Example 1 with UserDetails
use of com.emc.storageos.security.resource.UserInfoPage.UserDetails in project coprhd-controller by CoprHD.
the class CustomAuthenticationManager method getUserDetails.
@Override
public UserDetails getUserDetails(final String username) {
UsernamePasswordCredentials creds = new UsernamePasswordCredentials(username, "");
for (AuthenticationProvider provider : getAuthenticationProviders()) {
if (!provider.getHandler().supports(creds)) {
continue;
}
ValidationFailureReason[] reason = new ValidationFailureReason[] { ValidationFailureReason.USER_OR_GROUP_NOT_FOUND_FOR_TENANT };
StorageOSUserDAO user = provider.getAttributeRepository().getStorageOSUser(creds, reason);
if (user != null) {
UserDetails userDetails = new UserDetails();
userDetails.setUsername(username);
userDetails.getUserGroupList().addAll(user.getGroups());
userDetails.setTenant(user.getTenantId());
return userDetails;
} else {
switch(reason[0]) {
case LDAP_CONNECTION_FAILED:
throw SecurityException.fatals.communicationToLDAPResourceFailed();
case LDAP_MANAGER_AUTH_FAILED:
throw SecurityException.fatals.ldapManagerAuthenticationFailed();
default:
case USER_OR_GROUP_NOT_FOUND_FOR_TENANT:
throw APIException.badRequests.principalSearchFailed(username);
}
}
}
throw APIException.badRequests.principalSearchFailed(username);
}
Also used :
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
UserDetails(com.emc.storageos.security.resource.UserInfoPage.UserDetails)
UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials)
Example 2 with UserDetails
use of com.emc.storageos.security.resource.UserInfoPage.UserDetails in project coprhd-controller by CoprHD.
the class UserInfoHelperTest method testGetUserDetails.
@Test
public void testGetUserDetails() throws Exception {
// look for a user with an unsupported domain
String principalSearchFailedFormat = "Search for %s failed for this tenant, or could not be found for this tenant.";
String user = user_in_wrong_domain;
StringBuilder error = new StringBuilder();
UserDetails userDetails = userInfoHelper.getUserDetails(user, error);
String actualError = error.toString();
String expectedError = String.format(principalSearchFailedFormat, user);
Assert.assertNull(userDetails);
Assert.assertEquals("Got an unexpected error. Error: " + actualError, expectedError, actualError);
// look for a user that doesn't exist
user = user_doesnt_exist;
error = new StringBuilder();
userDetails = userInfoHelper.getUserDetails(user, error);
Assert.assertNull(userDetails);
Assert.assertEquals("Got an unexpected error. Error: " + actualError, expectedError, actualError);
// look for a user that does exist
user = existing_user;
error = new StringBuilder();
userDetails = userInfoHelper.getUserDetails(user, error);
Assert.assertNotNull(userDetails);
Assert.assertEquals("The groups " + user + " is a member of are: " + StringUtils.join(userDetails.getUserGroupList(), ", "), num_of_groups, userDetails.getUserGroupList().size());
Assert.assertNotNull(userDetails.getTenant());
}
Also used :
UserDetails(com.emc.storageos.security.resource.UserInfoPage.UserDetails)
Test(org.junit.Test)
Example 3 with UserDetails
use of com.emc.storageos.security.resource.UserInfoPage.UserDetails in project coprhd-controller by CoprHD.
the class CustomAuthenticationManagerTest method testGetUserGroups.
@Test
public void testGetUserGroups() throws Exception {
cleanupProviders();
AuthnProvider authConfig = createValidAuthProviderInDB();
final String DOMAIN_USERS_GROUP = "Domain Users@sanity.local";
final String OUTER_GROUP = "OuterGroup@sanity.local";
final String INNER_GROUP = "InsideGroup@sanity.local";
// look for a user with an unsupported domain
String principalSearchFailedFormat = "Search for %s failed for this tenant, or could not be found for this tenant.";
String user = "invaliduser@invalidDomain.com";
UserDetails userDetails = null;
try {
userDetails = _authManager.getUserDetails(user);
Assert.assertNull(userDetails);
} catch (SecurityException e) {
Assert.fail("Got a SecurityException when BadRequestException was expected. Details: " + e.getLocalizedMessage());
} catch (BadRequestException e) {
assertServiceError(HttpStatus.SC_BAD_REQUEST, ServiceCode.API_BAD_REQUEST, String.format(principalSearchFailedFormat, user), e);
} catch (Exception e) {
Assert.fail("Got a " + e.getClass().toString() + "when BadRequestException was expected. Details: " + e.getLocalizedMessage());
}
// look for a user that doesn't exist
user = "iShouldntExistAnywhereInTheWholeWideWorld@sanity.local";
try {
_authManager.getUserDetails(user);
Assert.assertNull(userDetails);
} catch (SecurityException e) {
Assert.fail("Got a SecurityException when BadRequestException was expected. Details: " + e.getLocalizedMessage());
} catch (BadRequestException e) {
assertServiceError(HttpStatus.SC_BAD_REQUEST, ServiceCode.API_BAD_REQUEST, String.format(principalSearchFailedFormat, user), e);
} catch (Exception e) {
