use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.
the class DatawavePrincipalLoginModuleTest method testGetRoleSetsLeavesRequiredRoles.
@Test
public void testGetRoleSetsLeavesRequiredRoles() throws Exception {
// Proxied entities has the original user DN, plus it came through a server and
// the request is being made by a second server. Make sure that the resulting
// principal has all 3 server DNs in its list, and the user DN is not one of the
// server DNs.
String issuerDN = DnUtils.normalizeDN(testServerCert.getIssuerDN().getName());
String serverDN = DnUtils.normalizeDN("CN=testServer.example.com, OU=iamnotaperson, OU=acme");
SubjectIssuerDNPair server1 = SubjectIssuerDNPair.of(serverDN, issuerDN);
String otherServerDN = DnUtils.normalizeDN("CN=otherServer.example.com, OU=iamnotaperson, OU=acme");
SubjectIssuerDNPair server2 = SubjectIssuerDNPair.of(otherServerDN, issuerDN);
String proxiedSubjects = "<" + serverDN + "><" + otherServerDN + "><" + userDN.subjectDN() + ">";
String proxiedIssuers = "<" + issuerDN + "><" + issuerDN + "><" + userDN.issuerDN() + ">";
DatawaveCredential datawaveCredential = new DatawaveCredential(testServerCert, proxiedSubjects, proxiedIssuers);
callbackHandler.name = datawaveCredential.getUserName();
callbackHandler.credential = datawaveCredential;
List<String> userRoles = Arrays.asList("Role1", "AuthorizedUser");
List<String> s1Roles = Arrays.asList("Role2", "AuthorizedServer");
List<String> s2Roles = Arrays.asList("Role3", "OtherRequiredRole");
DatawaveUser user = new DatawaveUser(userDN, UserType.USER, null, userRoles, null, System.currentTimeMillis());
DatawaveUser s1 = new DatawaveUser(server1, UserType.SERVER, null, s1Roles, null, System.currentTimeMillis());
DatawaveUser s2 = new DatawaveUser(server2, UserType.SERVER, null, s2Roles, null, System.currentTimeMillis());
DatawavePrincipal expected = new DatawavePrincipal(Lists.newArrayList(user, s1, s2));
expect(securityDomain.getKeyStore()).andReturn(serverKeystore);
expect(securityDomain.getTrustStore()).andReturn(truststore);
expect(datawaveUserService.lookup(datawaveCredential.getEntities())).andReturn(expected.getProxiedUsers());
replayAll();
boolean success = datawaveLoginModule.login();
assertTrue("Login did not succeed.", success);
assertEquals(userDN, expected.getUserDN());
Group[] roleSets = datawaveLoginModule.getRoleSets();
assertEquals(2, roleSets.length);
assertEquals("Roles", roleSets[0].getName());
List<String> groupSetRoles = Collections.list(roleSets[0].members()).stream().map(Principal::getName).collect(Collectors.toList());
assertEquals(Lists.newArrayList("Role1", "AuthorizedUser"), groupSetRoles);
verifyAll();
}
use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.
the class ExtendedQueryExecutorBeanTest method testCreateQueryAndNext_ButNoResults.
