Search in sources :

Example 1 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class AuthorizationsUtilTest method initialize.

@Before
public void initialize() {
    System.setProperty(NpeUtils.NPE_OU_PROPERTY, "iamnotaperson");
    methodAuths = "A,C";
    userAuths = new HashSet<>();
    userAuths.add(Sets.newHashSet("A", "C", "D"));
    userAuths.add(Sets.newHashSet("A", "B", "E"));
    SubjectIssuerDNPair userDN = SubjectIssuerDNPair.of(USER_DN, ISSUER_DN);
    SubjectIssuerDNPair p1dn = SubjectIssuerDNPair.of("entity1UserDN", "entity1IssuerDN");
    SubjectIssuerDNPair p2dn = SubjectIssuerDNPair.of("entity2UserDN", "entity2IssuerDN");
    SubjectIssuerDNPair p3dn = SubjectIssuerDNPair.of("entity3UserDN", "entity3IssuerDN");
    DatawaveUser user = new DatawaveUser(userDN, UserType.USER, Sets.newHashSet("A", "C", "D"), null, null, System.currentTimeMillis());
    DatawaveUser p1 = new DatawaveUser(p1dn, UserType.SERVER, Sets.newHashSet("A", "B", "E"), null, null, System.currentTimeMillis());
    DatawaveUser p2 = new DatawaveUser(p2dn, UserType.SERVER, Sets.newHashSet("A", "F", "G"), null, null, System.currentTimeMillis());
    DatawaveUser p3 = new DatawaveUser(p3dn, UserType.SERVER, Sets.newHashSet("A", "B", "G"), null, null, System.currentTimeMillis());
    proxiedUserPrincipal = new DatawavePrincipal(Lists.newArrayList(user, p1, p2));
    proxiedServerPrincipal1 = new DatawavePrincipal(Lists.newArrayList(p1, p3));
    proxiedServerPrincipal2 = new DatawavePrincipal(Lists.newArrayList(p1, p2, p3));
}
Also used : SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) DatawaveUser(datawave.security.authorization.DatawaveUser) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) Before(org.junit.Before)

Example 2 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class DatawaveRoleManagerTest method createAndSetWithSingleRole.

private void createAndSetWithSingleRole() {
    String dn = "dn1";
    String issuerDN = "idn";
    SubjectIssuerDNPair combinedDN = SubjectIssuerDNPair.of(dn, issuerDN);
    Collection<String> roles = Lists.newArrayList("REQ_ROLE_1");
    DatawaveUser user = new DatawaveUser(combinedDN, UserType.USER, null, roles, null, System.currentTimeMillis());
    datawavePrincipal = new DatawavePrincipal(Lists.newArrayList(user));
}
Also used : SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) DatawaveUser(datawave.security.authorization.DatawaveUser) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)

Example 3 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class DatawaveRoleManagerTest method createAndSetWithTwoRoles.

private void createAndSetWithTwoRoles() {
    String dn = "dn1";
    String issuerDN = "idn";
    SubjectIssuerDNPair combinedDn1 = SubjectIssuerDNPair.of(dn, issuerDN);
    String combinedDN = dn + "<" + issuerDN + ">";
    String dn2 = "dn2";
    String combinedDN2 = dn2 + "<" + issuerDN + ">";
    SubjectIssuerDNPair combinedDn2 = SubjectIssuerDNPair.of(dn2, issuerDN);
    DatawaveUser u1 = new DatawaveUser(combinedDn1, UserType.USER, null, getFirstRole(), null, System.currentTimeMillis());
    DatawaveUser u2 = new DatawaveUser(combinedDn2, UserType.SERVER, null, getSecondRole(), null, System.currentTimeMillis());
    datawavePrincipal = new DatawavePrincipal(Lists.newArrayList(u1, u2));
}
Also used : SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) DatawaveUser(datawave.security.authorization.DatawaveUser) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal)

Example 4 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testCreateQuery_auditException.

