Examples with CerberusPrincipal com.nike.cerberus.security.CerberusPrincipal used on opensource projects

Search in sources :

Example 26 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseSensitive.

@Test
public void testDoesPrincipalHaveReadPermissionWithPrincipalTypeAndGroupsCaseSensitive() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(true);
    Set<String> userGroups = new HashSet<>();
    userGroups.add("userGroup1");
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
    Set<UserGroupPermission> userGroupPermissions = mockUserGroupPermissionWithName();
    Mockito.when(userGroupPermissionService.getUserGroupPermissions("sdbId")).thenReturn(userGroupPermissions);
    boolean hasPermission = permissionValidationService.doesPrincipalHaveReadPermission(cerberusPrincipal, "sdbId");
    Assert.assertTrue(hasPermission);
}
Also used : UserGroupPermission(com.nike.cerberus.domain.UserGroupPermission) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 27 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveOwnerPermissionsWithPrincipalTypeIAM.

@Test
public void testDoesPrincipalHaveOwnerPermissionsWithPrincipalTypeIAM() {
    PermissionValidationService permissionValidationService = createPermissionValidationServiceWithGroupCaseSensitive(false);
    SafeDepositBoxV2 safeDepositBoxV2 = mockSafeDepositBoxV2WithId("id");
    Mockito.when(safeDepositBoxService.getSafeDepositBoxDangerouslyWithoutPermissionValidation("sdbId")).thenReturn(safeDepositBoxV2);
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndName(PrincipalType.IAM, IAM_PRINCIPAL_ARN);
    String iamRootArn = "iamRootArn";
    Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRootArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRootArn);
    Mockito.when(awsIamRoleArnParser.isAssumedRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(true);
    String iamRoleArn = "iamRoleArn";
    Mockito.when(awsIamRoleArnParser.convertPrincipalArnToRoleArn(IAM_PRINCIPAL_ARN)).thenReturn(iamRoleArn);
    Mockito.when(permissionsDao.doesAssumedRoleHaveRoleForSdb(Mockito.eq("id"), Mockito.eq(IAM_PRINCIPAL_ARN), Mockito.eq(iamRoleArn), Mockito.eq(iamRootArn), Mockito.anySet())).thenReturn(true);
    boolean hasOwnerPermission = permissionValidationService.doesPrincipalHaveOwnerPermissions(cerberusPrincipal, "sdbId");
    Assert.assertTrue(hasOwnerPermission);
    Mockito.verify(awsIamRoleArnParser).convertPrincipalArnToRootArn(IAM_PRINCIPAL_ARN);
    Mockito.verify(awsIamRoleArnParser).isAssumedRoleArn(IAM_PRINCIPAL_ARN);
    Mockito.verify(awsIamRoleArnParser).convertPrincipalArnToRoleArn(IAM_PRINCIPAL_ARN);
    Mockito.verify(permissionsDao, Mockito.never()).doesIamPrincipalHaveRoleForSdb(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anySet());
}
Also used : SafeDepositBoxV2(com.nike.cerberus.domain.SafeDepositBoxV2) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) Test(org.junit.Test)

Example 28 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class PermissionValidationServiceTest method testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndHasPermission.

private void testDoesPrincipalHaveSdbPermissionsForActionWhenRequestAttributesWhenServletPathIsSecuredAndHasPermission() {
    PermissionValidationService permissionValidationService = Mockito.spy(createPermissionValidationServiceWithGroupCaseSensitive(false));
    RequestAttributes requestAttributes = mockServletRequestAttributesWithRequestWithServletPath("/v1/secret/1/2/3/4");
    Mockito.when(permissionValidationService.getRequestAttributesFromContext()).thenReturn(requestAttributes);
    Mockito.when(sdbAccessRequest.getCategory()).thenReturn("category");
    Mockito.when(sdbAccessRequest.getSdbSlug()).thenReturn("slug");
    Set<String> userGroups = new HashSet<>();
    userGroups.add("userGroup1");
    CerberusPrincipal cerberusPrincipal = mockCerberusPrincipalWithPrincipalTypeAndUserGroups(PrincipalType.USER, userGroups);
    Mockito.when(permissionValidationService.getCerberusPrincipalFromContext()).thenReturn(cerberusPrincipal);
    Mockito.when(safeDepositBoxService.getSafeDepositBoxIdByPath("category/slug/")).thenReturn(Optional.of("sdbId"));
    Mockito.when(permissionsDao.doesUserHavePermsForRoleAndSdbCaseInsensitive(Mockito.eq("sdbId"), Mockito.anySet(), Mockito.anySet())).thenReturn(true);
    boolean hasPermission = permissionValidationService.doesPrincipalHaveSdbPermissionsForAction("READ");
    Assert.assertTrue(hasPermission);
    Mockito.verify(sdbAccessRequest).setPrincipal(Mockito.any(CerberusPrincipal.class));
    Mockito.verify(sdbAccessRequest).setSdbId("sdbId");
}
Also used : ServletRequestAttributes(org.springframework.web.context.request.ServletRequestAttributes) RequestAttributes(org.springframework.web.context.request.RequestAttributes) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) HashSet(java.util.HashSet)