Assert.fail("Got a " + e.getClass().toString() + "when BadRequestException was expected. Details: " + e.getLocalizedMessage());
}
// look for a user that does exist
user = "userGroupsTestUser@sanity.local";
try {
userDetails = _authManager.getUserDetails(user);
Assert.assertNotNull(userDetails);
Assert.assertEquals(3, userDetails.getUserGroupList().size());
Assert.assertTrue("user is supposed to be part of the root tenant " + _rootTenantId + "but is actually in tenant" + userDetails.getTenant(), _rootTenantId.toString().equals(userDetails.getTenant()));
boolean isDomainUser = false;
boolean isInsideGroup = false;
boolean isOuterGroup = false;
for (String groupName : userDetails.getUserGroupList()) {
if (groupName.equalsIgnoreCase(DOMAIN_USERS_GROUP)) {
isDomainUser = true;
} else if (groupName.equalsIgnoreCase(INNER_GROUP)) {
isInsideGroup = true;
} else if (groupName.equalsIgnoreCase(OUTER_GROUP)) {
isOuterGroup = true;
}
}
Assert.assertTrue("isDomainUser = " + isDomainUser + ", isInsideGroup = " + isInsideGroup + ", isOuterGroup = " + isOuterGroup, isDomainUser && isInsideGroup && isOuterGroup);
} catch (SecurityException e) {
Assert.fail("Got a SecurityException. Details: " + e.getLocalizedMessage());
} catch (BadRequestException e) {
Assert.fail("Got a BadRequestException. Details: " + e.getLocalizedMessage());
} catch (Exception e) {
Assert.fail("Got a " + e.getClass().toString() + ". Details: " + e.getLocalizedMessage());
}
// now test the returned user has the right tenant- it should now be mapped to the
// subtenant
UserMapping tenantMapping = new UserMapping();
tenantMapping.setDomain("sanity.local");
tenantMapping.setGroups(Collections.singletonList(OUTER_GROUP.split("@")[0]));
StringSetMap mappings = new StringSetMap();
mappings.put(tenantMapping.getDomain(), tenantMapping.toString());
URI subtenantId = URIUtil.createId(TenantOrg.class);
TenantOrg subtenant = new TenantOrg();
subtenant.setLabel("subtenant for user groups test");
subtenant.setDescription("auth subtenan1t");
subtenant.setId(subtenantId);
subtenant.setParentTenant(new NamedURI(_rootTenantId, "subtenant"));
subtenant.setUserMappings(mappings);
_dbClient.persistObject(subtenant);
try {
userDetails = _authManager.getUserDetails(user);
Assert.assertNotNull(userDetails);
Assert.assertEquals(3, userDetails.getUserGroupList().size());
boolean isDomainUser = false;
boolean isInsideGroup = false;
boolean isOuterGroup = false;
for (String groupName : userDetails.getUserGroupList()) {
if (groupName.equalsIgnoreCase(DOMAIN_USERS_GROUP)) {
isDomainUser = true;
} else if (groupName.equalsIgnoreCase(INNER_GROUP)) {
isInsideGroup = true;
} else if (groupName.equalsIgnoreCase(OUTER_GROUP)) {
isOuterGroup = true;
}
}
Assert.assertTrue("isDomainUser = " + isDomainUser + ", isInsideGroup = " + isInsideGroup + ", isOuterGroup = " + isOuterGroup, isDomainUser && isInsideGroup && isOuterGroup);
Assert.assertTrue("user is supposed to be part of the subtenant " + subtenantId + " but is actually in tenant " + userDetails.getTenant() + " (root tenant is " + _rootTenantId + " )", subtenantId.toString().equals(userDetails.getTenant()));
} catch (SecurityException e) {
Assert.fail("Got a SecurityException. Details: " + e.getLocalizedMessage());
} catch (BadRequestException e) {
Assert.fail("Got a BadRequestException. Details: " + e.getLocalizedMessage());
} catch (Exception e) {
Assert.fail("Got a " + e.getClass().toString() + ". Details: " + e.getLocalizedMessage());
}
}
Also used :
StringSetMap(com.emc.storageos.db.client.model.StringSetMap)
UserDetails(com.emc.storageos.security.resource.UserInfoPage.UserDetails)
UserMapping(com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping)
AuthnProvider(com.emc.storageos.db.client.model.AuthnProvider)
NamedURI(com.emc.storageos.db.client.model.NamedURI)
TenantOrg(com.emc.storageos.db.client.model.TenantOrg)
BadRequestException(com.emc.storageos.svcs.errorhandling.resources.BadRequestException)
NamedURI(com.emc.storageos.db.client.model.NamedURI)
URI(java.net.URI)
APIException(com.emc.storageos.svcs.errorhandling.resources.APIException)
BadRequestException(com.emc.storageos.svcs.errorhandling.resources.BadRequestException)
ExpectedException(org.junit.rules.ExpectedException)
Aggregations
UserDetails (com.emc.storageos.security.resource.UserInfoPage.UserDetails)3
AuthnProvider (com.emc.storageos.db.client.model.AuthnProvider)1
NamedURI (com.emc.storageos.db.client.model.NamedURI)1
StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)1
StringSetMap (com.emc.storageos.db.client.model.StringSetMap)1
TenantOrg (com.emc.storageos.db.client.model.TenantOrg)1
UserMapping (com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping)1
APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)1
BadRequestException (com.emc.storageos.svcs.errorhandling.resources.BadRequestException)1
URI (java.net.URI)1
UsernamePasswordCredentials (org.apache.commons.httpclient.UsernamePasswordCredentials)1
Test (org.junit.Test)1
ExpectedException (org.junit.rules.ExpectedException)1
