Search in sources :

Example 46 with Subject

use of ddf.security.Subject in project ddf by codice.

the class TestPepInterceptorInvalidSubject method testMessageInvalidSecurityAssertionToken.

// CHECKSTYLE.ON: VisibilityModifier
@Test
public void testMessageInvalidSecurityAssertionToken() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithInvalidSecurityAssertion = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithInvalidSecurityAssertion)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("urn:catalog:query", "search", "ns1");
    QName port = new QName("urn:catalog:query", "query-port", "ns1");
    when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
    when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithInvalidSecurityAssertion.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
    expectedExForInvalidSubject.expect(AccessDeniedException.class);
    expectedExForInvalidSubject.expectMessage("Unauthorized");
    // This should throw
    interceptor.handleMessage(messageWithInvalidSecurityAssertion);
    PowerMockito.verifyStatic();
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) QName(javax.xml.namespace.QName) CollectionPermission(ddf.security.permission.CollectionPermission) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 47 with Subject

use of ddf.security.Subject in project ddf by codice.

the class QueryOperations method canAccessSource.

boolean canAccessSource(FederatedSource source, QueryRequest request) {
    Map<String, Set<String>> securityAttributes = source.getSecurityAttributes();
    if (securityAttributes.isEmpty()) {
        return true;
    }
    Object requestSubject = request.getProperties().get(SecurityConstants.SECURITY_SUBJECT);
    if (requestSubject instanceof ddf.security.Subject) {
        Subject subject = (Subject) requestSubject;
        KeyValueCollectionPermission kvCollection = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, securityAttributes);
        return subject.isPermitted(kvCollection);
    }
    return false;
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) Set(java.util.Set) HashSet(java.util.HashSet) Subject(ddf.security.Subject)

Example 48 with Subject

use of ddf.security.Subject in project ddf by codice.

the class FederationAdminServiceImplTest method testAddRegistryEntryMetacard.

@Test
public void testAddRegistryEntryMetacard() throws Exception {
    Metacard metacard = testMetacard;
    Metacard createdMetacard = testMetacard;
    Subject systemSubject = security.getSystemSubject();
    Map<String, Serializable> properties = new HashMap<>();
    properties.put(SecurityConstants.SECURITY_SUBJECT, systemSubject);
    CreateRequest request = new CreateRequestImpl(Collections.singletonList(metacard), properties, null);
    CreateResponse response = new CreateResponseImpl(request, null, Collections.singletonList(createdMetacard));
    when(catalogFramework.create(any(CreateRequest.class))).thenReturn(response);
    String createdMetacardId = federationAdminServiceImpl.addRegistryEntry(metacard);
    assertThat(createdMetacardId, is(equalTo(RegistryObjectMetacardType.REGISTRY_ID)));
    verify(catalogFramework).create(any(CreateRequest.class));
}
Also used : Metacard(ddf.catalog.data.Metacard) Serializable(java.io.Serializable) HashMap(java.util.HashMap) CreateRequest(ddf.catalog.operation.CreateRequest) CreateResponse(ddf.catalog.operation.CreateResponse) CreateRequestImpl(ddf.catalog.operation.impl.CreateRequestImpl) Subject(ddf.security.Subject) CreateResponseImpl(ddf.catalog.operation.impl.CreateResponseImpl) Test(org.junit.Test)

Example 49 with Subject

use of ddf.security.Subject in project ddf by codice.

the class FederationAdminServiceImplTest method testAddRegistryEntryStringWithDestinations.

@Test
public void testAddRegistryEntryStringWithDestinations() throws Exception {
    Metacard metacard = testMetacard;
    Metacard createdMetacard = testMetacard;
    Set<String> destinations = new HashSet<>();
    destinations.add(TEST_DESTINATION);
    Subject systemSubject = security.getSystemSubject();
    Map<String, Serializable> properties = new HashMap<>();
    properties.put(SecurityConstants.SECURITY_SUBJECT, systemSubject);
    CreateRequest request = new CreateRequestImpl(Collections.singletonList(metacard), properties, destinations);
    CreateResponse response = new CreateResponseImpl(request, null, Collections.singletonList(createdMetacard));
    when(registryTransformer.transform(any(InputStream.class))).thenReturn(metacard);
    when(catalogFramework.create(any(CreateRequest.class))).thenReturn(response);
    String createdMetacardId = federationAdminServiceImpl.addRegistryEntry(TEST_XML_STRING, destinations);
    assertThat(createdMetacardId, is(equalTo(RegistryObjectMetacardType.REGISTRY_ID)));
    verify(registryTransformer).transform(any(InputStream.class));
    verify(catalogFramework).create(any(CreateRequest.class));
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) CreateRequest(ddf.catalog.operation.CreateRequest) CreateResponse(ddf.catalog.operation.CreateResponse) InputStream(java.io.InputStream) Subject(ddf.security.Subject) Metacard(ddf.catalog.data.Metacard) CreateRequestImpl(ddf.catalog.operation.impl.CreateRequestImpl) HashSet(java.util.HashSet) CreateResponseImpl(ddf.catalog.operation.impl.CreateResponseImpl) Test(org.junit.Test)

Example 50 with Subject

use of ddf.security.Subject in project ddf by codice.

the class FederationAdminServiceImplTest method testAddRegistryEntry.

@Test
public void testAddRegistryEntry() throws Exception {
    String destination = TEST_DESTINATION;
    Metacard metacard = testMetacard;
    Metacard createdMetacard = testMetacard;
    Set<String> destinations = new HashSet<>();
    destinations.add(destination);
    Subject systemSubject = security.getSystemSubject();
    Map<String, Serializable> properties = new HashMap<>();
    properties.put(SecurityConstants.SECURITY_SUBJECT, systemSubject);
    CreateRequest request = new CreateRequestImpl(Collections.singletonList(metacard), properties, destinations);
    CreateResponse response = new CreateResponseImpl(request, null, Collections.singletonList(createdMetacard));
    when(catalogFramework.create(any(CreateRequest.class))).thenReturn(response);
    String createdMetacardId = federationAdminServiceImpl.addRegistryEntry(metacard, destinations);
    assertThat(createdMetacardId, is(equalTo(RegistryObjectMetacardType.REGISTRY_ID)));
    verify(catalogFramework).create(any(CreateRequest.class));
}
Also used : Metacard(ddf.catalog.data.Metacard) Serializable(java.io.Serializable) HashMap(java.util.HashMap) CreateRequest(ddf.catalog.operation.CreateRequest) CreateResponse(ddf.catalog.operation.CreateResponse) CreateRequestImpl(ddf.catalog.operation.impl.CreateRequestImpl) Subject(ddf.security.Subject) HashSet(java.util.HashSet) CreateResponseImpl(ddf.catalog.operation.impl.CreateResponseImpl) Test(org.junit.Test)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8