use of ddf.security.Subject in project ddf by codice.
the class GuestInterceptor method createSecurityToken.
private SecurityToken createSecurityToken(String ipAddress) {
SecurityToken securityToken = null;
Subject subject = getSubject(ipAddress);
LOGGER.trace("Attempting to create Security token.");
if (subject != null) {
PrincipalCollection principals = subject.getPrincipals();
if (principals != null) {
SecurityAssertion securityAssertion = principals.oneByType(SecurityAssertion.class);
if (securityAssertion != null) {
securityToken = securityAssertion.getSecurityToken();
} else {
LOGGER.info("Subject did not contain a security assertion, could not add assertion to the security header.");
}
} else {
LOGGER.info("Subject did not contain any principals, could not create security token.");
}
}
return securityToken;
}
use of ddf.security.Subject in project ddf by codice.
the class TestPepInterceptorActions method testMessageWithMessageAction.
@Test
public void testMessageWithMessageAction() throws SecurityServiceException {
PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithAction = mock(Message.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
PowerMockito.mockStatic(SecurityAssertionStore.class);
PowerMockito.mockStatic(SecurityLogger.class);
when(SecurityAssertionStore.getSecurityAssertion(messageWithAction)).thenReturn(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
MessageInfo mockMessageInfo = mock(MessageInfo.class);
when(messageWithAction.get(MessageInfo.class.getName())).thenReturn(mockMessageInfo);
when(mockMessageInfo.getExtensionAttribute(new QName(Names.WSA_NAMESPACE_WSDL_METADATA, Names.WSAW_ACTION_NAME))).thenReturn("urn:catalog:query:query-port:search");
doAnswer(new Answer<Boolean>() {
@Override
public Boolean answer(InvocationOnMock invocation) throws Throwable {
CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
assertEquals("urn:catalog:query:query-port:search", perm.getAction());
return true;
}
}).when(mockSubject).isPermitted(isA(CollectionPermission.class));
// This should work.
interceptor.handleMessage(messageWithAction);
PowerMockito.verifyStatic();
}
use of ddf.security.Subject in project ddf by codice.
the class TestPepInterceptorActions method testMessageWithDefaultUriAction.
@Test
public void testMessageWithDefaultUriAction() throws SecurityServiceException {
PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithAction = mock(Message.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
PowerMockito.mockStatic(SecurityAssertionStore.class);
PowerMockito.mockStatic(SecurityLogger.class);
when(SecurityAssertionStore.getSecurityAssertion(messageWithAction)).thenReturn(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
QName op = new QName("urn:catalog:query", "search", "ns1");
QName port = new QName("urn:catalog:query", "query-port", "ns1");
when(messageWithAction.get(MessageContext.WSDL_OPERATION)).thenReturn(op);
when(messageWithAction.get(MessageContext.WSDL_PORT)).thenReturn(port);
Exchange mockExchange = mock(Exchange.class);
BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
when(messageWithAction.getExchange()).thenReturn(mockExchange);
when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
doAnswer(new Answer<Boolean>() {
@Override
public Boolean answer(InvocationOnMock invocation) throws Throwable {
CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
assertEquals("urn:catalog:query:query-port:searchRequest", perm.getAction());
return true;
}
}).when(mockSubject).isPermitted(isA(CollectionPermission.class));
// This should work.
interceptor.handleMessage(messageWithAction);
PowerMockito.verifyStatic();
}
use of ddf.security.Subject in project ddf by codice.
the class TestPepInterceptorValidSubject method testMessageValidSecurityAssertionToken.
@Test
public void testMessageValidSecurityAssertionToken() throws SecurityServiceException {
PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithValidSecurityAssertion = mock(Message.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
PowerMockito.mockStatic(SecurityAssertionStore.class);
PowerMockito.mockStatic(SecurityLogger.class);
when(SecurityAssertionStore.getSecurityAssertion(messageWithValidSecurityAssertion)).thenReturn(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
QName op = new QName("urn:catalog:query", "search", "ns1");
QName port = new QName("urn:catalog:query", "query-port", "ns1");
when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
Exchange mockExchange = mock(Exchange.class);
BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
when(messageWithValidSecurityAssertion.getExchange()).thenReturn(mockExchange);
when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(true);
// This should work.
interceptor.handleMessage(messageWithValidSecurityAssertion);
PowerMockito.verifyStatic();
}
use of ddf.security.Subject in project ddf by codice.
the class TestPepInterceptorActions method testMessageWithNoAction.
@Test(expected = AccessDeniedException.class)
public void testMessageWithNoAction() throws SecurityServiceException {
PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithoutAction = mock(Message.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
PowerMockito.mockStatic(SecurityAssertionStore.class);
PowerMockito.mockStatic(SecurityLogger.class);
when(SecurityAssertionStore.getSecurityAssertion(messageWithoutAction)).thenReturn(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
Exchange mockExchange = mock(Exchange.class);
BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
when(messageWithoutAction.getExchange()).thenReturn(mockExchange);
when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
// This should throw an exception.
interceptor.handleMessage(messageWithoutAction);
PowerMockito.verifyStatic();
}
Aggregations