) token).peekLastKnownId();
} else {
userId = ((Token) token).getUserId();
}
StorageOSUserDAO userDAO = _dbClient.queryObject(StorageOSUserDAO.class, userId);
if (userDAO == null) {
_log.error("No user record found or userId: {}", userId.toString());
return null;
}
return userDAO;
}
Also used :
ProxyToken(com.emc.storageos.db.client.model.ProxyToken)
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
URI(java.net.URI)
Aggregations
StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)37
Token (com.emc.storageos.db.client.model.Token)15
ProxyToken (com.emc.storageos.db.client.model.ProxyToken)12
Test (org.junit.Test)12
TokenOnWire (com.emc.storageos.security.authentication.TokenOnWire)11
URI (java.net.URI)10
BaseToken (com.emc.storageos.db.client.model.BaseToken)9
UsernamePasswordCredentials (org.apache.commons.httpclient.UsernamePasswordCredentials)9
SignedToken (com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)8
CassandraTokenManager (com.emc.storageos.auth.impl.CassandraTokenManager)7
Base64TokenEncoder (com.emc.storageos.security.authentication.Base64TokenEncoder)7
TokenKeyGenerator (com.emc.storageos.security.authentication.TokenKeyGenerator)7
TokenMaxLifeValuesHolder (com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)7
CoordinatorClient (com.emc.storageos.coordinator.client.service.CoordinatorClient)6
DbClient (com.emc.storageos.db.client.DbClient)6
AlternateIdConstraint (com.emc.storageos.db.client.constraint.AlternateIdConstraint)5
ContainmentConstraint (com.emc.storageos.db.client.constraint.ContainmentConstraint)5
UnauthorizedException (com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)5
StringSet (com.emc.storageos.db.client.model.StringSet)4
DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)4
