use of ddf.security.Subject in project ddf by codice.
the class AuthorizationFilterTest method testNoSubject.
@Test
public void testNoSubject() {
FilterConfig filterConfig = mock(FilterConfig.class);
ContextPolicyManager contextPolicyManager = new TestPolicyManager();
contextPolicyManager.setContextPolicy(PATH, getMockContextPolicy());
AuthorizationFilter loginFilter = new AuthorizationFilter(contextPolicyManager);
try {
loginFilter.init(filterConfig);
} catch (ServletException e) {
fail(e.getMessage());
}
HttpServletRequest servletRequest = getMockServletRequest();
HttpServletResponse servletResponse = mock(HttpServletResponse.class);
FilterChain filterChain = (request, response) -> fail("Should not have called doFilter without a valid Subject");
try {
loginFilter.doFilter(servletRequest, servletResponse, filterChain);
} catch (IOException | ServletException e) {
fail(e.getMessage());
}
}
use of ddf.security.Subject in project ddf by codice.
the class AuthorizationFilterTest method testUnAuthorizedSubject.
@Test
public void testUnAuthorizedSubject() {
FilterConfig filterConfig = mock(FilterConfig.class);
ContextPolicyManager contextPolicyManager = new TestPolicyManager();
contextPolicyManager.setContextPolicy(PATH, getMockContextPolicy());
AuthorizationFilter loginFilter = new AuthorizationFilter(contextPolicyManager);
try {
loginFilter.init(filterConfig);
} catch (ServletException e) {
fail(e.getMessage());
}
Subject subject = mock(Subject.class);
when(subject.isPermitted(any(CollectionPermission.class))).thenReturn(false);
ThreadContext.bind(subject);
HttpServletRequest servletRequest = getMockServletRequest();
HttpServletResponse servletResponse = mock(HttpServletResponse.class);
FilterChain filterChain = (request, response) -> fail("Should not have called doFilter without a valid Subject");
try {
loginFilter.doFilter(servletRequest, servletResponse, filterChain);
} catch (IOException | ServletException e) {
fail(e.getMessage());
}
ThreadContext.unbindSubject();
}
use of ddf.security.Subject in project ddf by codice.
the class SecurityManagerImplTest method testAuthToken.
/**
* Creates mock objects and uses those to pass through the system when an authentication token
* is used.
*
* @throws SecurityServiceException
*/
@Test
public void testAuthToken() throws SecurityServiceException {
// mock setup
SimplePrincipalCollection principals = new SimplePrincipalCollection();
SecurityToken secToken = new SecurityToken();
principals.add(secToken, REALM_NAME);
AuthenticationToken authToken = mock(AuthenticationToken.class);
when(authToken.getCredentials()).thenReturn("testUser");
AuthenticationInfo info = mock(AuthenticationInfo.class);
when(info.getPrincipals()).thenReturn(principals);
// realm
Realm realm = mock(Realm.class);
when(realm.getAuthenticationInfo(authToken)).thenReturn(info);
when(realm.supports(authToken)).thenReturn(Boolean.TRUE);
when(realm.getName()).thenReturn(REALM_NAME);
SecurityManagerImpl manager = new SecurityManagerImpl();
manager.setRealms(Arrays.asList(new Realm[] { realm }));
Subject subject = manager.getSubject(authToken);
assertNotNull(subject);
}
use of ddf.security.Subject in project ddf by codice.
the class HistorianTest method setup.
@Before
public void setup() {
historian = new Historian();
uuidGenerator = mock(UuidGenerator.class);
when(uuidGenerator.generateUuid()).thenReturn(UUID.randomUUID().toString());
historian.setUuidGenerator(uuidGenerator);
catalogProvider = mock(CatalogProvider.class);
historian.setCatalogProviders(Collections.singletonList(catalogProvider));
storageProvider = new InMemoryStorageProvider();
historian.setStorageProviders(Collections.singletonList(storageProvider));
historian.setFilterBuilder(new GeotoolsFilterBuilder());
historian.setMetacardTypes(Collections.singletonList(BasicTypes.BASIC_METACARD));
Security security = mock(Security.class);
Subject subject = mock(MockSubject.class);
when(subject.execute(any(Callable.class))).thenCallRealMethod();
when(security.runAsAdmin(any(PrivilegedAction.class))).thenReturn(subject);
historian.setSecurity(security);
}
use of ddf.security.Subject in project ddf by codice.
the class OperationPlugin method checkOperation.
/**
* checkOperation will throw a StopProcessingException if the operation is not permitted
* based on the the subjects attributes and the operations property "operation.security"
*
* @param operation The operation to check
* @throws StopProcessingException
*/
private void checkOperation(Operation operation) throws StopProcessingException {
if (!operation.hasProperties() || !operation.containsPropertyName(PolicyPlugin.OPERATION_SECURITY)) {
return;
}
Object securityAssertion = operation.getPropertyValue(SecurityConstants.SECURITY_SUBJECT);
Subject subject;
if (securityAssertion instanceof Subject) {
subject = (Subject) securityAssertion;
} else {
throw new StopProcessingException("Unable to filter contents of current message, no user Subject available.");
}
Map<String, Set<String>> perms = (Map<String, Set<String>>) operation.getPropertyValue(PolicyPlugin.OPERATION_SECURITY);
KeyValueCollectionPermission securityPermission = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, perms);
if (!subject.isPermitted(securityPermission)) {
throw new StopProcessingException("User " + SubjectUtils.getName(subject, "UNKNOWN") + " does not have the required attributes " + perms);
}
}
Aggregations