@Test(expected = DatawaveWebApplicationException.class)
public void testCreateQuery_auditException() throws Exception {
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 999999);
    int pagesize = 10;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    boolean trace = false;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userDN";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    List<String> dnList = Collections.singletonList(userDN);
    UUID queryId = UUID.randomUUID();
    long pageNumber = 0L;
    HashMap<String, Collection<String>> authsMap = new HashMap<>();
    authsMap.put("USERDN", Arrays.asList(queryAuthorizations));
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
    queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
    queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
    queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
    queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
    queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
    queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
    queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
    queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
    queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
    queryParameters.putSingle("valid", "param");
    expect(context.getCallerPrincipal()).andReturn(principal).anyTimes();
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    queryLogic1.validate(queryParameters);
    expect(principal.getName()).andReturn(userName);
    expect(principal.getShortName()).andReturn(userSid);
    expect(principal.getUserDN()).andReturn(userDNpair);
    expect(principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
    expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.ACTIVE);
    expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
    expect(this.queryLogic1.getMaxPageSize()).andReturn(10).anyTimes();
    expect(queryLogic1.getSelectors(null)).andReturn(null);
    expect(auditor.audit(queryParameters)).andThrow(new JMSRuntimeException("EXPECTED TESTING EXCEPTION"));
    queryLogic1.close();
    PowerMock.replayAll();
    QueryExecutorBean executor = new QueryExecutorBean();
    setInternalState(executor, EJBContext.class, context);
    setInternalState(executor, AccumuloConnectionFactory.class, connectionFactory);
    setInternalState(executor, ResponseObjectFactory.class, responseObjectFactory);
    setInternalState(executor, CreatedQueryLogicCacheBean.class, qlCache);
    setInternalState(executor, QueryCache.class, cache);
    setInternalState(executor, ClosedQueryCache.class, closedCache);
    setInternalState(executor, Persister.class, persister);
    setInternalState(executor, QueryLogicFactoryImpl.class, queryLogicFactory);
    setInternalState(executor, QueryExpirationConfiguration.class, queryExpirationConf);
    setInternalState(executor, AuditBean.class, auditor);
    setInternalState(executor, QueryMetricsBean.class, metrics);
    setInternalState(executor, Multimap.class, traceInfos);
    setInternalState(executor, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
    setInternalState(executor, QueryParameters.class, new QueryParametersImpl());
    setInternalState(executor, QueryMetricFactory.class, new QueryMetricFactoryImpl());
    setInternalState(connectionRequestBean, EJBContext.class, context);
    setInternalState(executor, AccumuloConnectionRequestBean.class, connectionRequestBean);
    executor.createQuery(queryLogicName, queryParameters);
    PowerMock.verifyAll();
}
Also used : SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) HashMap(java.util.HashMap) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) ArrayList(java.util.ArrayList) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) QueryPersistence(datawave.webservice.query.QueryPersistence) Collection(java.util.Collection) UUID(java.util.UUID) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) JMSRuntimeException(javax.jms.JMSRuntimeException) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 5 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testDefineQuery_UncheckedException.

@SuppressWarnings({ "unchecked", "rawtypes" })
@Test(expected = IllegalArgumentException.class)
public void testDefineQuery_UncheckedException() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 10000);
    int pagesize = 10;
    int pageTimeout = -1;
    Long maxResultsOverride = null;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userdn";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    boolean trace = false;
    List<String> dnList = Collections.singletonList(userDN);
    UUID queryId = UUID.randomUUID();
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putAll(QueryParametersImpl.paramsToMap(null, query, queryName, queryVisibility, beginDate, endDate, queryAuthorizations, expirationDate, pagesize, pageTimeout, maxResultsOverride, persistenceMode, null, trace));
    queryParameters.putSingle("valid", "param");
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
    // Set expectations
    queryLogic1.validate(queryParameters);
    expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0));
    expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
    expect(this.principal.getUserDN()).andReturn(userDNpair);
    expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
    expect(this.query.getId()).andReturn(queryId).times(3);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.queryLogic1.getMaxPageSize()).andReturn(100).times(2);
    expect(this.traceInfos.get(userSid)).andReturn(new ArrayList<>(0));
    expect(this.traceInfos.get(null)).andReturn(Arrays.asList(PatternWrapper.wrap(query)));
    PowerMock.mockStaticPartial(Trace.class, "start");
    expect(Trace.start("query:define")).andReturn(this.span);
    expect(this.queryLogic1.getConnectionPriority()).andThrow(ILLEGAL_STATE_EXCEPTION);
    // TODO: 1.8.1: no longer done
    // expect(this.span.parent()).andReturn(this.span);
    // expect(this.span.parent()).andReturn(this.span);
    this.span.stop();
    // Run the test
    PowerMock.replayAll();
    try {
        QueryExecutorBean subject = new QueryExecutorBean();
        setInternalState(subject, EJBContext.class, context);
        setInternalState(subject, Persister.class, persister);
        setInternalState(subject, QueryLogicFactory.class, queryLogicFactory);
        setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
        setInternalState(subject, Multimap.class, traceInfos);
        setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
        setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
        setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
        subject.defineQuery(queryLogicName, queryParameters);
    } finally {
        PowerMock.verifyAll();
    }
}
Also used : SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) QueryPersistence(datawave.webservice.query.QueryPersistence) UUID(java.util.UUID) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Aggregations

SubjectIssuerDNPair (datawave.security.authorization.SubjectIssuerDNPair)29 Test (org.junit.Test)18 QueryMetricFactoryImpl (datawave.microservice.querymetric.QueryMetricFactoryImpl)13 DatawaveUser (datawave.security.authorization.DatawaveUser)13 Date (java.util.Date)13 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)13 DatawavePrincipal (datawave.security.authorization.DatawavePrincipal)12 QueryParametersImpl (datawave.webservice.query.QueryParametersImpl)12 QueryPersistence (datawave.webservice.query.QueryPersistence)12 MultivaluedMapImpl (org.jboss.resteasy.specimpl.MultivaluedMapImpl)12 ColumnVisibilitySecurityMarking (datawave.marking.ColumnVisibilitySecurityMarking)11 UUID (java.util.UUID)11 QueryParameters (datawave.webservice.query.QueryParameters)10 ArrayList (java.util.ArrayList)10 Collection (java.util.Collection)9 HashMap (java.util.HashMap)7 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)7 NoResultsQueryException (datawave.webservice.query.exception.NoResultsQueryException)6 HashSet (java.util.HashSet)6 Set (java.util.Set)6