Example 6 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class SecurityPluginTest method setupMockSubject.
private Subject setupMockSubject() {
List<String> listOfAttributeValues = Arrays.asList(TEST_USER);
Attribute mockAttribute = mock(Attribute.class);
when(mockAttribute.getName()).thenReturn(SubjectOperations.EMAIL_ADDRESS_CLAIM_URI);
when(mockAttribute.getValues()).thenReturn(listOfAttributeValues);
List<Attribute> listOfAttributes = Arrays.asList(mockAttribute);
AttributeStatement mockAttributeStatement = mock(AttributeStatement.class);
when(mockAttributeStatement.getAttributes()).thenReturn(listOfAttributes);
List<AttributeStatement> listOfAttributeStatements = Arrays.asList(mockAttributeStatement);
Subject mockSubject = mock(Subject.class);
PrincipalCollection mockPrincipals = mock(PrincipalCollection.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
when(mockSecurityAssertion.getAttributeStatements()).thenReturn(listOfAttributeStatements);
when(mockPrincipals.byType(SecurityAssertion.class)).thenReturn(Collections.singletonList(mockSecurityAssertion));
when(mockSubject.getPrincipals()).thenReturn(mockPrincipals);
return mockSubject;
}
Also used :
Attribute(ddf.security.assertion.Attribute)
AttributeStatement(ddf.security.assertion.AttributeStatement)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Subject(ddf.security.Subject)
Example 7 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class SubjectUtils method getAttribute.
/**
* Get any attribute from a subject by key.
*
* @param subject
* @param key
* @return attribute values or an empty list if not found.
*/
@Override
public List<String> getAttribute(@Nullable Subject subject, String key) {
Validate.notNull(key);
if (subject == null) {
LOGGER.debug("Incoming subject was null, cannot look up {}.", key);
return Collections.emptyList();
}
PrincipalCollection principals = subject.getPrincipals();
if (principals == null) {
LOGGER.debug("No principals located in the incoming subject, cannot look up {}.", key);
return Collections.emptyList();
}
Collection<SecurityAssertion> assertions = principals.byType(SecurityAssertion.class);
if (assertions.isEmpty()) {
LOGGER.debug("Could not find Security Assertion, cannot look up {}.", key);
return Collections.emptyList();
}
List<SecurityAssertion> assertionList = new ArrayList<>(assertions);
assertionList.sort(new SecurityAssertionComparator());
return assertionList.stream().map(SecurityAssertion::getAttributeStatements).flatMap(List::stream).flatMap(as -> as.getAttributes().stream()).filter(a -> a.getName().equals(key)).flatMap(a -> a.getValues().stream()).collect(Collectors.toList());
}
Also used :
Arrays(java.util.Arrays)
StringUtils(org.apache.commons.lang.StringUtils)
X500Principal(javax.security.auth.x500.X500Principal)
SortedSet(java.util.SortedSet)
LoggerFactory(org.slf4j.LoggerFactory)
AttributeStatement(ddf.security.assertion.AttributeStatement)
BCStyle(org.bouncycastle.asn1.x500.style.BCStyle)
SubjectOperations(ddf.security.SubjectOperations)
TreeSet(java.util.TreeSet)
ArrayList(java.util.ArrayList)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
X500Name(org.bouncycastle.asn1.x500.X500Name)
Subject(org.apache.shiro.subject.Subject)
StringTokenizer(java.util.StringTokenizer)
Map(java.util.Map)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Nullable(javax.annotation.Nullable)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Logger(org.slf4j.Logger)
Attribute(ddf.security.assertion.Attribute)
RDN(org.bouncycastle.asn1.x500.RDN)
Predicate(java.util.function.Predicate)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Collection(java.util.Collection)
Collectors(java.util.stream.Collectors)
Objects(java.util.Objects)
List(java.util.List)
Principal(java.security.Principal)
GuestPrincipal(ddf.security.principal.impl.GuestPrincipal)
Comparator(java.util.Comparator)
Collections(java.util.Collections)
Validate(org.apache.commons.lang.Validate)
ArrayList(java.util.ArrayList)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
ArrayList(java.util.ArrayList)
List(java.util.List)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Example 8 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class SubjectIdentityTest method getAttribute.
