Search in sources :

Example 56 with Subject

use of ddf.security.Subject in project ddf by codice.

the class TestRegistryStore method setup.

@Before
public void setup() throws Exception {
    parser = new XmlParser();
    marshaller = new MetacardMarshaller(new XmlParser());
    context = mock(BundleContext.class);
    provider = mock(Converter.class);
    cswSourceConfiguration = new CswSourceConfiguration();
    factory = mock(SecureCxfClientFactory.class);
    transformer = mock(TransformerManager.class);
    encryptionService = mock(EncryptionService.class);
    configAdmin = mock(ConfigurationAdmin.class);
    configuration = mock(Configuration.class);
    subject = mock(Subject.class);
    queryResults = new ArrayList<>();
    registryStore = spy(new RegistryStoreImpl(context, cswSourceConfiguration, provider, factory, encryptionService) {

        @Override
        protected void validateOperation() {
        }

        @Override
        public boolean isAvailable() {
            return availability;
        }

        @Override
        protected SourceResponse query(QueryRequest queryRequest, ElementSetType elementSetName, List<QName> elementNames, Csw csw) throws UnsupportedQueryException {
            if (queryResults == null) {
                throw new UnsupportedQueryException("Test - Bad Query");
            }
            return new SourceResponseImpl(queryRequest, queryResults);
        }

        @Override
        protected CapabilitiesType getCapabilities() {
            return mock(CapabilitiesType.class);
        }

        @Override
        public void configureCswSource() {
        }

        ;

        @Override
        protected Subject getSystemSubject() {
            return subject;
        }

        @Override
        BundleContext getBundleContext() {
            return context;
        }
    });
    registryStore.setFilterBuilder(filterBuilder);
    registryStore.setFilterAdapter(filterAdapter);
    registryStore.setConfigAdmin(configAdmin);
    registryStore.setMetacardMarshaller(new MetacardMarshaller(parser));
    registryStore.setSchemaTransformerManager(transformer);
    registryStore.setAutoPush(true);
    registryStore.setRegistryUrl("http://test.url:0101/example");
    properties = new Hashtable<>();
    properties.put(RegistryStoreImpl.ID, "registryId");
    registryStore.setMetacardMarshaller(marshaller);
    when(configAdmin.getConfiguration(any())).thenReturn(configuration);
    when(configuration.getProperties()).thenReturn(properties);
}
Also used : CswSourceConfiguration(org.codice.ddf.spatial.ogc.csw.catalog.common.CswSourceConfiguration) XmlParser(org.codice.ddf.parser.xml.XmlParser) TransformerManager(org.codice.ddf.spatial.ogc.csw.catalog.common.transformer.TransformerManager) Configuration(org.osgi.service.cm.Configuration) CswSourceConfiguration(org.codice.ddf.spatial.ogc.csw.catalog.common.CswSourceConfiguration) QueryRequest(ddf.catalog.operation.QueryRequest) SecureCxfClientFactory(org.codice.ddf.cxf.SecureCxfClientFactory) SourceResponseImpl(ddf.catalog.operation.impl.SourceResponseImpl) MetacardMarshaller(org.codice.ddf.registry.schemabindings.helper.MetacardMarshaller) Csw(org.codice.ddf.spatial.ogc.csw.catalog.common.Csw) UnsupportedQueryException(ddf.catalog.source.UnsupportedQueryException) Subject(ddf.security.Subject) EncryptionService(ddf.security.encryption.EncryptionService) ElementSetType(net.opengis.cat.csw.v_2_0_2.ElementSetType) Converter(com.thoughtworks.xstream.converters.Converter) List(java.util.List) ArrayList(java.util.ArrayList) ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin) BundleContext(org.osgi.framework.BundleContext) Before(org.junit.Before)

Example 57 with Subject

use of ddf.security.Subject in project ddf by codice.

the class ProfileInstallCommandTest method createSecurityMock.

private Security createSecurityMock() {
    Subject subject = mock(Subject.class);
    when(subject.execute(Matchers.<Callable<Object>>any())).thenAnswer(invocation -> {
        Callable<Object> callable = (Callable<Object>) invocation.getArguments()[0];
        return callable.call();
    });
    security = mock(Security.class);
    when(security.getSystemSubject()).thenReturn(subject);
    return security;
}
Also used : Security(org.codice.ddf.security.common.Security) Subject(ddf.security.Subject) Callable(java.util.concurrent.Callable)

Example 58 with Subject

use of ddf.security.Subject in project ddf by codice.

the class Security method runWithSubjectOrElevate.

