Search in sources :

Example 66 with Subject

use of ddf.security.Subject in project ddf by codice.

the class GuestInterceptor method getSubject.

private Subject getSubject(String ipAddress) {
    Subject subject = CACHED_GUEST_SUBJECT.getIfPresent(ipAddress);
    if (security.tokenAboutToExpire(subject)) {
        subject = security.getGuestSubject(ipAddress);
        CACHED_GUEST_SUBJECT.put(ipAddress, subject);
    } else {
        LOGGER.debug("Using cached Guest user token for {}", ipAddress);
    }
    return subject;
}
Also used : Subject(ddf.security.Subject)

Example 67 with Subject

use of ddf.security.Subject in project ddf by codice.

the class CatalogFrameworkImplTest method testFederatedQueryPermissionsNotPermitted.

@Test(expected = FederationException.class)
public void testFederatedQueryPermissionsNotPermitted() throws Exception {
    MockEventProcessor eventAdmin = new MockEventProcessor();
    MockMemoryProvider provider = new MockMemoryProvider("Provider", "Provider", "v1.0", "DDF", new HashSet<>(), true, new Date());
    Map<String, CatalogStore> storeMap = new HashMap<>();
    Map<String, FederatedSource> sourceMap = new HashMap<>();
    Map<String, Set<String>> securityAttributes = new HashMap<>();
    securityAttributes.put("role", Collections.singleton("myRole"));
    MockCatalogStore store = new MockCatalogStore("catalogStoreId-1", true, securityAttributes);
    storeMap.put(store.getId(), store);
    sourceMap.put(store.getId(), store);
    CatalogFramework framework = createDummyCatalogFramework(provider, storeMap, sourceMap, eventAdmin);
    FilterBuilder builder = new GeotoolsFilterBuilder();
    Subject subject = mock(Subject.class);
    when(subject.isPermitted(any(KeyValueCollectionPermission.class))).thenReturn(false);
    HashMap<String, Serializable> properties = new HashMap<>();
    properties.put(SecurityConstants.SECURITY_SUBJECT, subject);
    QueryImpl query = new QueryImpl(builder.attribute(Metacard.CONTENT_TYPE).is().like().text("someType"));
    QueryRequestImpl request = new QueryRequestImpl(query, false, Collections.singletonList("catalogStoreId-1"), properties);
    framework.query(request);
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) Serializable(java.io.Serializable) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Matchers.anyString(org.mockito.Matchers.anyString) Date(java.util.Date) Subject(ddf.security.Subject) CatalogStore(ddf.catalog.source.CatalogStore) FederatedSource(ddf.catalog.source.FederatedSource) QueryImpl(ddf.catalog.operation.impl.QueryImpl) GeotoolsFilterBuilder(ddf.catalog.filter.proxy.builder.GeotoolsFilterBuilder) FilterBuilder(ddf.catalog.filter.FilterBuilder) GeotoolsFilterBuilder(ddf.catalog.filter.proxy.builder.GeotoolsFilterBuilder) QueryRequestImpl(ddf.catalog.operation.impl.QueryRequestImpl) CatalogFramework(ddf.catalog.CatalogFramework) Test(org.junit.Test)

Example 68 with Subject

use of ddf.security.Subject in project ddf by codice.

the class AbstractCswStore method update.

