Examples with UnauthorizedException com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException used on opensource projects

Search in sources :

Example 1 with UnauthorizedException

use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.

the class TokenManagerTests method testBasicTokenKeysRotation.

/**
 * Basic rotation functionality is tested here using overridden rotation interval values
 *
 * @throws Exception
 */
@Test
public void testBasicTokenKeysRotation() throws Exception {
    TokenMaxLifeValuesHolder holder = new TokenMaxLifeValuesHolder();
    holder.setMaxTokenIdleTimeInMins(2);
    holder.setMaxTokenLifeTimeInMins(4);
    holder.setTokenIdleTimeGraceInMins(1);
    holder.setKeyRotationIntervalInMSecs(5000);
    CassandraTokenManager tokenManager = new CassandraTokenManager();
    Base64TokenEncoder encoder = new Base64TokenEncoder();
    TokenKeyGenerator tokenKeyGenerator = new TokenKeyGenerator();
    DbClient dbClient = getDbClient();
    CoordinatorClient coordinator = new TestCoordinator();
    tokenManager.setTokenMaxLifeValuesHolder(holder);
    tokenManager.setDbClient(dbClient);
    tokenManager.setCoordinator(coordinator);
    encoder.setCoordinator(coordinator);
    tokenKeyGenerator.setTokenMaxLifeValuesHolder(holder);
    encoder.setTokenKeyGenerator(tokenKeyGenerator);
    encoder.managerInit();
    tokenManager.setTokenEncoder(encoder);
    StorageOSUserDAO userDAO = new StorageOSUserDAO();
    userDAO.setUserName("user1");
    userDAO.setIsLocal(true);
    // get a regular token
    final String token = tokenManager.getToken(userDAO);
    Assert.assertNotNull(token);
    TokenOnWire tw1 = encoder.decode(token);
    Token tokenObj = dbClient.queryObject(Token.class, tw1.getTokenId());
    Assert.assertNotNull(tokenObj);
    // verify token
    StorageOSUserDAO gotUser = tokenManager.validateToken(token);
    Assert.assertNotNull(gotUser);
    // get a proxy token
    final String proxyToken = tokenManager.getProxyToken(gotUser);
    Assert.assertNotNull(proxyToken);
    // wait 6 seconds, this next token request will triggers a rotation
    Thread.sleep(6000);
    final String token2 = tokenManager.getToken(userDAO);
    Assert.assertNotNull(token2);
    // at this point, the first token should still be usable
    gotUser = tokenManager.validateToken(token);
    Assert.assertNotNull(gotUser);
    // wait another 6 seconds, trigger another rotation.
    Thread.sleep(6000);
    final String token3 = tokenManager.getToken(userDAO);
    Assert.assertNotNull(token3);
    // has been rotated out from the current, then previous spot. It is gone.
    try {
        gotUser = tokenManager.validateToken(token);
        Assert.fail("The token should not be usable.");
    } catch (UnauthorizedException ex) {
        // this exception is an expected one.
        Assert.assertTrue(true);
    }
    // after several rotations, proxy token should be unaffected
    gotUser = tokenManager.validateToken(proxyToken);
    Assert.assertNotNull(gotUser);
}
Also used : TokenMaxLifeValuesHolder(com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder) CassandraTokenManager(com.emc.storageos.auth.impl.CassandraTokenManager) StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO) DbClient(com.emc.storageos.db.client.DbClient) UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException) CoordinatorClient(com.emc.storageos.coordinator.client.service.CoordinatorClient) Base64TokenEncoder(com.emc.storageos.security.authentication.Base64TokenEncoder) TokenKeyGenerator(com.emc.storageos.security.authentication.TokenKeyGenerator) TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire) SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken) ProxyToken(com.emc.storageos.db.client.model.ProxyToken) Token(com.emc.storageos.db.client.model.Token) BaseToken(com.emc.storageos.db.client.model.BaseToken) Test(org.junit.Test)

Example 2 with UnauthorizedException

use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.

the class TokenManagerTests method testTokens.

