Example 1 with UserContext
use of com.epam.pipeline.security.UserContext in project cloud-pipeline by epam.
the class GrantPermissionManager method changeOwner.
@Transactional(propagation = Propagation.REQUIRED)
public AclSecuredEntry changeOwner(final Long id, final AclClass aclClass, final String userName) {
Assert.isTrue(StringUtils.isNotBlank(userName), "User name is required " + "to change owner of an object.");
final AbstractSecuredEntity entity = entityManager.load(aclClass, id);
final UserContext userContext = userManager.loadUserContext(userName);
Assert.notNull(userContext, String.format("The user with name %s doesn't exist.", userName));
if (entity.getOwner().equalsIgnoreCase(userName)) {
LOGGER.info("The resource you're trying to change owner is already owned by this user.");
return new AclSecuredEntry(entity);
}
aclService.changeOwner(entity, userName);
return new AclSecuredEntry(entityManager.changeOwner(aclClass, id, userName));
}
Also used :
UserContext(com.epam.pipeline.security.UserContext)
AbstractSecuredEntity(com.epam.pipeline.entity.AbstractSecuredEntity)
AclSecuredEntry(com.epam.pipeline.entity.security.acl.AclSecuredEntry)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 2 with UserContext
use of com.epam.pipeline.security.UserContext in project cloud-pipeline by epam.
the class AuthManager method createSchedulerSecurityContext.
/**
* @return A default UserContext for scheduled operations
*/
public SecurityContext createSchedulerSecurityContext() {
SecurityContext context = SecurityContextHolder.createEmptyContext();
UserContext userContext = new UserContext(defaultAdminId, defaultAdmin);
Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_ADMIN");
context.setAuthentication(new JwtAuthenticationToken(userContext, authorities));
return context;
}
Also used :
JwtAuthenticationToken(com.epam.pipeline.security.jwt.JwtAuthenticationToken)
UserContext(com.epam.pipeline.security.UserContext)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
SecurityContext(org.springframework.security.core.context.SecurityContext)
Example 3 with UserContext
use of com.epam.pipeline.security.UserContext in project cloud-pipeline by epam.
the class SAMLProxyFilter method authenticate.
private void authenticate(String samlResponse, Response decoded, String endpointId, ExternalServiceEndpoint endpoint) throws IOException, SAMLException {
try (FileReader metadataReader = new FileReader(new File(endpoint.getMetadataPath()))) {
CustomSamlClient client = CustomSamlClient.fromMetadata(endpointId, metadataReader, RESPONSE_SKEW);
client.setMaxAuthenticationAge(MAX_AUTHENTICATION_AGE);
SamlResponse parsedResponse = client.validate(decoded);
String userName = parsedResponse.getNameID().toUpperCase();
PipelineUser loadedUser = userManager.loadUserByName(userName);
if (loadedUser == null) {
throw new UsernameNotFoundException(messageHelper.getMessage(MessageConstants.ERROR_USER_NAME_NOT_FOUND, userName));
}
LOGGER.debug("Found user by name {}", userName);
UserContext userContext = new UserContext(loadedUser);
userContext.setExternal(endpoint.isExternal());
SecurityContextHolder.getContext().setAuthentication(new SAMLProxyAuthentication(samlResponse, parsedResponse, userContext));
}
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
PipelineUser(com.epam.pipeline.entity.user.PipelineUser)
UserContext(com.epam.pipeline.security.UserContext)
FileReader(java.io.FileReader)
SamlResponse(com.coveo.saml.SamlResponse)
File(java.io.File)
Example 4 with UserContext
use of com.epam.pipeline.security.UserContext in project cloud-pipeline by epam.
the class DockerRegistryManager method issueTokenForDockerRegistry.