@SuppressWarnings({ "rawtypes", "unchecked" })
@Test(expected = NoResultsException.class)
public void testCreateQueryAndNext_ButNoResults() throws Exception {
// Set local test input
String queryLogicName = "queryLogicName";
String query = "query";
String queryName = "queryName";
String queryVisibility = "A&B";
long currentTime = System.currentTimeMillis();
Date beginDate = new Date(currentTime - 5000);
Date endDate = new Date(currentTime - 1000);
String queryAuthorizations = "AUTH_1";
Date expirationDate = new Date(currentTime + 999999);
int pagesize = 10;
int pageTimeout = -1;
QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
boolean trace = false;
String userName = "userName";
String userSid = "userSid";
String userDN = "userdn";
SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
List<String> dnList = Collections.singletonList(userDN);
UUID queryId = UUID.randomUUID();
long pageNumber = 0L;
HashMap<String, Collection<String>> authsMap = new HashMap<>();
authsMap.put("userdn", Arrays.asList(queryAuthorizations));
MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
queryParameters.putSingle("valid", "param");
ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
marking.validate(queryParameters);
QueryParameters qp = new QueryParametersImpl();
qp.validate(queryParameters);
MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
op.putAll(qp.getUnknownParameters(queryParameters));
op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
// Set expectations of the create logic
queryLogic1.validate(queryParameters);
expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
expect(this.queryLogic1.getMaxPageSize()).andReturn(1000).times(2);
expect(this.queryLogic1.getConnPoolName()).andReturn("connPool1");
expect(this.context.getCallerPrincipal()).andReturn(this.principal);
expect(this.principal.getName()).andReturn(userName);
expect(this.principal.getShortName()).andReturn(userSid);
expect(this.principal.getUserDN()).andReturn(userDNpair);
expect(this.principal.getDNs()).andReturn(new String[] { userDN });
expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.NONE);
expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
expect(this.principal.getPrimaryUser()).andReturn(dwUser);
expect(this.dwUser.getAuths()).andReturn(Collections.singleton(queryAuthorizations));
expect(this.principal.getProxiedUsers()).andReturn(Collections.singletonList(dwUser));
expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
expect(this.queryLogic1.getAuditType(this.query)).andReturn(AuditType.NONE);
expect(this.queryLogic1.getConnectionPriority()).andReturn(Priority.NORMAL);
expect(this.connectionFactory.getTrackingMap(isA(StackTraceElement[].class))).andReturn(null);
expect(this.traceInfos.get(userSid)).andReturn(new ArrayList<>(0));
expect(this.traceInfos.get(null)).andReturn(Arrays.asList(PatternWrapper.wrap("NONMATCHING_REGEX")));
expect(this.qlCache.add(queryId.toString(), userSid, this.queryLogic1, this.connector)).andReturn(true);
expect(this.queryLogic1.getCollectQueryMetrics()).andReturn(true);
expect(this.query.getOwner()).andReturn(userSid).anyTimes();
expect(this.query.getId()).andReturn(queryId).anyTimes();
expect(this.query.getQuery()).andReturn(queryName).anyTimes();
expect(this.query.getQueryLogicName()).andReturn(queryLogicName).anyTimes();
expect(this.query.getBeginDate()).andReturn(null).anyTimes();
expect(this.query.getEndDate()).andReturn(null).anyTimes();
expect(this.query.getQueryAuthorizations()).andReturn(queryAuthorizations).anyTimes();
expect(this.query.getQueryName()).andReturn(null).anyTimes();
expect(this.query.getColumnVisibility()).andReturn(null).anyTimes();
expect(this.query.getPagesize()).andReturn(0).anyTimes();
expect(this.query.getPageTimeout()).andReturn(-1).anyTimes();
expect(this.query.getExpirationDate()).andReturn(null).anyTimes();
expect(this.query.getParameters()).andReturn((Set) Collections.emptySet()).anyTimes();
expect(this.query.getUncaughtExceptionHandler()).andReturn(new QueryUncaughtExceptionHandler()).anyTimes();
this.metrics.updateMetric(isA(QueryMetric.class));
PowerMock.expectLastCall().times(2);
expect(this.query.getUserDN()).andReturn(userDN).anyTimes();
expect(this.query.getDnList()).andReturn(dnList).anyTimes();
expect(this.queryLogic1.getResultLimit(dnList)).andReturn(-1L);
expect(this.queryLogic1.getMaxResults()).andReturn(-1L);
expect(this.queryLogic1.initialize(eq(this.connector), eq(this.query), isA(Set.class))).andReturn(this.genericConfiguration);