/**
 * main set of tests for tokens
 */
@Test
public void testTokens() throws Exception {
    commonDefaultSetupForSingleNodeTests();
    // Test - new ticket issue
    StorageOSUserDAO userDAO = new StorageOSUserDAO();
    userDAO.setUserName("user1");
    userDAO.setIsLocal(true);
    long now = System.currentTimeMillis() / (60 * 1000);
    final String token = _tokenManager.getToken(userDAO);
    Assert.assertNotNull(token);
    TokenOnWire tw1 = _encoder.decode(token);
    Token tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
    Assert.assertNotNull(tokenObj);
    Assert.assertNotNull(tokenObj.getUserId());
    Assert.assertTrue(tokenObj.getExpirationTime() >= (now + 4));
    final URI userId = tokenObj.getUserId();
    // verify token
    StorageOSUserDAO gotUser = _tokenManager.validateToken(token);
    Assert.assertNotNull(gotUser);
    Assert.assertEquals(userId, gotUser.getId());
    // Test - update user info, reuse token
    StringSet groups = new StringSet();
    groups.add("gr1");
    groups.add("gr2");
    userDAO.setGroups(groups);
    StringSet attributes = new StringSet();
    attributes.add("atrr1");
    attributes.add("attr2");
    userDAO.setAttributes(attributes);
    String token2 = _tokenManager.getToken(userDAO);
    // different tokens for same user record
    Assert.assertFalse(token.equals(token2));
    TokenOnWire tw2 = _encoder.decode(token2);
    Assert.assertFalse(tw1.getTokenId().equals(tw2.getTokenId()));
    tokenObj = _dbClient.queryObject(Token.class, tw2.getTokenId());
    Assert.assertNotNull(tokenObj);
    Assert.assertNotNull(tokenObj.getUserId());
    Assert.assertEquals(userId, tokenObj.getUserId());
    StorageOSUserDAO userInfo = _dbClient.queryObject(StorageOSUserDAO.class, userId);
    Assert.assertNotNull(userInfo);
    Assert.assertEquals(userId, userInfo.getId());
    Assert.assertFalse(userInfo.getInactive());
    Assert.assertEquals(groups.size(), userInfo.getGroups().size());
    Assert.assertEquals(attributes.size(), userInfo.getAttributes().size());
    Assert.assertTrue(userInfo.getIsLocal());
    // verify token
    gotUser = _tokenManager.validateToken(token2);
    Assert.assertNotNull(gotUser);
    Assert.assertEquals(userId, gotUser.getId());
    // Test - update user info, new token
    userDAO = new StorageOSUserDAO();
    userDAO.setUserName("user1");
    groups = new StringSet();
    groups.add("gr1");
    userDAO.setGroups(groups);
    attributes = new StringSet();
    attributes.add("atrr1");
    attributes.add("attr2");
    attributes.add("attr3");
    userDAO.setAttributes(attributes);
    // new token
    final String token3 = _tokenManager.getToken(userDAO);
    Assert.assertFalse(token2.equals(token3));
    TokenOnWire tw3 = _encoder.decode(token3);
    tokenObj = _dbClient.queryObject(Token.class, tw3.getTokenId());
    Assert.assertNotNull(tokenObj);
    Assert.assertNotNull(tokenObj.getUserId());
    Assert.assertEquals(userId, tokenObj.getUserId());
    userInfo = _dbClient.queryObject(StorageOSUserDAO.class, userId);
    Assert.assertNotNull(userInfo);
    Assert.assertEquals(userId, userInfo.getId());
    Assert.assertFalse(userInfo.getInactive());
    Assert.assertEquals(groups.size(), userInfo.getGroups().size());
    Assert.assertEquals(attributes.size(), userInfo.getAttributes().size());
    Assert.assertTrue(userInfo.getIsLocal());
    // verify token
    gotUser = _tokenManager.validateToken(token3);
    Assert.assertNotNull(gotUser);
    Assert.assertEquals(userId, gotUser.getId());
    // Test - idle time timeout
    tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
    // extend expiration by 10min, so that will not happen
    now = (System.currentTimeMillis() / (60 * 1000));
    tokenObj.setLastAccessTime(now);
    tokenObj.setExpirationTime(now + 5);
    _dbClient.persistObject(tokenObj);
    int count = 8;
    while (count-- > 0) {
        // validate every 30 sec, for the next 4 min
        Thread.sleep(30 * 1000);
        gotUser = _tokenManager.validateToken(token);
        Assert.assertNotNull(gotUser);
    }
    // set last access time back
    tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
    tokenObj.setLastAccessTime((System.currentTimeMillis() / (60 * 1000)) - 3);
    _dbClient.persistObject(tokenObj);
    // validate token on the old token - should fail
    gotUser = _tokenManager.validateToken(token);
    Assert.assertNull(gotUser);
    // token object should be deleted from db,
    // but user info should not be effected because we have another token pointing to it
    tokenObj = _dbClient.queryObject(Token.class, tw1.getTokenId());
    Assert.assertNull(tokenObj);
    userInfo = _dbClient.queryObject(StorageOSUserDAO.class, userId);
    Assert.assertNotNull(userInfo);
    Assert.assertFalse(userInfo.getInactive());
    // Test - deletion of token
    // should set userinfo inactive - because this is the last token pointing to it
    _tokenManager.deleteToken(token2);
    _tokenManager.deleteToken(token3);
    userInfo = _dbClient.queryObject(StorageOSUserDAO.class, userId);
    Assert.assertNotNull(userInfo);
    Assert.assertTrue(userInfo.getInactive());
    // Test - with inactive user info - new token request
    // new token and new user info created - with possible race condition to create more than one each
    int numThreads = 5;
    final List<String> tokens = Collections.synchronizedList(new ArrayList<String>());
    final List<URI> userIds = Collections.synchronizedList(new ArrayList<URI>());
    ExecutorService executor = Executors.newFixedThreadPool(numThreads);
    final CountDownLatch wait = new CountDownLatch(numThreads);
    for (int index = 0; index < numThreads; index++) {
        executor.submit(new Callable<Object>() {