Example 29 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class AuthenticationServiceTest method tests_that_refreshUserToken_throws_access_denied_token_when_count_is_eq_or_greater_than_limit.

@Test
public void tests_that_refreshUserToken_throws_access_denied_token_when_count_is_eq_or_greater_than_limit() {
    CerberusPrincipal principal = mock(CerberusPrincipal.class);
    when(principal.getPrincipalType()).thenReturn(PrincipalType.USER);
    when(principal.getTokenRefreshCount()).thenReturn(MAX_LIMIT);
    Exception e = null;
    try {
        authenticationService.refreshUserToken(principal);
    } catch (Exception e2) {
        e = e2;
    }
    IsInstanceOf isInstanceOfException = new IsInstanceOf(ApiException.class);
    assertTrue(isInstanceOfException.matches(e));
    assertTrue(((ApiException) e).getApiErrors().contains(DefaultApiError.MAXIMUM_TOKEN_REFRESH_COUNT_REACHED));
}
Also used : IsInstanceOf(org.hamcrest.core.IsInstanceOf) CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) ApiException(com.nike.backstopper.exception.ApiException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) ApiException(com.nike.backstopper.exception.ApiException) Test(org.junit.Test)

Example 30 with CerberusPrincipal

use of com.nike.cerberus.security.CerberusPrincipal in project cerberus by Nike-Inc.

the class SecureDataControllerTest method testDeleteSecureData.

@Test
public void testDeleteSecureData() {
    Mockito.when(sdbAccessRequest.getSdbId()).thenReturn("sdbId");
    Mockito.when(sdbAccessRequest.getPath()).thenReturn("path");
    CerberusPrincipal cerberusPrincipal = Mockito.mock(CerberusPrincipal.class);
    Mockito.when(sdbAccessRequest.getPrincipal()).thenReturn(cerberusPrincipal);
    Mockito.when(cerberusPrincipal.getName()).thenReturn("name");
    secureDataController.deleteSecureData();
    Mockito.verify(secureDataService).deleteSecret("sdbId", "path", SecureDataType.OBJECT, "name");
}
Also used : CerberusPrincipal(com.nike.cerberus.security.CerberusPrincipal) Test(org.junit.Test)

Aggregations

CerberusPrincipal (com.nike.cerberus.security.CerberusPrincipal)33 Test (org.junit.Test)27 HashSet (java.util.HashSet)11 SafeDepositBoxV2 (com.nike.cerberus.domain.SafeDepositBoxV2)7 ApiException (com.nike.backstopper.exception.ApiException)4 UserGroupPermission (com.nike.cerberus.domain.UserGroupPermission)4 SafeDepositBoxSummary (com.nike.cerberus.domain.SafeDepositBoxSummary)3 RequestAttributes (org.springframework.web.context.request.RequestAttributes)3 ServletRequestAttributes (org.springframework.web.context.request.ServletRequestAttributes)3 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2 SafeDepositBoxRecord (com.nike.cerberus.record.SafeDepositBoxRecord)2 SuppressFBWarnings (edu.umd.cs.findbugs.annotations.SuppressFBWarnings)2 OffsetDateTime (java.time.OffsetDateTime)2 IsInstanceOf (org.hamcrest.core.IsInstanceOf)2 PrincipalType (com.nike.cerberus.PrincipalType)1 AuthResponse (com.nike.cerberus.auth.connector.AuthResponse)1 CerberusAuthToken (com.nike.cerberus.domain.CerberusAuthToken)1 PrincipalHasWritePermsForPath (com.nike.cerberus.security.PrincipalHasWritePermsForPath)1 ArrayList (java.util.ArrayList)1 HttpEntity (org.springframework.http.HttpEntity)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial