Examples with Subject ddf.security.Subject used on opensource projects

Search in sources :

Example 41 with Subject

use of ddf.security.Subject in project ddf by codice.

the class GuestInterceptor method createSecurityToken.

private SecurityToken createSecurityToken(String ipAddress) {
    SecurityToken securityToken = null;
    Subject subject = getSubject(ipAddress);
    LOGGER.trace("Attempting to create Security token.");
    if (subject != null) {
        PrincipalCollection principals = subject.getPrincipals();
        if (principals != null) {
            SecurityAssertion securityAssertion = principals.oneByType(SecurityAssertion.class);
            if (securityAssertion != null) {
                securityToken = securityAssertion.getSecurityToken();
            } else {
                LOGGER.info("Subject did not contain a security assertion, could not add assertion to the security header.");
            }
        } else {
            LOGGER.info("Subject did not contain any principals, could not create security token.");
        }
    }
    return securityToken;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject)

Example 42 with Subject

use of ddf.security.Subject in project ddf by codice.

the class TestPepInterceptorActions method testMessageWithMessageAction.

@Test
public void testMessageWithMessageAction() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithAction = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithAction)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    MessageInfo mockMessageInfo = mock(MessageInfo.class);
    when(messageWithAction.get(MessageInfo.class.getName())).thenReturn(mockMessageInfo);
    when(mockMessageInfo.getExtensionAttribute(new QName(Names.WSA_NAMESPACE_WSDL_METADATA, Names.WSAW_ACTION_NAME))).thenReturn("urn:catalog:query:query-port:search");
    doAnswer(new Answer<Boolean>() {

        @Override
        public Boolean answer(InvocationOnMock invocation) throws Throwable {
            CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
            assertEquals("urn:catalog:query:query-port:search", perm.getAction());
            return true;
        }
    }).when(mockSubject).isPermitted(isA(CollectionPermission.class));
    // This should work.
    interceptor.handleMessage(messageWithAction);
    PowerMockito.verifyStatic();
}
Also used : SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) QName(javax.xml.namespace.QName) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) MessageInfo(org.apache.cxf.service.model.MessageInfo) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) InvocationOnMock(org.mockito.invocation.InvocationOnMock) CollectionPermission(ddf.security.permission.CollectionPermission) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 43 with Subject

use of ddf.security.Subject in project ddf by codice.

the class TestPepInterceptorActions method testMessageWithDefaultUriAction.

@Test
public void testMessageWithDefaultUriAction() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithAction = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithAction)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("urn:catalog:query", "search", "ns1");
    QName port = new QName("urn:catalog:query", "query-port", "ns1");
    when(messageWithAction.get(MessageContext.WSDL_OPERATION)).thenReturn(op);
    when(messageWithAction.get(MessageContext.WSDL_PORT)).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithAction.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    doAnswer(new Answer<Boolean>() {

        @Override
        public Boolean answer(InvocationOnMock invocation) throws Throwable {
            CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
            assertEquals("urn:catalog:query:query-port:searchRequest", perm.getAction());
            return true;
        }
    }).when(mockSubject).isPermitted(isA(CollectionPermission.class));
    // This should work.
    interceptor.handleMessage(messageWithAction);
    PowerMockito.verifyStatic();
}
Also used : BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) QName(javax.xml.namespace.QName) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) InvocationOnMock(org.mockito.invocation.InvocationOnMock) CollectionPermission(ddf.security.permission.CollectionPermission) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 44 with Subject

use of ddf.security.Subject in project ddf by codice.

the class TestPepInterceptorValidSubject method testMessageValidSecurityAssertionToken.

@Test
public void testMessageValidSecurityAssertionToken() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithValidSecurityAssertion = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithValidSecurityAssertion)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("urn:catalog:query", "search", "ns1");
    QName port = new QName("urn:catalog:query", "query-port", "ns1");
    when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
    when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithValidSecurityAssertion.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(true);
    // This should work.
    interceptor.handleMessage(messageWithValidSecurityAssertion);
    PowerMockito.verifyStatic();
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) QName(javax.xml.namespace.QName) CollectionPermission(ddf.security.permission.CollectionPermission) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 45 with Subject

use of ddf.security.Subject in project ddf by codice.

the class TestPepInterceptorActions method testMessageWithNoAction.

@Test(expected = AccessDeniedException.class)
public void testMessageWithNoAction() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithoutAction = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithoutAction)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithoutAction.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
    // This should throw an exception.
    interceptor.handleMessage(messageWithoutAction);
    PowerMockito.verifyStatic();
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) CollectionPermission(ddf.security.permission.CollectionPermission) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial