use of ddf.security.Subject in project ddf by codice.
the class TestPepInterceptorInvalidSubject method testMessageInvalidSecurityAssertionToken.
// CHECKSTYLE.ON: VisibilityModifier
@Test
public void testMessageInvalidSecurityAssertionToken() throws SecurityServiceException {
PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithInvalidSecurityAssertion = mock(Message.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
PowerMockito.mockStatic(SecurityAssertionStore.class);
PowerMockito.mockStatic(SecurityLogger.class);
when(SecurityAssertionStore.getSecurityAssertion(messageWithInvalidSecurityAssertion)).thenReturn(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
QName op = new QName("urn:catalog:query", "search", "ns1");
QName port = new QName("urn:catalog:query", "query-port", "ns1");
when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
Exchange mockExchange = mock(Exchange.class);
BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
when(messageWithInvalidSecurityAssertion.getExchange()).thenReturn(mockExchange);
when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
expectedExForInvalidSubject.expect(AccessDeniedException.class);
expectedExForInvalidSubject.expectMessage("Unauthorized");
// This should throw
interceptor.handleMessage(messageWithInvalidSecurityAssertion);
PowerMockito.verifyStatic();
}
use of ddf.security.Subject in project ddf by codice.
the class QueryOperations method canAccessSource.
boolean canAccessSource(FederatedSource source, QueryRequest request) {
Map<String, Set<String>> securityAttributes = source.getSecurityAttributes();
if (securityAttributes.isEmpty()) {
return true;
}
Object requestSubject = request.getProperties().get(SecurityConstants.SECURITY_SUBJECT);
if (requestSubject instanceof ddf.security.Subject) {
Subject subject = (Subject) requestSubject;
KeyValueCollectionPermission kvCollection = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, securityAttributes);
return subject.isPermitted(kvCollection);
}
return false;
}
use of ddf.security.Subject in project ddf by codice.
the class FederationAdminServiceImplTest method testAddRegistryEntryMetacard.
@Test
public void testAddRegistryEntryMetacard() throws Exception {
Metacard metacard = testMetacard;
Metacard createdMetacard = testMetacard;
Subject systemSubject = security.getSystemSubject();
Map<String, Serializable> properties = new HashMap<>();
properties.put(SecurityConstants.SECURITY_SUBJECT, systemSubject);
CreateRequest request = new CreateRequestImpl(Collections.singletonList(metacard), properties, null);
CreateResponse response = new CreateResponseImpl(request, null, Collections.singletonList(createdMetacard));
when(catalogFramework.create(any(CreateRequest.class))).thenReturn(response);
String createdMetacardId = federationAdminServiceImpl.addRegistryEntry(metacard);
assertThat(createdMetacardId, is(equalTo(RegistryObjectMetacardType.REGISTRY_ID)));
verify(catalogFramework).create(any(CreateRequest.class));
}
use of ddf.security.Subject in project ddf by codice.
the class FederationAdminServiceImplTest method testAddRegistryEntryStringWithDestinations.
@Test
public void testAddRegistryEntryStringWithDestinations() throws Exception {
Metacard metacard = testMetacard;
Metacard createdMetacard = testMetacard;
Set<String> destinations = new HashSet<>();
destinations.add(TEST_DESTINATION);
Subject systemSubject = security.getSystemSubject();
Map<String, Serializable> properties = new HashMap<>();
properties.put(SecurityConstants.SECURITY_SUBJECT, systemSubject);
CreateRequest request = new CreateRequestImpl(Collections.singletonList(metacard), properties, destinations);
CreateResponse response = new CreateResponseImpl(request, null, Collections.singletonList(createdMetacard));
when(registryTransformer.transform(any(InputStream.class))).thenReturn(metacard);
when(catalogFramework.create(any(CreateRequest.class))).thenReturn(response);
String createdMetacardId = federationAdminServiceImpl.addRegistryEntry(TEST_XML_STRING, destinations);
assertThat(createdMetacardId, is(equalTo(RegistryObjectMetacardType.REGISTRY_ID)));
verify(registryTransformer).transform(any(InputStream.class));
verify(catalogFramework).create(any(CreateRequest.class));
}
use of ddf.security.Subject in project ddf by codice.
the class FederationAdminServiceImplTest method testAddRegistryEntry.
@Test
public void testAddRegistryEntry() throws Exception {
String destination = TEST_DESTINATION;
Metacard metacard = testMetacard;
Metacard createdMetacard = testMetacard;
Set<String> destinations = new HashSet<>();
destinations.add(destination);
Subject systemSubject = security.getSystemSubject();
Map<String, Serializable> properties = new HashMap<>();
properties.put(SecurityConstants.SECURITY_SUBJECT, systemSubject);
CreateRequest request = new CreateRequestImpl(Collections.singletonList(metacard), properties, destinations);
CreateResponse response = new CreateResponseImpl(request, null, Collections.singletonList(createdMetacard));
when(catalogFramework.create(any(CreateRequest.class))).thenReturn(response);
String createdMetacardId = federationAdminServiceImpl.addRegistryEntry(metacard, destinations);
assertThat(createdMetacardId, is(equalTo(RegistryObjectMetacardType.REGISTRY_ID)));
verify(catalogFramework).create(any(CreateRequest.class));
}
Aggregations