Search in sources :

Example 86 with Subject

use of ddf.security.Subject in project ddf by codice.

the class AuthenticationEndpointTest method mockUser.

private void mockUser(String username, String password, String realm) throws SecurityServiceException {
    Subject subject = mock(Subject.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
    PrincipalCollection collection = mock(PrincipalCollection.class);
    Iterator iter = mock(Iterator.class);
    when(iter.hasNext()).thenReturn(true, false);
    when(iter.next()).thenReturn(securityAssertion);
    when(collection.iterator()).thenReturn(iter);
    when(subject.getPrincipals()).thenReturn(collection);
    UPAuthenticationToken token = new UPAuthenticationToken(username, password, realm);
    when(securityManager.getSubject(argThat(new UsernamePasswordTokenMatcher(token)))).thenReturn(subject);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Iterator(java.util.Iterator) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject)

Example 87 with Subject

use of ddf.security.Subject in project ddf by codice.

the class AuthenticationEndpoint method login.

@POST
public Response login(@Context HttpServletRequest request, @FormParam("username") String username, @FormParam("password") String password, @FormParam("prevurl") String prevurl) throws SecurityServiceException {
    // Make sure we're using HTTPS
    if (!request.isSecure()) {
        throw new IllegalArgumentException("Authentication request must use TLS.");
    }
    HttpSession session = request.getSession(false);
    if (session != null) {
        session.invalidate();
    }
    // Get the realm from the previous url
    String realm = BaseAuthenticationToken.DEFAULT_REALM;
    ContextPolicy policy = contextPolicyManager.getContextPolicy(prevurl);
    if (policy != null) {
        realm = policy.getRealm();
    }
    // Create an authentication token
    UPAuthenticationToken authenticationToken = new UPAuthenticationToken(username, password, realm);
    // Authenticate
    Subject subject = securityManager.getSubject(authenticationToken);
    if (subject == null) {
        throw new SecurityServiceException("Authentication failed");
    }
    for (Object principal : subject.getPrincipals()) {
        if (principal instanceof SecurityAssertion) {
            SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
            if (securityToken == null) {
                LOGGER.debug("Cannot add null security token to session");
                continue;
            }
            // Create a session and add the security token
            session = sessionFactory.getOrCreateSession(request);
            SecurityTokenHolder holder = (SecurityTokenHolder) session.getAttribute(SecurityConstants.SAML_ASSERTION);
            holder.addSecurityToken(realm, securityToken);
        }
    }
    // Redirect to the previous url
    URI redirect = uriInfo.getBaseUriBuilder().replacePath(prevurl).build();
    return Response.seeOther(redirect).build();
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityServiceException(ddf.security.service.SecurityServiceException) SecurityTokenHolder(ddf.security.common.SecurityTokenHolder) HttpSession(javax.servlet.http.HttpSession) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken) SecurityAssertion(ddf.security.assertion.SecurityAssertion) URI(java.net.URI) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) Subject(ddf.security.Subject) POST(javax.ws.rs.POST)

Example 88 with Subject

use of ddf.security.Subject in project ddf by codice.

the class CatalogFrameworkImplTest method testFederatedQueryPermissions.

@Test
public void testFederatedQueryPermissions() throws Exception {
    MockEventProcessor eventAdmin = new MockEventProcessor();
    MockMemoryProvider provider = new MockMemoryProvider("Provider", "Provider", "v1.0", "DDF", new HashSet<>(), true, new Date());
    Map<String, CatalogStore> storeMap = new HashMap<>();
    Map<String, FederatedSource> sourceMap = new HashMap<>();
    Map<String, Set<String>> securityAttributes = new HashMap<>();
    securityAttributes.put("role", Collections.singleton("myRole"));
    MockCatalogStore store = new MockCatalogStore("catalogStoreId-1", true, securityAttributes);
    storeMap.put(store.getId(), store);
    sourceMap.put(store.getId(), store);
    CatalogFramework framework = createDummyCatalogFramework(provider, storeMap, sourceMap, eventAdmin);
    List<Metacard> metacards = new ArrayList<>();
    MetacardImpl newCard = new MetacardImpl();
    newCard.setId(null);
    newCard.setContentTypeName("someType");
    metacards.add(newCard);
    Map<String, Serializable> reqProps = new HashMap<>();
    HashSet<String> destinations = new HashSet<>();
    //==== test writing to store and not local ====
    destinations.add("catalogStoreId-1");
    framework.create(new CreateRequestImpl(metacards, reqProps, destinations));
    FilterBuilder builder = new GeotoolsFilterBuilder();
    Subject subject = mock(Subject.class);
    when(subject.isPermitted(any(KeyValueCollectionPermission.class))).thenReturn(true);
    HashMap<String, Serializable> properties = new HashMap<>();
    properties.put(SecurityConstants.SECURITY_SUBJECT, subject);
    QueryImpl query = new QueryImpl(builder.attribute(Metacard.CONTENT_TYPE).is().like().text("someType"));
    QueryRequestImpl request = new QueryRequestImpl(query, false, Collections.singletonList("catalogStoreId-1"), properties);
    QueryResponse response = framework.query(request);
    assertThat(response.getResults().size(), is(1));
}
Also used : Serializable(java.io.Serializable) Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Matchers.anyString(org.mockito.Matchers.anyString) CatalogStore(ddf.catalog.source.CatalogStore) QueryImpl(ddf.catalog.operation.impl.QueryImpl) GeotoolsFilterBuilder(ddf.catalog.filter.proxy.builder.GeotoolsFilterBuilder) FilterBuilder(ddf.catalog.filter.FilterBuilder) GeotoolsFilterBuilder(ddf.catalog.filter.proxy.builder.GeotoolsFilterBuilder) CatalogFramework(ddf.catalog.CatalogFramework) HashSet(java.util.HashSet) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) Date(java.util.Date) MetacardImpl(ddf.catalog.data.impl.MetacardImpl) Subject(ddf.security.Subject) FederatedSource(ddf.catalog.source.FederatedSource) Metacard(ddf.catalog.data.Metacard) QueryRequestImpl(ddf.catalog.operation.impl.QueryRequestImpl) QueryResponse(ddf.catalog.operation.QueryResponse) CreateRequestImpl(ddf.catalog.operation.impl.CreateRequestImpl) Test(org.junit.Test)

Example 89 with Subject

use of ddf.security.Subject in project ddf by codice.

the class TestRegistryStore method setup.

@Before
public void setup() throws Exception {
    parser = new XmlParser();
    marshaller = new MetacardMarshaller(new XmlParser());
    context = mock(BundleContext.class);
    provider = mock(Converter.class);
    cswSourceConfiguration = new CswSourceConfiguration();
    factory = mock(SecureCxfClientFactory.class);
    transformer = mock(TransformerManager.class);
    encryptionService = mock(EncryptionService.class);
    configAdmin = mock(ConfigurationAdmin.class);
    configuration = mock(Configuration.class);
    subject = mock(Subject.class);
    queryResults = new ArrayList<>();
    registryStore = spy(new RegistryStoreImpl(context, cswSourceConfiguration, provider, factory, encryptionService) {

        @Override
        protected void validateOperation() {
        }

        @Override
        public boolean isAvailable() {
            return availability;
        }

        @Override
        protected SourceResponse query(QueryRequest queryRequest, ElementSetType elementSetName, List<QName> elementNames, Csw csw) throws UnsupportedQueryException {
            if (queryResults == null) {
                throw new UnsupportedQueryException("Test - Bad Query");
            }
            return new SourceResponseImpl(queryRequest, queryResults);
        }

        @Override
        protected CapabilitiesType getCapabilities() {
            return mock(CapabilitiesType.class);
        }

        @Override
        public void configureCswSource() {
        }

        ;

        @Override
        protected Subject getSystemSubject() {
            return subject;
        }

        @Override
        BundleContext getBundleContext() {
            return context;
        }
    });
    registryStore.setFilterBuilder(filterBuilder);
    registryStore.setFilterAdapter(filterAdapter);
    registryStore.setConfigAdmin(configAdmin);
    registryStore.setMetacardMarshaller(new MetacardMarshaller(parser));
    registryStore.setSchemaTransformerManager(transformer);
    registryStore.setAutoPush(true);
    registryStore.setRegistryUrl("http://test.url:0101/example");
    properties = new Hashtable<>();
    properties.put(RegistryStoreImpl.ID, "registryId");
    registryStore.setMetacardMarshaller(marshaller);
    when(configAdmin.getConfiguration(any())).thenReturn(configuration);
    when(configuration.getProperties()).thenReturn(properties);
}
Also used : CswSourceConfiguration(org.codice.ddf.spatial.ogc.csw.catalog.common.CswSourceConfiguration) XmlParser(org.codice.ddf.parser.xml.XmlParser) TransformerManager(org.codice.ddf.spatial.ogc.csw.catalog.common.transformer.TransformerManager) Configuration(org.osgi.service.cm.Configuration) CswSourceConfiguration(org.codice.ddf.spatial.ogc.csw.catalog.common.CswSourceConfiguration) QueryRequest(ddf.catalog.operation.QueryRequest) SecureCxfClientFactory(org.codice.ddf.cxf.SecureCxfClientFactory) SourceResponseImpl(ddf.catalog.operation.impl.SourceResponseImpl) MetacardMarshaller(org.codice.ddf.registry.schemabindings.helper.MetacardMarshaller) Csw(org.codice.ddf.spatial.ogc.csw.catalog.common.Csw) UnsupportedQueryException(ddf.catalog.source.UnsupportedQueryException) Subject(ddf.security.Subject) EncryptionService(ddf.security.encryption.EncryptionService) ElementSetType(net.opengis.cat.csw.v_2_0_2.ElementSetType) Converter(com.thoughtworks.xstream.converters.Converter) List(java.util.List) ArrayList(java.util.ArrayList) ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin) BundleContext(org.osgi.framework.BundleContext) Before(org.junit.Before)

Example 90 with Subject

use of ddf.security.Subject in project ddf by codice.

the class ProfileInstallCommandTest method createSecurityMock.

private Security createSecurityMock() {
    Subject subject = mock(Subject.class);
    when(subject.execute(Matchers.<Callable<Object>>any())).thenAnswer(invocation -> {
        Callable<Object> callable = (Callable<Object>) invocation.getArguments()[0];
        return callable.call();
    });
    security = mock(Security.class);
    when(security.getSystemSubject()).thenReturn(subject);
    return security;
}
Also used : Security(org.codice.ddf.security.common.Security) Subject(ddf.security.Subject) Callable(java.util.concurrent.Callable)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8