Example 86 with Subject
use of ddf.security.Subject in project ddf by codice.
the class AuthenticationEndpointTest method mockUser.
private void mockUser(String username, String password, String realm) throws SecurityServiceException {
Subject subject = mock(Subject.class);
SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
SecurityToken securityToken = mock(SecurityToken.class);
when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
PrincipalCollection collection = mock(PrincipalCollection.class);
Iterator iter = mock(Iterator.class);
when(iter.hasNext()).thenReturn(true, false);
when(iter.next()).thenReturn(securityAssertion);
when(collection.iterator()).thenReturn(iter);
when(subject.getPrincipals()).thenReturn(collection);
UPAuthenticationToken token = new UPAuthenticationToken(username, password, realm);
when(securityManager.getSubject(argThat(new UsernamePasswordTokenMatcher(token)))).thenReturn(subject);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Iterator(java.util.Iterator)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Subject(ddf.security.Subject)
Example 87 with Subject
use of ddf.security.Subject in project ddf by codice.
the class AuthenticationEndpoint method login.
@POST
public Response login(@Context HttpServletRequest request, @FormParam("username") String username, @FormParam("password") String password, @FormParam("prevurl") String prevurl) throws SecurityServiceException {
// Make sure we're using HTTPS
if (!request.isSecure()) {
throw new IllegalArgumentException("Authentication request must use TLS.");
}
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}
// Get the realm from the previous url
String realm = BaseAuthenticationToken.DEFAULT_REALM;
ContextPolicy policy = contextPolicyManager.getContextPolicy(prevurl);
if (policy != null) {
realm = policy.getRealm();
}
// Create an authentication token
UPAuthenticationToken authenticationToken = new UPAuthenticationToken(username, password, realm);
// Authenticate
Subject subject = securityManager.getSubject(authenticationToken);
if (subject == null) {
throw new SecurityServiceException("Authentication failed");
}
for (Object principal : subject.getPrincipals()) {
if (principal instanceof SecurityAssertion) {
SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
if (securityToken == null) {
LOGGER.debug("Cannot add null security token to session");
continue;
}
// Create a session and add the security token
session = sessionFactory.getOrCreateSession(request);
SecurityTokenHolder holder = (SecurityTokenHolder) session.getAttribute(SecurityConstants.SAML_ASSERTION);
holder.addSecurityToken(realm, securityToken);
}
}
// Redirect to the previous url
URI redirect = uriInfo.getBaseUriBuilder().replacePath(prevurl).build();
return Response.seeOther(redirect).build();
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityTokenHolder(ddf.security.common.SecurityTokenHolder)
HttpSession(javax.servlet.http.HttpSession)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
URI(java.net.URI)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
Subject(ddf.security.Subject)
POST(javax.ws.rs.POST)
Example 88 with Subject
use of ddf.security.Subject in project ddf by codice.
the class CatalogFrameworkImplTest method testFederatedQueryPermissions.
@Test
public void testFederatedQueryPermissions() throws Exception {
MockEventProcessor eventAdmin = new MockEventProcessor();
MockMemoryProvider provider = new MockMemoryProvider("Provider", "Provider", "v1.0", "DDF", new HashSet<>(), true, new Date());
Map<String, CatalogStore> storeMap = new HashMap<>();
Map<String, FederatedSource> sourceMap = new HashMap<>();
Map<String, Set<String>> securityAttributes = new HashMap<>();
securityAttributes.put("role", Collections.singleton("myRole"));
MockCatalogStore store = new MockCatalogStore("catalogStoreId-1", true, securityAttributes);
storeMap.put(store.getId(), store);
sourceMap.put(store.getId(), store);
CatalogFramework framework = createDummyCatalogFramework(provider, storeMap, sourceMap, eventAdmin);
List<Metacard> metacards = new ArrayList<>();
MetacardImpl newCard = new MetacardImpl();
newCard.setId(null);
newCard.setContentTypeName("someType");
metacards.add(newCard);
Map<String, Serializable> reqProps = new HashMap<>();
HashSet<String> destinations = new HashSet<>();
//==== test writing to store and not local ====
destinations.add("catalogStoreId-1");
framework.create(new CreateRequestImpl(metacards, reqProps, destinations));
FilterBuilder builder = new GeotoolsFilterBuilder();
Subject subject = mock(Subject.class);
when(subject.isPermitted(any(KeyValueCollectionPermission.class))).thenReturn(true);
HashMap<String, Serializable> properties = new HashMap<>();
properties.put(SecurityConstants.SECURITY_SUBJECT, subject);
QueryImpl query = new QueryImpl(builder.attribute(Metacard.CONTENT_TYPE).is().like().text("someType"));
QueryRequestImpl request = new QueryRequestImpl(query, false, Collections.singletonList("catalogStoreId-1"), properties);
QueryResponse response = framework.query(request);
assertThat(response.getResults().size(), is(1));
}
Also used :
Serializable(java.io.Serializable)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Matchers.anyString(org.mockito.Matchers.anyString)
CatalogStore(ddf.catalog.source.CatalogStore)
QueryImpl(ddf.catalog.operation.impl.QueryImpl)
GeotoolsFilterBuilder(ddf.catalog.filter.proxy.builder.GeotoolsFilterBuilder)
FilterBuilder(ddf.catalog.filter.FilterBuilder)
GeotoolsFilterBuilder(ddf.catalog.filter.proxy.builder.GeotoolsFilterBuilder)
CatalogFramework(ddf.catalog.CatalogFramework)
HashSet(java.util.HashSet)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
Date(java.util.Date)
MetacardImpl(ddf.catalog.data.impl.MetacardImpl)
Subject(ddf.security.Subject)
FederatedSource(ddf.catalog.source.FederatedSource)
Metacard(ddf.catalog.data.Metacard)
QueryRequestImpl(ddf.catalog.operation.impl.QueryRequestImpl)
QueryResponse(ddf.catalog.operation.QueryResponse)
CreateRequestImpl(ddf.catalog.operation.impl.CreateRequestImpl)
Test(org.junit.Test)
Example 89 with Subject
use of ddf.security.Subject in project ddf by codice.
the class TestRegistryStore method setup.
@Before
public void setup() throws Exception {
parser = new XmlParser();
marshaller = new MetacardMarshaller(new XmlParser());
context = mock(BundleContext.class);
provider = mock(Converter.class);
cswSourceConfiguration = new CswSourceConfiguration();
factory = mock(SecureCxfClientFactory.class);
transformer = mock(TransformerManager.class);
encryptionService = mock(EncryptionService.class);
configAdmin = mock(ConfigurationAdmin.class);
configuration = mock(Configuration.class);
subject = mock(Subject.class);
queryResults = new ArrayList<>();
registryStore = spy(new RegistryStoreImpl(context, cswSourceConfiguration, provider, factory, encryptionService) {
@Override
protected void validateOperation() {
}
@Override
public boolean isAvailable() {
return availability;
}
@Override
protected SourceResponse query(QueryRequest queryRequest, ElementSetType elementSetName, List<QName> elementNames, Csw csw) throws UnsupportedQueryException {
if (queryResults == null) {
throw new UnsupportedQueryException("Test - Bad Query");
}
return new SourceResponseImpl(queryRequest, queryResults);
}
@Override
protected CapabilitiesType getCapabilities() {
return mock(CapabilitiesType.class);
}
@Override
public void configureCswSource() {
}
;
@Override
protected Subject getSystemSubject() {
return subject;
}
@Override
BundleContext getBundleContext() {
return context;
}
});
registryStore.setFilterBuilder(filterBuilder);
registryStore.setFilterAdapter(filterAdapter);
registryStore.setConfigAdmin(configAdmin);
registryStore.setMetacardMarshaller(new MetacardMarshaller(parser));
registryStore.setSchemaTransformerManager(transformer);
registryStore.setAutoPush(true);
registryStore.setRegistryUrl("http://test.url:0101/example");
properties = new Hashtable<>();
properties.put(RegistryStoreImpl.ID, "registryId");
registryStore.setMetacardMarshaller(marshaller);
when(configAdmin.getConfiguration(any())).thenReturn(configuration);
when(configuration.getProperties()).thenReturn(properties);
}
Also used :
CswSourceConfiguration(org.codice.ddf.spatial.ogc.csw.catalog.common.CswSourceConfiguration)
XmlParser(org.codice.ddf.parser.xml.XmlParser)
TransformerManager(org.codice.ddf.spatial.ogc.csw.catalog.common.transformer.TransformerManager)
Configuration(org.osgi.service.cm.Configuration)
CswSourceConfiguration(org.codice.ddf.spatial.ogc.csw.catalog.common.CswSourceConfiguration)
QueryRequest(ddf.catalog.operation.QueryRequest)
SecureCxfClientFactory(org.codice.ddf.cxf.SecureCxfClientFactory)
SourceResponseImpl(ddf.catalog.operation.impl.SourceResponseImpl)
MetacardMarshaller(org.codice.ddf.registry.schemabindings.helper.MetacardMarshaller)
Csw(org.codice.ddf.spatial.ogc.csw.catalog.common.Csw)
UnsupportedQueryException(ddf.catalog.source.UnsupportedQueryException)
Subject(ddf.security.Subject)
EncryptionService(ddf.security.encryption.EncryptionService)
ElementSetType(net.opengis.cat.csw.v_2_0_2.ElementSetType)
Converter(com.thoughtworks.xstream.converters.Converter)
List(java.util.List)
ArrayList(java.util.ArrayList)
ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin)
BundleContext(org.osgi.framework.BundleContext)
Before(org.junit.Before)
Example 90 with Subject
use of ddf.security.Subject in project ddf by codice.
the class ProfileInstallCommandTest method createSecurityMock.
private Security createSecurityMock() {
Subject subject = mock(Subject.class);
when(subject.execute(Matchers.<Callable<Object>>any())).thenAnswer(invocation -> {
Callable<Object> callable = (Callable<Object>) invocation.getArguments()[0];
return callable.call();
});
security = mock(Security.class);
when(security.getSystemSubject()).thenReturn(subject);
return security;
}Aggregations
Subject (ddf.security.Subject)94
Test (org.junit.Test)47
SecurityAssertion (ddf.security.assertion.SecurityAssertion)23
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23
HashMap (java.util.HashMap)20
Metacard (ddf.catalog.data.Metacard)18
SecurityManager (ddf.security.service.SecurityManager)14
IOException (java.io.IOException)14
Serializable (java.io.Serializable)14
CollectionPermission (ddf.security.permission.CollectionPermission)13
ArrayList (java.util.ArrayList)12
Map (java.util.Map)12
CreateRequest (ddf.catalog.operation.CreateRequest)11
CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11
UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10
SecurityServiceException (ddf.security.service.SecurityServiceException)10
HashSet (java.util.HashSet)10
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9
Before (org.junit.Before)9
HttpServletRequest (javax.servlet.http.HttpServletRequest)8
