Search in sources :

Example 36 with Subject

use of ddf.security.Subject in project ddf by codice.

the class AuthorizationFilterTest method testNoSubject.

@Test
public void testNoSubject() {
    FilterConfig filterConfig = mock(FilterConfig.class);
    ContextPolicyManager contextPolicyManager = new TestPolicyManager();
    contextPolicyManager.setContextPolicy(PATH, getMockContextPolicy());
    AuthorizationFilter loginFilter = new AuthorizationFilter(contextPolicyManager);
    try {
        loginFilter.init(filterConfig);
    } catch (ServletException e) {
        fail(e.getMessage());
    }
    HttpServletRequest servletRequest = getMockServletRequest();
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = (request, response) -> fail("Should not have called doFilter without a valid Subject");
    try {
        loginFilter.doFilter(servletRequest, servletResponse, filterChain);
    } catch (IOException | ServletException e) {
        fail(e.getMessage());
    }
}
Also used : ServletException(javax.servlet.ServletException) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) ServletException(javax.servlet.ServletException) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) CollectionPermission(ddf.security.permission.CollectionPermission) Collection(java.util.Collection) KeyValuePermission(ddf.security.permission.KeyValuePermission) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) HashMap(java.util.HashMap) Test(org.junit.Test) Subject(ddf.security.Subject) Mockito.when(org.mockito.Mockito.when) Matchers.anyString(org.mockito.Matchers.anyString) Matchers.any(org.mockito.Matchers.any) HttpServletRequest(javax.servlet.http.HttpServletRequest) ThreadContext(org.apache.shiro.util.ThreadContext) Map(java.util.Map) FilterConfig(javax.servlet.FilterConfig) SecurityConstants(ddf.security.SecurityConstants) Assert.fail(org.junit.Assert.fail) Collections(java.util.Collections) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) Mockito.mock(org.mockito.Mockito.mock) Before(org.junit.Before) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) IOException(java.io.IOException) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) Test(org.junit.Test)

Example 37 with Subject

use of ddf.security.Subject in project ddf by codice.

the class AuthorizationFilterTest method testUnAuthorizedSubject.

@Test
public void testUnAuthorizedSubject() {
    FilterConfig filterConfig = mock(FilterConfig.class);
    ContextPolicyManager contextPolicyManager = new TestPolicyManager();
    contextPolicyManager.setContextPolicy(PATH, getMockContextPolicy());
    AuthorizationFilter loginFilter = new AuthorizationFilter(contextPolicyManager);
    try {
        loginFilter.init(filterConfig);
    } catch (ServletException e) {
        fail(e.getMessage());
    }
    Subject subject = mock(Subject.class);
    when(subject.isPermitted(any(CollectionPermission.class))).thenReturn(false);
    ThreadContext.bind(subject);
    HttpServletRequest servletRequest = getMockServletRequest();
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = (request, response) -> fail("Should not have called doFilter without a valid Subject");
    try {
        loginFilter.doFilter(servletRequest, servletResponse, filterChain);
    } catch (IOException | ServletException e) {
        fail(e.getMessage());
    }
    ThreadContext.unbindSubject();
}
Also used : FilterChain(javax.servlet.FilterChain) ServletException(javax.servlet.ServletException) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) CollectionPermission(ddf.security.permission.CollectionPermission) Collection(java.util.Collection) KeyValuePermission(ddf.security.permission.KeyValuePermission) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) HashMap(java.util.HashMap) Test(org.junit.Test) Subject(ddf.security.Subject) Mockito.when(org.mockito.Mockito.when) Matchers.anyString(org.mockito.Matchers.anyString) Matchers.any(org.mockito.Matchers.any) HttpServletRequest(javax.servlet.http.HttpServletRequest) ThreadContext(org.apache.shiro.util.ThreadContext) Map(java.util.Map) FilterConfig(javax.servlet.FilterConfig) SecurityConstants(ddf.security.SecurityConstants) Assert.fail(org.junit.Assert.fail) Collections(java.util.Collections) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) Mockito.mock(org.mockito.Mockito.mock) Before(org.junit.Before) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) Subject(ddf.security.Subject) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) ServletException(javax.servlet.ServletException) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterConfig(javax.servlet.FilterConfig) CollectionPermission(ddf.security.permission.CollectionPermission) Test(org.junit.Test)

Example 38 with Subject

use of ddf.security.Subject in project ddf by codice.

the class SecurityManagerImplTest method testAuthToken.

