use of ddf.security.Subject in project ddf by codice.
the class SecurityPluginTest method testNominalCaseCreateWithNonResourceMetacard.
@Test
public void testNominalCaseCreateWithNonResourceMetacard() throws Exception {
Subject mockSubject = setupMockSubject();
ThreadContext.bind(mockSubject);
MetacardImpl metacardWithTags = new MetacardImpl();
Set<String> setOfTags = new HashSet<String>();
setOfTags.add("workspace");
metacardWithTags.setTags(setOfTags);
CreateRequest request = new CreateRequestImpl(metacardWithTags);
SecurityPlugin plugin = new SecurityPlugin();
request = plugin.processPreCreate(request);
assertThat(request.getPropertyValue(SecurityConstants.SECURITY_SUBJECT), equalTo(mockSubject));
assertThat(request.getMetacards().size(), is(1));
assertThat(request.getMetacards().get(0).getAttribute(Metacard.POINT_OF_CONTACT), is(nullValue()));
}
use of ddf.security.Subject in project ddf by codice.
the class TestPepInterceptorActions method testMessageWithDefaultUrlAction.
@Test
public void testMessageWithDefaultUrlAction() throws SecurityServiceException {
PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithAction = mock(Message.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
PowerMockito.mockStatic(SecurityAssertionStore.class);
PowerMockito.mockStatic(SecurityLogger.class);
when(SecurityAssertionStore.getSecurityAssertion(messageWithAction)).thenReturn(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
QName op = new QName("http://catalog/query/", "Search", "ns1");
QName port = new QName("http://catalog/query/", "QueryPort", "ns1");
when(messageWithAction.get(MessageContext.WSDL_OPERATION)).thenReturn(op);
when(messageWithAction.get(MessageContext.WSDL_PORT)).thenReturn(port);
Exchange mockExchange = mock(Exchange.class);
BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
when(messageWithAction.getExchange()).thenReturn(mockExchange);
when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
doAnswer(new Answer<Boolean>() {
@Override
public Boolean answer(InvocationOnMock invocation) throws Throwable {
CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
assertEquals("http://catalog/query/QueryPort/SearchRequest", perm.getAction());
return true;
}
}).when(mockSubject).isPermitted(isA(CollectionPermission.class));
// This should work.
interceptor.handleMessage(messageWithAction);
PowerMockito.verifyStatic();
}
use of ddf.security.Subject in project ddf by codice.
the class TestPepInterceptorActions method testMessageWithOperationAction.
@Test
public void testMessageWithOperationAction() throws SecurityServiceException {
PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithAction = mock(Message.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
PowerMockito.mockStatic(SecurityAssertionStore.class);
PowerMockito.mockStatic(SecurityLogger.class);
when(SecurityAssertionStore.getSecurityAssertion(messageWithAction)).thenReturn(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
Exchange mockExchange = mock(Exchange.class);
BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
SoapOperationInfo mockSOI = mock(SoapOperationInfo.class);
when(messageWithAction.getExchange()).thenReturn(mockExchange);
when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(mockSOI);
when(mockSOI.getAction()).thenReturn("urn:catalog:query:query-port:search");
doAnswer(new Answer<Boolean>() {
@Override
public Boolean answer(InvocationOnMock invocation) throws Throwable {
CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
assertEquals("urn:catalog:query:query-port:search", perm.getAction());
return true;
}
}).when(mockSubject).isPermitted(isA(CollectionPermission.class));
// This should work.
interceptor.handleMessage(messageWithAction);
PowerMockito.verifyStatic();
}
use of ddf.security.Subject in project ddf by codice.
the class PEPAuthorizingInterceptor method handleMessage.
/**
* Intercepts a message. Interceptors should NOT invoke handleMessage or handleFault on the next
* interceptor - the interceptor chain will take care of this.
*
* @param message
*/
@Override
public void handleMessage(Message message) throws Fault {
if (message != null) {
// grab the SAML assertion associated with this Message from the
// token store
SecurityAssertion assertion = SecurityAssertionStore.getSecurityAssertion(message);
boolean isPermitted = false;
if ((assertion != null) && (assertion.getSecurityToken() != null)) {
Subject user = null;
CollectionPermission action = null;
String actionURI = getActionUri(message);
try {
user = securityManager.getSubject(assertion.getSecurityToken());
if (user == null) {
throw new AccessDeniedException("Unauthorized");
}
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(format(assertion.getSecurityToken().getToken()));
}
LOGGER.debug("Is user authenticated: {}", user.isAuthenticated());
LOGGER.debug("Checking for permission");
SecurityLogger.audit("Is Subject authenticated? " + user.isAuthenticated(), user);
if (StringUtils.isEmpty(actionURI)) {
SecurityLogger.audit("Denying access to Subject for unknown action.", user);
throw new AccessDeniedException("Unauthorized");
}
action = new KeyValueCollectionPermission(actionURI);
LOGGER.debug("Permission: {}", action);
isPermitted = user.isPermitted(action);
LOGGER.debug("Result of permission: {}", isPermitted);
SecurityLogger.audit("Is Subject permitted? " + isPermitted, user);
// store the subject so the DDF framework can use it later
ThreadContext.bind(user);
message.put(SecurityConstants.SAML_ASSERTION, user);
LOGGER.debug("Added assertion information to message at key {}", SecurityConstants.SAML_ASSERTION);
} catch (SecurityServiceException e) {
SecurityLogger.audit("Denying access : Caught exception when trying to authenticate user for service [" + actionURI + "]", e);
throw new AccessDeniedException("Unauthorized");
}
if (!isPermitted) {
SecurityLogger.audit("Denying access to Subject for service: " + action.getAction(), user);
throw new AccessDeniedException("Unauthorized");
}
} else {
SecurityLogger.audit("Unable to retrieve the security assertion associated with the web service call.");
throw new AccessDeniedException("Unauthorized");
}
} else {
SecurityLogger.audit("Unable to retrieve the current message associated with the web service call.");
throw new AccessDeniedException("Unauthorized");
}
}
Aggregations