/**
* Checks permissions for a requested docker registry and issues a valid JWT token,
* if action is allowed. Otherwise 401 code will be returned to registry. See documentation
* for details https://docs.docker.com/registry/spec/auth/token/#requesting-a-token
* @param userName requesting permission
* @param token provided by docker client, should be a valid Cloud Pipeline token
* @param dockerRegistryHost id of docker registry
* @param scope requested action in format
* 'scope=repository:samalba/my-app:push,repository:samalba/my-test:push'
* @return
*/
public JwtRawToken issueTokenForDockerRegistry(String userName, String token, String dockerRegistryHost, String scope) {
LOGGER.debug("Processing authorization request from registry {} for user {} and scope {}", dockerRegistryHost, userName, scope);
UserContext user = dockerAuthService.verifyTokenForDocker(userName, token, dockerRegistryHost);
DockerRegistry dockerRegistry = loadByNameOrId(dockerRegistryHost);
if (dockerRegistry == null) {
throw new DockerAuthorizationException(dockerRegistryHost, messageHelper.getMessage(MessageConstants.ERROR_REGISTRY_NOT_FOUND, dockerRegistryHost));
}
try {
List<DockerRegistryClaim> claims = parseAndValidateScope(userName, dockerRegistry, scope);
JwtRawToken jwtRawToken = dockerAuthService.issueDockerToken(user, dockerRegistryHost, claims);
LOGGER.debug("Successfully issued JWT token for registry {} user {} and scope {}", dockerRegistry, userName, scope);
return jwtRawToken;
} catch (IllegalArgumentException e) {
throw new DockerAuthorizationException(dockerRegistryHost, e.getMessage());
}
}
Also used :
DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry)
UserContext(com.epam.pipeline.security.UserContext)
DockerAuthorizationException(com.epam.pipeline.exception.docker.DockerAuthorizationException)
JwtRawToken(com.epam.pipeline.entity.security.JwtRawToken)
Example 5 with UserContext
use of com.epam.pipeline.security.UserContext in project cloud-pipeline by epam.
the class SAMLUserDetailsServiceImplTest method testLoadUserBySAMLWithCreation.
@Test
public void testLoadUserBySAMLWithCreation() {
user.setUserName(USER_NAME);
Mockito.when(userManager.loadUserByName(Matchers.anyString())).thenReturn(null);
Mockito.when(userManager.createUser(Matchers.anyString(), Matchers.anyListOf(Long.class), Matchers.anyListOf(String.class), Matchers.anyMapOf(String.class, String.class), Matchers.any())).thenReturn(user);
UserContext actualUserContext = userDetailsService.loadUserBySAML(credential);
Assert.assertEquals(expectedUserContext.getUsername(), actualUserContext.getUsername());
Assert.assertEquals(expectedUserContext.getGroups(), actualUserContext.getGroups());
}
Also used :
UserContext(com.epam.pipeline.security.UserContext)
Test(org.junit.Test)
AbstractSpringTest(com.epam.pipeline.AbstractSpringTest)
Aggregations
UserContext (com.epam.pipeline.security.UserContext)13
JwtRawToken (com.epam.pipeline.entity.security.JwtRawToken)3
PipelineUser (com.epam.pipeline.entity.user.PipelineUser)3
AbstractSpringTest (com.epam.pipeline.AbstractSpringTest)2
JwtTokenClaims (com.epam.pipeline.entity.security.JwtTokenClaims)2
Test (org.junit.Test)2
AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)2
UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)2
SamlResponse (com.coveo.saml.SamlResponse)1
AbstractSecuredEntity (com.epam.pipeline.entity.AbstractSecuredEntity)1
DockerRegistry (com.epam.pipeline.entity.pipeline.DockerRegistry)1
PipelineRun (com.epam.pipeline.entity.pipeline.PipelineRun)1
AclSecuredEntry (com.epam.pipeline.entity.security.acl.AclSecuredEntry)1
AclSid (com.epam.pipeline.entity.security.acl.AclSid)1
DockerAuthorizationException (com.epam.pipeline.exception.docker.DockerAuthorizationException)1
JwtAuthenticationToken (com.epam.pipeline.security.jwt.JwtAuthenticationToken)1
File (java.io.File)1
FileReader (java.io.FileReader)1
ArrayList (java.util.ArrayList)1
EnumMap (java.util.EnumMap)1
