use of ddf.security.Subject in project ddf by codice.
the class TestRegistryStore method setup.
@Before
public void setup() throws Exception {
parser = new XmlParser();
marshaller = new MetacardMarshaller(new XmlParser());
context = mock(BundleContext.class);
provider = mock(Converter.class);
cswSourceConfiguration = new CswSourceConfiguration();
factory = mock(SecureCxfClientFactory.class);
transformer = mock(TransformerManager.class);
encryptionService = mock(EncryptionService.class);
configAdmin = mock(ConfigurationAdmin.class);
configuration = mock(Configuration.class);
subject = mock(Subject.class);
queryResults = new ArrayList<>();
registryStore = spy(new RegistryStoreImpl(context, cswSourceConfiguration, provider, factory, encryptionService) {
@Override
protected void validateOperation() {
}
@Override
public boolean isAvailable() {
return availability;
}
@Override
protected SourceResponse query(QueryRequest queryRequest, ElementSetType elementSetName, List<QName> elementNames, Csw csw) throws UnsupportedQueryException {
if (queryResults == null) {
throw new UnsupportedQueryException("Test - Bad Query");
}
return new SourceResponseImpl(queryRequest, queryResults);
}
@Override
protected CapabilitiesType getCapabilities() {
return mock(CapabilitiesType.class);
}
@Override
public void configureCswSource() {
}
;
@Override
protected Subject getSystemSubject() {
return subject;
}
@Override
BundleContext getBundleContext() {
return context;
}
});
registryStore.setFilterBuilder(filterBuilder);
registryStore.setFilterAdapter(filterAdapter);
registryStore.setConfigAdmin(configAdmin);
registryStore.setMetacardMarshaller(new MetacardMarshaller(parser));
registryStore.setSchemaTransformerManager(transformer);
registryStore.setAutoPush(true);
registryStore.setRegistryUrl("http://test.url:0101/example");
properties = new Hashtable<>();
properties.put(RegistryStoreImpl.ID, "registryId");
registryStore.setMetacardMarshaller(marshaller);
when(configAdmin.getConfiguration(any())).thenReturn(configuration);
when(configuration.getProperties()).thenReturn(properties);
}
use of ddf.security.Subject in project ddf by codice.
the class ProfileInstallCommandTest method createSecurityMock.
private Security createSecurityMock() {
Subject subject = mock(Subject.class);
when(subject.execute(Matchers.<Callable<Object>>any())).thenAnswer(invocation -> {
Callable<Object> callable = (Callable<Object>) invocation.getArguments()[0];
return callable.call();
});
security = mock(Security.class);
when(security.getSystemSubject()).thenReturn(subject);
return security;
}
use of ddf.security.Subject in project ddf by codice.
the class Security method runWithSubjectOrElevate.
/**
* Runs the {@link Callable} in the current thread as the current security framework's
* {@link Subject}. If the security framework's {@link Subject} is not currently set and
* the Java Subject contains the admin role, elevates and runs the {@link Callable} as the
* system {@link Subject}.
*
* @param codeToRun code to run
* @param <T> type of the returned value
* @return value returned by the {@link Callable}
* @throws SecurityServiceException if the current subject didn' have enough permissions to run
* the code
* @throws InvocationTargetException wraps any exception thrown by {@link Callable#call()}.
* {@link Callable} exception can be retrieved using the
* {@link InvocationTargetException#getCause()}.
*/
public <T> T runWithSubjectOrElevate(@NotNull Callable<T> codeToRun) throws SecurityServiceException, InvocationTargetException {
notNull(codeToRun, "Callable cannot be null");
try {
try {
org.apache.shiro.subject.Subject subject = org.apache.shiro.SecurityUtils.getSubject();
return subject.execute(codeToRun);
} catch (IllegalStateException | UnavailableSecurityManagerException e) {
LOGGER.debug("No shiro subject available for running command, trying with Java Subject");
}
Subject subject = getSystemSubject();
if (subject == null) {
SecurityLogger.audit(INSUFFICIENT_PERMISSIONS_ERROR);
throw new SecurityServiceException(INSUFFICIENT_PERMISSIONS_ERROR);
}
SecurityLogger.auditWarn("Elevating current user permissions to use System subject");
return subject.execute(codeToRun);
} catch (ExecutionException e) {
throw new InvocationTargetException(e.getCause());
}
}
use of ddf.security.Subject in project ddf by codice.
the class Security method getGuestSubject.
/**
* Gets the guest {@link Subject} associated with the specified IP. Uses a cached subject when possible since the subject
* will not change between calls.
*
* @return system's {@link Subject}
*/
public Subject getGuestSubject(String ipAddress) {
Subject subject = null;
GuestAuthenticationToken token = new GuestAuthenticationToken(BaseAuthenticationToken.DEFAULT_REALM, ipAddress);
LOGGER.debug("Getting new Guest user token for {}", ipAddress);
try {
SecurityManager securityManager = getSecurityManager();
if (securityManager != null) {
subject = securityManager.getSubject(token);
}
} catch (SecurityServiceException sse) {
LOGGER.info("Unable to request subject for guest user.", sse);
}
return subject;
}
use of ddf.security.Subject in project ddf by codice.
the class RestSecurityTest method testNotSetSubjectOnClient.
@Test
public void testNotSetSubjectOnClient() throws Exception {
Element samlToken = readDocument("/saml.xml").getDocumentElement();
Subject subject = mock(Subject.class);
SecurityAssertion assertion = mock(SecurityAssertion.class);
SecurityToken token = new SecurityToken(UUID.randomUUID().toString(), samlToken, new Date(), new Date());
when(assertion.getSecurityToken()).thenReturn(token);
when(subject.getPrincipals()).thenReturn(new SimplePrincipalCollection(assertion, "sts"));
WebClient client = WebClient.create("http://example.org");
RestSecurity.setSubjectOnClient(subject, client);
assertNull(client.getHeaders().get(RestSecurity.AUTH_HEADER));
}
Aggregations