/**
     * Runs the {@link Callable} in the current thread as the current security framework's
     * {@link Subject}. If the security framework's {@link Subject} is not currently set and
     * the Java Subject contains the admin role, elevates and runs the {@link Callable} as the
     * system {@link Subject}.
     *
     * @param codeToRun code to run
     * @param <T>       type of the returned value
     * @return value returned by the {@link Callable}
     * @throws SecurityServiceException  if the current subject didn' have enough permissions to run
     *                                   the code
     * @throws InvocationTargetException wraps any exception thrown by {@link Callable#call()}.
     *                                   {@link Callable} exception can be retrieved using the
     *                                   {@link InvocationTargetException#getCause()}.
     */
public <T> T runWithSubjectOrElevate(@NotNull Callable<T> codeToRun) throws SecurityServiceException, InvocationTargetException {
    notNull(codeToRun, "Callable cannot be null");
    try {
        try {
            org.apache.shiro.subject.Subject subject = org.apache.shiro.SecurityUtils.getSubject();
            return subject.execute(codeToRun);
        } catch (IllegalStateException | UnavailableSecurityManagerException e) {
            LOGGER.debug("No shiro subject available for running command, trying with Java Subject");
        }
        Subject subject = getSystemSubject();
        if (subject == null) {
            SecurityLogger.audit(INSUFFICIENT_PERMISSIONS_ERROR);
            throw new SecurityServiceException(INSUFFICIENT_PERMISSIONS_ERROR);
        }
        SecurityLogger.auditWarn("Elevating current user permissions to use System subject");
        return subject.execute(codeToRun);
    } catch (ExecutionException e) {
        throw new InvocationTargetException(e.getCause());
    }
}
Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) UnavailableSecurityManagerException(org.apache.shiro.UnavailableSecurityManagerException) ExecutionException(org.apache.shiro.subject.ExecutionException) Subject(ddf.security.Subject) InvocationTargetException(java.lang.reflect.InvocationTargetException)

Example 59 with Subject

use of ddf.security.Subject in project ddf by codice.

the class Security method getGuestSubject.

/**
     * Gets the guest {@link Subject} associated with the specified IP. Uses a cached subject when possible since the subject
     * will not change between calls.
     *
     * @return system's {@link Subject}
     */
public Subject getGuestSubject(String ipAddress) {
    Subject subject = null;
    GuestAuthenticationToken token = new GuestAuthenticationToken(BaseAuthenticationToken.DEFAULT_REALM, ipAddress);
    LOGGER.debug("Getting new Guest user token for {}", ipAddress);
    try {
        SecurityManager securityManager = getSecurityManager();
        if (securityManager != null) {
            subject = securityManager.getSubject(token);
        }
    } catch (SecurityServiceException sse) {
        LOGGER.info("Unable to request subject for guest user.", sse);
    }
    return subject;
}
Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) GuestAuthenticationToken(org.codice.ddf.security.handler.api.GuestAuthenticationToken) SecurityManager(ddf.security.service.SecurityManager) Subject(ddf.security.Subject)

Example 60 with Subject

use of ddf.security.Subject in project ddf by codice.

the class RestSecurityTest method testNotSetSubjectOnClient.

@Test
public void testNotSetSubjectOnClient() throws Exception {
    Element samlToken = readDocument("/saml.xml").getDocumentElement();
    Subject subject = mock(Subject.class);
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    SecurityToken token = new SecurityToken(UUID.randomUUID().toString(), samlToken, new Date(), new Date());
    when(assertion.getSecurityToken()).thenReturn(token);
    when(subject.getPrincipals()).thenReturn(new SimplePrincipalCollection(assertion, "sts"));
    WebClient client = WebClient.create("http://example.org");
    RestSecurity.setSubjectOnClient(subject, client);
    assertNull(client.getHeaders().get(RestSecurity.AUTH_HEADER));
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Element(org.w3c.dom.Element) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) WebClient(org.apache.cxf.jaxrs.client.WebClient) Subject(ddf.security.Subject) Date(java.util.Date) Test(org.junit.Test)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8