private Attribute getAttribute(Map.Entry<String, List<String>> attribute) {
Attribute attr = mock(Attribute.class);
doReturn(attribute.getKey()).when(attr).getName();
doReturn(attribute.getValue()).when(attr).getValues();
return attr;
}
Also used :
Attribute(ddf.security.assertion.Attribute)
Example 9 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class SubjectUtilsTest method getAttribute.
private Attribute getAttribute(Map.Entry<String, List<String>> attribute) {
Attribute mockAttribute = mock(Attribute.class);
doReturn(attribute.getKey()).when(mockAttribute).getName();
doReturn(attribute.getValue()).when(mockAttribute).getValues();
return mockAttribute;
}
Also used :
Attribute(ddf.security.assertion.Attribute)
Example 10 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class GuestRealmTest method testDoGetAuthenticationInfo.
@Test
public void testDoGetAuthenticationInfo() {
BaseAuthenticationToken baseAuthenticationToken = new MockBaseAuthenticationToken("principal", "credentials", "0.0.0.0");
baseAuthenticationToken.setAllowGuest(true);
AuthenticationInfo authenticationInfo = guestRealm.doGetAuthenticationInfo(baseAuthenticationToken);
assertEquals(baseAuthenticationToken.getCredentials(), authenticationInfo.getCredentials());
PrincipalCollection principals = authenticationInfo.getPrincipals();
assertEquals(2, principals.asList().size());
Iterator iterator = principals.iterator();
assertEquals("Guest@0.0.0.0", iterator.next());
Object next = iterator.next();
assertTrue(next instanceof SecurityAssertion);
SecurityAssertion securityAssertion = (SecurityAssertion) next;
assertEquals(2, securityAssertion.getAttributeStatements().get(0).getAttributes().size());
boolean claim1 = false;
boolean claim2 = false;
boolean claim3 = false;
boolean claim4 = false;
for (Attribute attribute : securityAssertion.getAttributeStatements().get(0).getAttributes()) {
if (attribute.getName().equals("claim1")) {
claim1 = true;
assertEquals("value1", attribute.getValues().get(0));
}
if (attribute.getName().equals("claim2")) {
claim2 = true;
assertTrue(attribute.getValues().stream().anyMatch(v -> v.equals("value2")));
assertTrue(attribute.getValues().stream().anyMatch(v -> v.equals("value3")));
}
if (attribute.getName().equals(":")) {
claim3 = true;
}
if (attribute.getName().equals("bad")) {
claim4 = true;
}
}
assertTrue(claim1);
assertTrue(claim2);
assertFalse(claim3);
assertFalse(claim4);
AuthenticationInfo newAuthenticationInfo = guestRealm.doGetAuthenticationInfo(baseAuthenticationToken);
assertNotSame(authenticationInfo, newAuthenticationInfo);
}
Also used :
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
Arrays(java.util.Arrays)
Attribute(ddf.security.assertion.Attribute)
Iterator(java.util.Iterator)
BeforeClass(org.junit.BeforeClass)
SecurityLogger(ddf.security.audit.SecurityLogger)
Assert.assertNotSame(org.junit.Assert.assertNotSame)
Assert.assertTrue(org.junit.Assert.assertTrue)
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
Test(org.junit.Test)
Assert.assertFalse(org.junit.Assert.assertFalse)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken)
Assert.assertEquals(org.junit.Assert.assertEquals)
Mockito.mock(org.mockito.Mockito.mock)
Attribute(ddf.security.assertion.Attribute)
BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken)
Iterator(java.util.Iterator)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
Test(org.junit.Test)
Aggregations
Attribute (ddf.security.assertion.Attribute)15
AttributeStatement (ddf.security.assertion.AttributeStatement)10
SecurityAssertion (ddf.security.assertion.SecurityAssertion)7
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)5
Principal (java.security.Principal)3
X500Principal (javax.security.auth.x500.X500Principal)3
AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)3
BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)3
Test (org.junit.Test)3
Subject (ddf.security.Subject)2
AuthenticationStatement (ddf.security.assertion.AuthenticationStatement)2
AttributeDefault (ddf.security.assertion.impl.AttributeDefault)2
Claim (ddf.security.claims.Claim)2
GuestPrincipal (ddf.security.principal.impl.GuestPrincipal)2
Arrays (java.util.Arrays)2
HashSet (java.util.HashSet)2
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2
RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)2
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)2
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2