/**
     * Creates mock objects and uses those to pass through the system when an authentication token
     * is used.
     *
     * @throws SecurityServiceException
     */
@Test
public void testAuthToken() throws SecurityServiceException {
    // mock setup
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    SecurityToken secToken = new SecurityToken();
    principals.add(secToken, REALM_NAME);
    AuthenticationToken authToken = mock(AuthenticationToken.class);
    when(authToken.getCredentials()).thenReturn("testUser");
    AuthenticationInfo info = mock(AuthenticationInfo.class);
    when(info.getPrincipals()).thenReturn(principals);
    // realm
    Realm realm = mock(Realm.class);
    when(realm.getAuthenticationInfo(authToken)).thenReturn(info);
    when(realm.supports(authToken)).thenReturn(Boolean.TRUE);
    when(realm.getName()).thenReturn(REALM_NAME);
    SecurityManagerImpl manager = new SecurityManagerImpl();
    manager.setRealms(Arrays.asList(new Realm[] { realm }));
    Subject subject = manager.getSubject(authToken);
    assertNotNull(subject);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) Realm(org.apache.shiro.realm.Realm) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) Subject(ddf.security.Subject) Test(org.junit.Test)

Example 39 with Subject

use of ddf.security.Subject in project ddf by codice.

the class HistorianTest method setup.

@Before
public void setup() {
    historian = new Historian();
    uuidGenerator = mock(UuidGenerator.class);
    when(uuidGenerator.generateUuid()).thenReturn(UUID.randomUUID().toString());
    historian.setUuidGenerator(uuidGenerator);
    catalogProvider = mock(CatalogProvider.class);
    historian.setCatalogProviders(Collections.singletonList(catalogProvider));
    storageProvider = new InMemoryStorageProvider();
    historian.setStorageProviders(Collections.singletonList(storageProvider));
    historian.setFilterBuilder(new GeotoolsFilterBuilder());
    historian.setMetacardTypes(Collections.singletonList(BasicTypes.BASIC_METACARD));
    Security security = mock(Security.class);
    Subject subject = mock(MockSubject.class);
    when(subject.execute(any(Callable.class))).thenCallRealMethod();
    when(security.runAsAdmin(any(PrivilegedAction.class))).thenReturn(subject);
    historian.setSecurity(security);
}
Also used : UuidGenerator(org.codice.ddf.platform.util.uuidgenerator.UuidGenerator) CatalogProvider(ddf.catalog.source.CatalogProvider) PrivilegedAction(java.security.PrivilegedAction) GeotoolsFilterBuilder(ddf.catalog.filter.proxy.builder.GeotoolsFilterBuilder) Security(org.codice.ddf.security.common.Security) Subject(ddf.security.Subject) Callable(java.util.concurrent.Callable) Before(org.junit.Before)

Example 40 with Subject

use of ddf.security.Subject in project ddf by codice.

the class OperationPlugin method checkOperation.

/**
     * checkOperation will throw a StopProcessingException if the operation is not permitted
     * based on the the subjects attributes and the operations property "operation.security"
     *
     * @param operation The operation to check
     * @throws StopProcessingException
     */
private void checkOperation(Operation operation) throws StopProcessingException {
    if (!operation.hasProperties() || !operation.containsPropertyName(PolicyPlugin.OPERATION_SECURITY)) {
        return;
    }
    Object securityAssertion = operation.getPropertyValue(SecurityConstants.SECURITY_SUBJECT);
    Subject subject;
    if (securityAssertion instanceof Subject) {
        subject = (Subject) securityAssertion;
    } else {
        throw new StopProcessingException("Unable to filter contents of current message, no user Subject available.");
    }
    Map<String, Set<String>> perms = (Map<String, Set<String>>) operation.getPropertyValue(PolicyPlugin.OPERATION_SECURITY);
    KeyValueCollectionPermission securityPermission = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, perms);
    if (!subject.isPermitted(securityPermission)) {
        throw new StopProcessingException("User " + SubjectUtils.getName(subject, "UNKNOWN") + " does not have the required attributes " + perms);
    }
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) Set(java.util.Set) StopProcessingException(ddf.catalog.plugin.StopProcessingException) Map(java.util.Map) Subject(ddf.security.Subject)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8