Search in sources :

Example 81 with Subject

use of ddf.security.Subject in project ddf by codice.

the class LoginFilterTest method testValidUsernameToken.

@Test
public void testValidUsernameToken() throws IOException, XMLStreamException, ServletException, ParserConfigurationException, SAXException, SecurityServiceException {
    FilterConfig filterConfig = mock(FilterConfig.class);
    LoginFilter loginFilter = new LoginFilter();
    loginFilter.setSessionFactory(sessionFactory);
    ddf.security.service.SecurityManager securityManager = mock(ddf.security.service.SecurityManager.class);
    loginFilter.setSecurityManager(securityManager);
    loginFilter.init(filterConfig);
    HttpServletRequest servletRequest = mock(HttpServletRequest.class);
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = mock(FilterChain.class);
    UPAuthenticationToken token = new UPAuthenticationToken("foo", "bar");
    HandlerResult result = new HandlerResult(HandlerResult.Status.COMPLETED, token);
    when(servletRequest.getAttribute("ddf.security.token")).thenReturn(result);
    HttpSession session = mock(HttpSession.class);
    when(servletRequest.getSession(true)).thenReturn(session);
    when(session.getAttribute(SecurityConstants.SAML_ASSERTION)).thenReturn(new SecurityTokenHolder());
    when(sessionFactory.getOrCreateSession(servletRequest)).thenReturn(session);
    Subject subject = mock(Subject.class, RETURNS_DEEP_STUBS);
    when(securityManager.getSubject(token)).thenReturn(subject);
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    when(assertion.getSecurityToken()).thenReturn(securityToken);
    when(subject.getPrincipals().asList()).thenReturn(Arrays.asList(assertion));
    when(securityToken.getToken()).thenReturn(readDocument("/good_saml.xml").getDocumentElement());
    loginFilter.doFilter(servletRequest, servletResponse, filterChain);
}
Also used : HttpSession(javax.servlet.http.HttpSession) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityTokenHolder(ddf.security.common.SecurityTokenHolder) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken) FilterConfig(javax.servlet.FilterConfig) SecurityManager(ddf.security.service.SecurityManager) Test(org.junit.Test)

Example 82 with Subject

use of ddf.security.Subject in project ddf by codice.

the class SecurityManagerImplTest method testSecToken.

/**
     * Creates mock objects and uses those to pass through the system when a security token is used.
     *
     * @throws SecurityServiceException
     */
@Test
public void testSecToken() throws SecurityServiceException {
    // mock setup
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    SecurityToken secToken = new SecurityToken();
    principals.add(secToken, REALM_NAME);
    // realm
    Realm realm = mock(Realm.class);
    when(realm.getName()).thenReturn(REALM_NAME);
    SecurityManagerImpl manager = new SecurityManagerImpl();
    manager.setRealms(Arrays.asList(new Realm[] { realm }));
    Subject subject = manager.getSubject(secToken);
    assertNotNull(subject);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) Realm(org.apache.shiro.realm.Realm) Subject(ddf.security.Subject) Test(org.junit.Test)

Example 83 with Subject

use of ddf.security.Subject in project ddf by codice.

the class FtpRequestHandlerTest method testOnUploadStartNoFileWritePermission.

@Test(expected = FtpException.class)
public void testOnUploadStartNoFileWritePermission() throws FtpException, IOException {
    Subject subject = mock(Subject.class);
    when(request.getArgument()).thenReturn(FILE_NAME);
    when(session.getAttribute(SUBJECT)).thenReturn(subject);
    when(session.getFileSystemView().getFile(FILE_NAME).isWritable()).thenReturn(false);
    ftplet.onUploadStart(session, request);
}
Also used : Subject(ddf.security.Subject) Test(org.junit.Test)

Example 84 with Subject

use of ddf.security.Subject in project ddf by codice.

the class FtpRequestHandlerTest method testOnUploadStartFailFileTransfer.

@Test(expected = IOException.class)
public void testOnUploadStartFailFileTransfer() throws Exception {
    Subject subject = mock(Subject.class);
    when(request.getArgument()).thenReturn(FILE_NAME);
    when(session.getAttribute(SUBJECT)).thenReturn(subject);
    when(session.getFileSystemView().getFile(FILE_NAME).isWritable()).thenReturn(true);
    when(session.getDataConnection().openConnection().transferFromClient(eq(session), any(FileBackedOutputStream.class))).thenThrow(new IOException());
    ftplet.onUploadStart(session, request);
}
Also used : TemporaryFileBackedOutputStream(org.codice.ddf.platform.util.TemporaryFileBackedOutputStream) FileBackedOutputStream(com.google.common.io.FileBackedOutputStream) IOException(java.io.IOException) Subject(ddf.security.Subject) Test(org.junit.Test)

Example 85 with Subject

use of ddf.security.Subject in project ddf by codice.

the class FtpRequestHandlerTest method setupIngest.

@SuppressWarnings("unchecked")
private void setupIngest() throws FtpException, SourceUnavailableException, IngestException {
    Subject subject = mock(Subject.class);
    FtpFile ftpFile = mock(FtpFile.class);
    CreateResponse createResponse = mock(CreateResponse.class);
    Metacard metacard = mock(Metacard.class);
    when(metacard.getId()).thenReturn(METACARD_ID);
    when(createResponse.getCreatedMetacards()).thenReturn(Collections.singletonList(metacard));
    when(session.getAttribute(SUBJECT)).thenReturn(subject);
    when(request.getArgument()).thenReturn(FILE_NAME);
    when(session.getFileSystemView().getFile(FILE_NAME)).thenReturn(ftpFile);
    when(ftpFile.isWritable()).thenReturn(true);
    when(ftpFile.getAbsolutePath()).thenReturn(FILE_NAME);
    when(subject.execute(any(Callable.class))).thenAnswer(invocationOnMock -> ((Callable) invocationOnMock.getArguments()[0]).call());
    when(catalogFramework.create(any(CreateStorageRequest.class))).thenReturn(createResponse);
}
Also used : Metacard(ddf.catalog.data.Metacard) CreateResponse(ddf.catalog.operation.CreateResponse) FtpFile(org.apache.ftpserver.ftplet.FtpFile) Subject(ddf.security.Subject) Callable(java.util.concurrent.Callable) CreateStorageRequest(ddf.catalog.content.operation.CreateStorageRequest)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8