this.queryLogic1.setupQuery(this.genericConfiguration);
expect(this.queryLogic1.getTransformIterator(this.query)).andReturn(this.transformIterator);
expect(this.genericConfiguration.getQueryString()).andReturn(queryName).once();
this.cache.put(eq(queryId.toString()), isA(RunningQuery.class));
expect(this.qlCache.poll(queryId.toString())).andReturn(null);
// Set expectations of the next logic
expect(this.principal.getName()).andReturn(userName);
expect(this.principal.getShortName()).andReturn(userSid);
expect(this.context.getUserTransaction()).andReturn(this.transaction).anyTimes();
this.transaction.begin();
expect(this.cache.get(queryId.toString())).andReturn(this.runningQuery);
expect(cache.lock(queryId.toString())).andReturn(true);
expect(this.runningQuery.getSettings()).andReturn(this.query).anyTimes();
this.connectionRequestBean.requestBegin(queryId.toString());
expect(this.runningQuery.getConnection()).andReturn(this.connector);
this.connectionRequestBean.requestEnd(queryId.toString());
this.runningQuery.setActiveCall(true);
expectLastCall();
expect(this.runningQuery.getTraceInfo()).andReturn(this.traceInfo);
expect(this.runningQuery.next()).andReturn(this.resultsPage);
expect(this.runningQuery.getLastPageNumber()).andReturn(pageNumber);
expect(this.runningQuery.getLogic()).andReturn((QueryLogic) this.queryLogic1).times(2);
expect(this.queryLogic1.getTransformer(this.query)).andReturn(this.transformer);
expect(this.transformer.createResponse(this.resultsPage)).andReturn(this.baseResponse);
expect(this.resultsPage.getResults()).andReturn(new ArrayList<>(0)).times(2);
this.baseResponse.setHasResults(false);
this.baseResponse.setPageNumber(pageNumber);
expect(this.queryLogic1.getLogicName()).andReturn(queryLogicName);
this.baseResponse.setLogicName(queryLogicName);
this.baseResponse.setQueryId(queryId.toString());
expect(this.runningQuery.getMetric()).andReturn(this.queryMetric).times(2);
this.runningQuery.setActiveCall(false);
expectLastCall();
this.queryMetric.setProxyServers(eq(new ArrayList<>(0)));
this.baseResponse.addException(isA(NoResultsQueryException.class));
expect(this.runningQuery.getLogic()).andReturn((QueryLogic) this.queryLogic1);
expect(this.queryLogic1.getCollectQueryMetrics()).andReturn(true);
this.metrics.updateMetric(this.queryMetric);
cache.unlock(queryId.toString());
this.transaction.setRollbackOnly();
expect(this.transaction.getStatus()).andReturn(Status.STATUS_ACTIVE).anyTimes();
this.transaction.commit();
// Set expectations
expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
expect(this.principal.getName()).andReturn(userName);
expect(this.principal.getShortName()).andReturn(userSid).times(2);
expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
expect(this.connectionRequestBean.cancelConnectionRequest(queryId.toString(), this.principal)).andReturn(false);
expect(this.qlCache.pollIfOwnedBy(queryId.toString(), userSid)).andReturn(null);
expect(this.cache.get(queryId.toString())).andReturn(this.runningQuery);
expect(this.connectionFactory.getConnection("connPool1", Priority.NORMAL, null)).andReturn(this.connector);
this.runningQuery.closeConnection(this.connectionFactory);
this.cache.remove(queryId.toString());
this.closedCache.add(queryId.toString());
this.closedCache.remove(queryId.toString());
expect(this.runningQuery.getTraceInfo()).andReturn(null);
expect(this.responseObjectFactory.getEventQueryResponse()).andReturn(new DefaultEventQueryResponse());
// Run the test
PowerMock.replayAll();
try {
QueryExecutorBean subject = new QueryExecutorBean();
setInternalState(subject, EJBContext.class, context);
setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
setInternalState(subject, QueryCache.class, cache);
setInternalState(subject, ClosedQueryCache.class, closedCache);
setInternalState(subject, Persister.class, persister);
setInternalState(subject, QueryLogicFactory.class, queryLogicFactory);
setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
setInternalState(subject, AuditBean.class, auditor);
setInternalState(subject, QueryMetricsBean.class, metrics);
setInternalState(subject, Multimap.class, traceInfos);
setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
setInternalState(connectionRequestBean, EJBContext.class, context);
setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
subject.createQueryAndNext(queryLogicName, queryParameters);
} finally {
PowerMock.verifyAll();
}
}
use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.
the class ExtendedQueryExecutorBeanTest method testPlanQuery.
@Test
public void testPlanQuery() throws Exception {
// Set local test input
String queryLogicName = "queryLogicName";
String query = "query";
String queryName = "queryName";
String queryVisibility = "A&B";
long currentTime = System.currentTimeMillis();
Date beginDate = new Date(currentTime - 5000);
Date endDate = new Date(currentTime - 1000);
String queryAuthorizations = "AUTH_1";
Date expirationDate = new Date(currentTime + 999999);
int pagesize = 10;
int pageTimeout = -1;
QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
boolean trace = false;
String userName = "userName";
String userSid = "userSid";
String userDN = "userdn";
SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
List<String> dnList = Collections.singletonList(userDN);
UUID queryId = UUID.randomUUID();
HashMap<String, Collection<String>> authsMap = new HashMap<>();
authsMap.put("userdn", Arrays.asList(queryAuthorizations));
MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
queryParameters.putSingle("valid", "param");
ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
marking.validate(queryParameters);
QueryParameters qp = new QueryParametersImpl();
qp.validate(queryParameters);
MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
op.putAll(qp.getUnknownParameters(queryParameters));
op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
// Set expectations of the create logic
queryLogic1.validate(queryParameters);
expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
expect(this.queryLogic1.getMaxPageSize()).andReturn(1000).times(2);
expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
expect(this.principal.getName()).andReturn(userName);
expect(this.principal.getShortName()).andReturn(userSid);
expect(this.principal.getUserDN()).andReturn(userDNpair);
expect(this.principal.getDNs()).andReturn(new String[] { userDN });
expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.PASSIVE);
expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
expect(this.queryLogic1.getAuditType(this.query)).andReturn(AuditType.PASSIVE);
expect(this.queryLogic1.getConnectionPriority()).andReturn(Priority.NORMAL);
expect(this.queryLogic1.getConnPoolName()).andReturn("connPool1");
expect(this.connectionFactory.getTrackingMap(isA(StackTraceElement[].class))).andReturn(null);
this.connectionRequestBean.requestBegin(queryId.toString());
expect(this.connectionFactory.getConnection("connPool1", Priority.NORMAL, null)).andReturn(this.connector);
this.connectionRequestBean.requestEnd(queryId.toString());
expect(this.principal.getPrimaryUser()).andReturn(dwUser);
expect(this.dwUser.getAuths()).andReturn(Collections.singleton(queryAuthorizations));
expect(this.principal.getProxiedUsers()).andReturn(Collections.singletonList(dwUser));
expect(this.query.getOwner()).andReturn(userSid).anyTimes();
expect(this.query.getId()).andReturn(queryId).anyTimes();
expect(this.query.getQuery()).andReturn(queryName).anyTimes();
expect(this.query.getQueryLogicName()).andReturn(queryLogicName).anyTimes();
expect(this.query.getBeginDate()).andReturn(null).anyTimes();
expect(this.query.getEndDate()).andReturn(null).anyTimes();
expect(this.query.getColumnVisibility()).andReturn(null).anyTimes();
expect(this.query.getQueryAuthorizations()).andReturn(queryAuthorizations).anyTimes();
expect(this.query.getQueryName()).andReturn(null).anyTimes();
expect(this.query.getPagesize()).andReturn(0).anyTimes();
expect(this.query.getExpirationDate()).andReturn(null).anyTimes();
expect(this.query.getParameters()).andReturn((Set) Collections.emptySet()).anyTimes();
expect(this.query.getUncaughtExceptionHandler()).andReturn(new QueryUncaughtExceptionHandler()).anyTimes();
expect(this.query.getUserDN()).andReturn(userDN).anyTimes();
// Set expectations of the plan
Authorizations queryAuths = new Authorizations(queryAuthorizations);
expect(this.queryLogic1.getPlan(this.connector, this.query, Collections.singleton(queryAuths), true, false)).andReturn("a query plan");
// Set expectations of the cleanup
this.connectionFactory.returnConnection(this.connector);
EasyMock.expectLastCall().times(2);
queryLogic1.close();
EasyMock.expectLastCall();
// Run the test
PowerMock.replayAll();
QueryExecutorBean subject = new QueryExecutorBean();
setInternalState(subject, EJBContext.class, context);
setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
setInternalState(subject, QueryCache.class, cache);
setInternalState(subject, ClosedQueryCache.class, closedCache);
setInternalState(subject, Persister.class, persister);
setInternalState(subject, QueryLogicFactoryImpl.class, queryLogicFactory);
setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
setInternalState(subject, AuditBean.class, auditor);
setInternalState(subject, QueryMetricsBean.class, metrics);
setInternalState(subject, Multimap.class, traceInfos);
setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
setInternalState(connectionRequestBean, EJBContext.class, context);
setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
GenericResponse<String> result1 = subject.planQuery(queryLogicName, queryParameters);
PowerMock.verifyAll();
// Verify results
assertNotNull("Expected a non-null response", result1);
assertEquals("a query plan", result1.getResult());
}
use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.
the class ExtendedQueryExecutorBeanTest method testCreateQueryAndNext_AddToCacheException.
@SuppressWarnings({ "rawtypes", "unchecked" })
@Test
public void testCreateQueryAndNext_AddToCacheException() throws Exception {
// Set local test input
String queryLogicName = "queryLogicName";
String query = "query";
String queryName = "queryName";
String queryVisibility = "A&B";
long currentTime = System.currentTimeMillis();
Date beginDate = new Date(currentTime - 5000);
Date endDate = new Date(currentTime - 1000);
String queryAuthorizations = "AUTH_1";
Date expirationDate = new Date(currentTime + 9999);
int pagesize = 10;
int pageTimeout = -1;
QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
boolean trace = false;
String userName = "userName";
String userSid = "userSid";
String userDN = "userDN";
SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
List<String> dnList = Collections.singletonList(userDN);
UUID queryId = UUID.randomUUID();
MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
queryParameters.putSingle("valid", "param");
queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
marking.validate(queryParameters);
QueryParameters qp = new QueryParametersImpl();
qp.validate(queryParameters);
MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
op.putAll(qp.getUnknownParameters(queryParameters));
// op.putSingle(PrivateAuditConstants.AUDIT_TYPE, AuditType.ACTIVE.name());
op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
// Set expectations
expect(context.getCallerPrincipal()).andReturn(principal);
queryLogic1.validate(queryParameters);
expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
expect(this.queryLogic1.getMaxPageSize()).andReturn(1000).times(2);
expect(this.context.getCallerPrincipal()).andReturn(this.principal);
expect(this.principal.getName()).andReturn(userName);
expect(this.principal.getShortName()).andReturn(userSid);
expect(this.principal.getUserDN()).andReturn(userDNpair);
expect(this.principal.getDNs()).andReturn(new String[] { userDN });
expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0));
expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.ACTIVE);
expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
expect(this.queryLogic1.getAuditType(this.query)).andReturn(AuditType.ACTIVE);
expect(this.queryLogic1.getSelectors(this.query)).andReturn(null);
expect(auditor.audit(eq(queryParameters))).andReturn(null);
expect(this.queryLogic1.getConnectionPriority()).andReturn(Priority.NORMAL);
expect(this.queryLogic1.getConnPoolName()).andReturn("connPool1");
expect(this.connectionFactory.getTrackingMap(isA(StackTraceElement[].class))).andReturn(null);
this.connectionRequestBean.requestBegin(queryId.toString());
expect(this.connectionFactory.getConnection("connPool1", Priority.NORMAL, null)).andReturn(this.connector);
this.connectionRequestBean.requestEnd(queryId.toString());
expect(this.traceInfos.get(userSid)).andReturn(Arrays.asList(PatternWrapper.wrap(query)));
expect(this.qlCache.add(queryId.toString(), userSid, this.queryLogic1, this.connector)).andThrow(new IllegalStateException("INTENTIONALLY THROWN TEST EXCEPTION: PROBLEM ADDING QUERY LOGIC TO CACHE"));
this.queryLogic1.close();
this.connectionFactory.returnConnection(this.connector);
PowerMock.expectLastCall().andThrow(new IOException("INTENTIONALLY THROWN 2ND-LEVEL TEST EXCEPTION"));
this.persister.remove(this.query);
PowerMock.expectLastCall().andThrow(new IOException("INTENTIONALLY THROWN 3RD-LEVEL TEST EXCEPTION"));
expect(this.query.getId()).andReturn(queryId).anyTimes();
expect(this.qlCache.poll(queryId.toString())).andReturn(null);
// Run the test
PowerMock.replayAll();
QueryExecutorBean subject = new QueryExecutorBean();
setInternalState(subject, EJBContext.class, context);
setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
setInternalState(subject, Persister.class, persister);
setInternalState(subject, QueryLogicFactory.class, queryLogicFactory);
setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
setInternalState(subject, AuditBean.class, auditor);
setInternalState(subject, Multimap.class, traceInfos);
setInternalState(subject, SecurityMarking.class, marking);
setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
setInternalState(connectionRequestBean, EJBContext.class, context);
setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
Throwable result1 = null;
try {
subject.createQueryAndNext(queryLogicName, queryParameters);
} catch (DatawaveWebApplicationException e) {
result1 = e.getCause();
}
PowerMock.verifyAll();
// Verify results
assertTrue("QueryException expected to have been thrown", result1 instanceof QueryException);
assertEquals("Exception expected to have been caused by problem adding query logic to cache", "500-7", ((QueryException) result1).getErrorCode());
}
use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.
the class ExtendedQueryExecutorBeanTest method testPlanQuery_userNotInAllowedDNs.
@Test
public void testPlanQuery_userNotInAllowedDNs() throws Exception {
// Set local test input
String queryLogicName = "queryLogicName";
String query = "query";
String queryName = "queryName";
String queryVisibility = "A&B";
long currentTime = System.currentTimeMillis();
Date beginDate = new Date(currentTime - 5000);
Date endDate = new Date(currentTime - 1000);
String queryAuthorizations = "AUTH_1";
Date expirationDate = new Date(currentTime + 999999);
int pagesize = 10;
int pageTimeout = -1;
QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
boolean trace = false;
String userName = "userName";
String userSid = "userSid";
String userDN = "userdn";
SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
queryParameters.putSingle("valid", "param");
ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
marking.validate(queryParameters);
QueryParameters qp = new QueryParametersImpl();
qp.validate(queryParameters);
MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
op.putAll(qp.getUnknownParameters(queryParameters));
op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
// Set expectations of the create logic
queryLogic1.validate(queryParameters);
expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
expect(this.principal.getName()).andReturn(userName);
expect(this.principal.getShortName()).andReturn(userSid);
expect(this.principal.getUserDN()).andReturn(userDNpair);
expect(this.principal.getDNs()).andReturn(new String[] { userDN });
expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(false);
// Run the test
PowerMock.replayAll();
QueryExecutorBean subject = new QueryExecutorBean();
setInternalState(subject, EJBContext.class, context);
setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
setInternalState(subject, QueryCache.class, cache);
setInternalState(subject, ClosedQueryCache.class, closedCache);
setInternalState(subject, Persister.class, persister);
setInternalState(subject, QueryLogicFactoryImpl.class, queryLogicFactory);
setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
setInternalState(subject, AuditBean.class, auditor);
setInternalState(subject, QueryMetricsBean.class, metrics);
setInternalState(subject, Multimap.class, traceInfos);
setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
setInternalState(connectionRequestBean, EJBContext.class, context);
setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
Throwable result1 = null;
try {
subject.planQuery(queryLogicName, queryParameters);
} catch (DatawaveWebApplicationException e) {
result1 = e.getCause();
}
PowerMock.verifyAll();
// Verify results
assertTrue("QueryException expected to have been thrown", result1 instanceof QueryException);
assertEquals("Thrown exception expected to have been due to access denied", "401", ((QueryException) result1).getErrorCode());
assertEquals("Thrown exception expected to detail reason for access denial", "None of the DNs used have access to this query logic: [userdn]", result1.getMessage());
}
Aggregations