@Override
public UpdateResponse update(UpdateRequest updateRequest) throws IngestException {
    Map<String, Serializable> properties = new HashMap<>();
    validateOperation();
    Subject subject = (Subject) updateRequest.getPropertyValue(SecurityConstants.SECURITY_SUBJECT);
    Csw csw = factory.getClientForSubject(subject);
    CswTransactionRequest transactionRequest = getTransactionRequest();
    OperationTransaction opTrans = (OperationTransaction) updateRequest.getPropertyValue(Constants.OPERATION_TRANSACTION_KEY);
    String insertTypeName = schemaTransformerManager.getTransformerIdForSchema(cswSourceConfiguration.getOutputSchema());
    HashSet<ProcessingDetails> errors = new HashSet<>();
    if (insertTypeName == null) {
        insertTypeName = CswConstants.CSW_RECORD;
    }
    ArrayList<Metacard> updatedMetacards = new ArrayList<>(updateRequest.getUpdates().size());
    ArrayList<Filter> updatedMetacardFilters = new ArrayList<>(updateRequest.getUpdates().size());
    for (Map.Entry<Serializable, Metacard> update : updateRequest.getUpdates()) {
        Metacard metacard = update.getValue();
        properties.put(metacard.getId(), metacard);
        updatedMetacardFilters.add(filterBuilder.attribute(updateRequest.getAttributeName()).is().equalTo().text(update.getKey().toString()));
        transactionRequest.getUpdateActions().add(new UpdateAction(metacard, insertTypeName, null));
    }
    try {
        TransactionResponseType response = csw.transaction(transactionRequest);
        if (response.getTransactionSummary().getTotalUpdated().longValue() != updateRequest.getUpdates().size()) {
            errors.add(new ProcessingDetailsImpl(this.getId(), null, "One or more updates failed"));
        }
    } catch (CswException e) {
        throw new IngestException("Csw Transaction Failed.", e);
    }
    try {
        updatedMetacards.addAll(transactionQuery(updatedMetacardFilters, subject));
    } catch (UnsupportedQueryException e) {
        errors.add(new ProcessingDetailsImpl(this.getId(), e, "Failed to retrieve updated metacards"));
    }
    return new UpdateResponseImpl(updateRequest, properties, updatedMetacards, new ArrayList(opTrans.getPreviousStateMetacards()), errors);
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) UnsupportedQueryException(ddf.catalog.source.UnsupportedQueryException) ArrayList(java.util.ArrayList) CswException(org.codice.ddf.spatial.ogc.csw.catalog.common.CswException) ProcessingDetailsImpl(ddf.catalog.operation.impl.ProcessingDetailsImpl) TransactionResponseType(net.opengis.cat.csw.v_2_0_2.TransactionResponseType) OperationTransaction(ddf.catalog.operation.OperationTransaction) ProcessingDetails(ddf.catalog.operation.ProcessingDetails) UpdateResponseImpl(ddf.catalog.operation.impl.UpdateResponseImpl) IngestException(ddf.catalog.source.IngestException) HashSet(java.util.HashSet) UpdateAction(org.codice.ddf.spatial.ogc.csw.catalog.common.transaction.UpdateAction) Csw(org.codice.ddf.spatial.ogc.csw.catalog.common.Csw) Subject(ddf.security.Subject) Metacard(ddf.catalog.data.Metacard) Filter(org.opengis.filter.Filter) CswTransactionRequest(org.codice.ddf.spatial.ogc.csw.catalog.common.transaction.CswTransactionRequest) Map(java.util.Map) DefaultCswRecordMap(org.codice.ddf.spatial.ogc.csw.catalog.common.converter.DefaultCswRecordMap) HashMap(java.util.HashMap)

Example 69 with Subject

use of ddf.security.Subject in project ddf by codice.

the class AbstractCswStore method delete.

@Override
public DeleteResponse delete(DeleteRequest deleteRequest) throws IngestException {
    Map<String, Serializable> properties = new HashMap<>();
    validateOperation();
    Subject subject = (Subject) deleteRequest.getPropertyValue(SecurityConstants.SECURITY_SUBJECT);
    Csw csw = factory.getClientForSubject(subject);
    CswTransactionRequest transactionRequest = getTransactionRequest();
    OperationTransaction opTrans = (OperationTransaction) deleteRequest.getPropertyValue(Constants.OPERATION_TRANSACTION_KEY);
    String typeName = schemaTransformerManager.getTransformerIdForSchema(cswSourceConfiguration.getOutputSchema());
    if (typeName == null) {
        typeName = CswConstants.CSW_RECORD;
    }
    for (Serializable itemToDelete : deleteRequest.getAttributeValues()) {
        try {
            DeleteType deleteType = new DeleteType();
            deleteType.setTypeName(typeName);
            QueryConstraintType queryConstraintType = new QueryConstraintType();
            Filter filter;
            FilterType filterType;
            filter = filterBuilder.attribute(deleteRequest.getAttributeName()).is().equalTo().text(itemToDelete.toString());
            filterType = filterAdapter.adapt(filter, cswFilterDelegate);
            queryConstraintType.setCqlText(CswCqlTextFilter.getInstance().getCqlText(filterType));
            deleteType.setConstraint(queryConstraintType);
            DeleteAction deleteAction = new DeleteAction(deleteType, DefaultCswRecordMap.getPrefixToUriMapping());
            transactionRequest.getDeleteActions().add(deleteAction);
        } catch (UnsupportedQueryException e) {
            throw new IngestException("Unsupported Query.", e);
        }
    }
    try {
        TransactionResponseType response = csw.transaction(transactionRequest);
        if (response.getTransactionSummary().getTotalDeleted().intValue() != deleteRequest.getAttributeValues().size()) {
            throw new IngestException("Csw Transaction Failed. Number of metacards deleted did not match number requested.");
        }
    } catch (CswException e) {
        throw new IngestException("Csw Transaction Failed", e);
    }
    return new DeleteResponseImpl(deleteRequest, properties, new ArrayList(opTrans.getPreviousStateMetacards()));
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) Csw(org.codice.ddf.spatial.ogc.csw.catalog.common.Csw) UnsupportedQueryException(ddf.catalog.source.UnsupportedQueryException) CswException(org.codice.ddf.spatial.ogc.csw.catalog.common.CswException) ArrayList(java.util.ArrayList) Subject(ddf.security.Subject) QueryConstraintType(net.opengis.cat.csw.v_2_0_2.QueryConstraintType) TransactionResponseType(net.opengis.cat.csw.v_2_0_2.TransactionResponseType) OperationTransaction(ddf.catalog.operation.OperationTransaction) FilterType(net.opengis.filter.v_1_1_0.FilterType) DeleteResponseImpl(ddf.catalog.operation.impl.DeleteResponseImpl) Filter(org.opengis.filter.Filter) CswTransactionRequest(org.codice.ddf.spatial.ogc.csw.catalog.common.transaction.CswTransactionRequest) DeleteAction(org.codice.ddf.spatial.ogc.csw.catalog.common.transaction.DeleteAction) DeleteType(net.opengis.cat.csw.v_2_0_2.DeleteType) IngestException(ddf.catalog.source.IngestException)

Example 70 with Subject

use of ddf.security.Subject in project ddf by codice.

the class FederationAdminServiceImplTest method testAddRegistryEntryString.

@Test
public void testAddRegistryEntryString() throws Exception {
    Metacard metacard = testMetacard;
    metacard.setAttribute(new AttributeImpl(Metacard.TAGS, Collections.singletonList(RegistryConstants.REGISTRY_TAG)));
    Metacard createdMetacard = testMetacard;
    Subject systemSubject = security.getSystemSubject();
    Map<String, Serializable> properties = new HashMap<>();
    properties.put(SecurityConstants.SECURITY_SUBJECT, systemSubject);
    CreateRequest request = new CreateRequestImpl(Collections.singletonList(metacard), properties, null);
    CreateResponse response = new CreateResponseImpl(request, null, Collections.singletonList(createdMetacard));
    when(registryTransformer.transform(any(InputStream.class))).thenReturn(metacard);
    when(catalogFramework.create(any(CreateRequest.class))).thenReturn(response);
    String createdMetacardId = federationAdminServiceImpl.addRegistryEntry(TEST_XML_STRING);
    assertThat(createdMetacardId, is(equalTo(RegistryObjectMetacardType.REGISTRY_ID)));
    verify(registryTransformer).transform(any(InputStream.class));
    verify(catalogFramework).create(any(CreateRequest.class));
}
Also used : Metacard(ddf.catalog.data.Metacard) Serializable(java.io.Serializable) HashMap(java.util.HashMap) CreateRequest(ddf.catalog.operation.CreateRequest) CreateResponse(ddf.catalog.operation.CreateResponse) InputStream(java.io.InputStream) AttributeImpl(ddf.catalog.data.impl.AttributeImpl) CreateRequestImpl(ddf.catalog.operation.impl.CreateRequestImpl) Subject(ddf.security.Subject) CreateResponseImpl(ddf.catalog.operation.impl.CreateResponseImpl) Test(org.junit.Test)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8