            @Override
            public Object call() throws Exception {
                wait.countDown();
                wait.await();
                StorageOSUserDAO userDAO = new StorageOSUserDAO();
                userDAO.setUserName("user1");
                String token4 = _tokenManager.getToken(userDAO);
                TokenOnWire tw4 = _encoder.decode(token4);
                Assert.assertFalse(token3.equals(token4));
                Assert.assertFalse(token.equals(token4));
                Token tokenObj = _dbClient.queryObject(Token.class, tw4.getTokenId());
                Assert.assertNotNull(tokenObj);
                Assert.assertNotNull(tokenObj.getUserId());
                Assert.assertFalse(userId.equals(tokenObj.getUserId()));
                StorageOSUserDAO userInfo = _dbClient.queryObject(StorageOSUserDAO.class, tokenObj.getUserId());
                Assert.assertNotNull(userInfo);
                Assert.assertEquals(userDAO.getUserName(), userInfo.getUserName());
                Assert.assertFalse(userInfo.getInactive());
                Assert.assertFalse(userInfo.getIsLocal());
                tokens.add(token4);
                userIds.add(userInfo.getId());
                return null;
            }
        });
    }
    executor.shutdown();
    Assert.assertTrue(executor.awaitTermination(60, TimeUnit.SECONDS));
    Assert.assertTrue(!tokens.isEmpty());
    Assert.assertTrue(!userIds.isEmpty());
    // Test - delete all tokens
    _tokenManager.deleteAllTokensForUser(userDAO.getUserName(), true);
    List<URI> tokensURIs = new ArrayList<URI>();
    for (String rawToken : tokens) {
        tokensURIs.add(_encoder.decode(rawToken).getTokenId());
    }
    List<Token> allTokens = _dbClient.queryObject(Token.class, tokensURIs);
    Assert.assertTrue(allTokens.isEmpty());
    List<StorageOSUserDAO> users = _dbClient.queryObject(StorageOSUserDAO.class, userIds);
    for (StorageOSUserDAO user : users) {
        Assert.assertTrue(user.getInactive());
        URIQueryResultList tokensForUser = new URIQueryResultList();
        _dbClient.queryByConstraint(ContainmentConstraint.Factory.getUserIdTokenConstraint(userId), tokensForUser);
        Assert.assertFalse(tokensForUser.iterator().hasNext());
    }
    // Test - expired token deleting
    userDAO = new StorageOSUserDAO();
    userDAO.setUserName("user1");
    String dt1 = _tokenManager.getToken(userDAO);
    TokenOnWire twdt1 = _encoder.decode(dt1);
    tokenObj = _dbClient.queryObject(Token.class, twdt1.getTokenId());
    Assert.assertNotNull(tokenObj);
    Assert.assertNotNull(tokenObj.getUserId());
    URI du1 = tokenObj.getUserId();
    userDAO = new StorageOSUserDAO();
    userDAO.setUserName("user2");
    String dt2 = _tokenManager.getToken(userDAO);
    TokenOnWire twdt2 = _encoder.decode(dt2);
    tokenObj = _dbClient.queryObject(Token.class, twdt2.getTokenId());
    Assert.assertNotNull(tokenObj);
    Assert.assertNotNull(tokenObj.getUserId());
    URI du2 = tokenObj.getUserId();
    Thread.sleep(3 * 60 * 1000);
    _tokenManager.runCleanupNow();
    tokenObj = _dbClient.queryObject(Token.class, twdt1.getTokenId());
    Assert.assertNull(tokenObj);
    tokenObj = _dbClient.queryObject(Token.class, twdt2.getTokenId());
    Assert.assertNull(tokenObj);
    userDAO = _dbClient.queryObject(StorageOSUserDAO.class, du1);
    Assert.assertTrue(userDAO.getInactive());
    userDAO = _dbClient.queryObject(StorageOSUserDAO.class, du2);
    Assert.assertTrue(userDAO.getInactive());
    // test limits
    userDAO = new StorageOSUserDAO();
    userDAO.setUserName("user1");
    for (int i = 0; i < 100; i++) {
        dt1 = _tokenManager.getToken(userDAO);
        twdt1 = _encoder.decode(dt1);
        tokenObj = _dbClient.queryObject(Token.class, twdt1.getTokenId());
        Assert.assertNotNull(tokenObj);
        Assert.assertNotNull(tokenObj.getUserId());
    }
    // next get, will throw limit exception
    try {
        dt1 = _tokenManager.getToken(userDAO);
        Assert.fail("The token limit is exceeded. The token for user1 should not be generated.");
    } catch (UnauthorizedException ex) {
        // this exception is an expected one.
        Assert.assertTrue(true);
    }
}
Also used : SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken) ProxyToken(com.emc.storageos.db.client.model.ProxyToken) Token(com.emc.storageos.db.client.model.Token) BaseToken(com.emc.storageos.db.client.model.BaseToken) URI(java.net.URI) ContainmentConstraint(com.emc.storageos.db.client.constraint.ContainmentConstraint) AlternateIdConstraint(com.emc.storageos.db.client.constraint.AlternateIdConstraint) UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException) IOException(java.io.IOException) URIQueryResultList(com.emc.storageos.db.client.constraint.URIQueryResultList) StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO) StringSet(com.emc.storageos.db.client.model.StringSet) UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException) TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire) Test(org.junit.Test)

Example 3 with UnauthorizedException

use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.

the class GeoServiceClient method rotateIpsecKey.

public void rotateIpsecKey(String peerVdcId, IpsecParam ipsecParam) {
    WebResource rRoot = createRequest(INTERVDC_IPSEC_KEY_ROTATION_URI);
    rRoot.accept(MediaType.APPLICATION_XML);
    try {
        addSignature(rRoot).post(ipsecParam);
    } catch (UnauthorizedException e) {
        throw GeoException.fatals.remoteVdcAuthorizationFailed(peerVdcId, e);
    } catch (GeoException e) {
        throw e;
    } catch (Exception e) {
        throw GeoException.fatals.failedToSedPostCheckRequest(peerVdcId, e);
    }
}
Also used : UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException) WebResource(com.sun.jersey.api.client.WebResource) UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)

Example 4 with UnauthorizedException

use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.

the class GeoServiceClient method changeIpsecStatus.

public void changeIpsecStatus(String peerVdcId, String status, String vdcConfigVersion) {
    WebResource rRoot = createRequest(INTERVDC_IPSEC_SERVICE).queryParam("status", status).queryParam("vdc_config_version", vdcConfigVersion);
    rRoot.accept(MediaType.APPLICATION_XML);
    try {
        addSignature(rRoot).post();
    } catch (UnauthorizedException e) {
        throw GeoException.fatals.remoteVdcAuthorizationFailed(peerVdcId, e);
    } catch (GeoException e) {
        throw e;
    } catch (Exception e) {
        throw GeoException.fatals.failedToSedPostCheckRequest(peerVdcId, e);
    }
}
Also used : UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException) WebResource(com.sun.jersey.api.client.WebResource) UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)

Example 5 with UnauthorizedException

use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.

the class GeoServiceClient method syncVdcConfigPreCheck.

/**
 * Check the VDC from a remote VDC.
 * 1. For disconnecting a vdc, check if there is another vdc that is under disconnecting.
 *
 * @param checkParam
 * @throws Exception
 */
public VdcPreCheckResponse2 syncVdcConfigPreCheck(VdcPreCheckParam2 checkParam, String vdcName) {
    WebResource rRoot;
    rRoot = createRequest(VDCCONFIG_PRECHECK2_URI);
    rRoot.accept(MediaType.APPLICATION_XML);
    try {
        return addSignature(rRoot).post(VdcPreCheckResponse2.class, checkParam);
    } catch (UnauthorizedException e) {
        throw GeoException.fatals.remoteVdcAuthorizationFailed(vdcName, e);
    } catch (GeoException e) {
        throw e;
    } catch (Exception e) {
        throw GeoException.fatals.failedToSendPreCheckRequest(vdcName, e);
    }
}
Also used : UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException) WebResource(com.sun.jersey.api.client.WebResource) UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)

Aggregations

UnauthorizedException (com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)15 WebResource (com.sun.jersey.api.client.WebResource)11 StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)4 TokenOnWire (com.emc.storageos.security.authentication.TokenOnWire)4 Test (org.junit.Test)4 SignedToken (com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)3 CassandraTokenManager (com.emc.storageos.auth.impl.CassandraTokenManager)2 CoordinatorClient (com.emc.storageos.coordinator.client.service.CoordinatorClient)2 DbClient (com.emc.storageos.db.client.DbClient)2 BaseToken (com.emc.storageos.db.client.model.BaseToken)2 ProxyToken (com.emc.storageos.db.client.model.ProxyToken)2 Token (com.emc.storageos.db.client.model.Token)2 Base64TokenEncoder (com.emc.storageos.security.authentication.Base64TokenEncoder)2 TokenKeyGenerator (com.emc.storageos.security.authentication.TokenKeyGenerator)2 TokenMaxLifeValuesHolder (com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)2 AlternateIdConstraint (com.emc.storageos.db.client.constraint.AlternateIdConstraint)1 ContainmentConstraint (com.emc.storageos.db.client.constraint.ContainmentConstraint)1 URIQueryResultList (com.emc.storageos.db.client.constraint.URIQueryResultList)1 StringSet (com.emc.storageos.db.client.model.StringSet)1 IOException (java.io.IOException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial