Examples with SecurityAssertion ddf.security.assertion.SecurityAssertion used on opensource projects

Search in sources :

Example 16 with SecurityAssertion

use of ddf.security.assertion.SecurityAssertion in project ddf by codice.

the class TestPepInterceptorValidSubject method testMessageValidSecurityAssertionToken.

@Test
public void testMessageValidSecurityAssertionToken() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithValidSecurityAssertion = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithValidSecurityAssertion)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("urn:catalog:query", "search", "ns1");
    QName port = new QName("urn:catalog:query", "query-port", "ns1");
    when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
    when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithValidSecurityAssertion.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(true);
    // This should work.
    interceptor.handleMessage(messageWithValidSecurityAssertion);
    PowerMockito.verifyStatic();
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) QName(javax.xml.namespace.QName) CollectionPermission(ddf.security.permission.CollectionPermission) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 17 with SecurityAssertion

use of ddf.security.assertion.SecurityAssertion in project ddf by codice.

the class SubjectUtils method getAttribute.

/**
     * Get any attribute from a subject by key.
     *
     * @param subject
     * @param key
     * @return attribute values or an empty list if not found.
     */
public static List<String> getAttribute(@Nullable Subject subject, String key) {
    Validate.notNull(key);
    if (subject == null) {
        LOGGER.debug("Incoming subject was null, cannot look up {}.", key);
        return Collections.emptyList();
    }
    PrincipalCollection principals = subject.getPrincipals();
    if (principals == null) {
        LOGGER.debug("No principals located in the incoming subject, cannot look up {}.", key);
        return Collections.emptyList();
    }
    SecurityAssertion assertion = principals.oneByType(SecurityAssertion.class);
    if (assertion == null) {
        LOGGER.debug("Could not find Security Assertion, cannot look up {}.", key);
        return Collections.emptyList();
    }
    return assertion.getAttributeStatements().stream().flatMap(as -> as.getAttributes().stream()).filter(a -> a.getName().equals(key)).flatMap(a -> a.getAttributeValues().stream()).filter(o -> o instanceof XSString).map(o -> (XSString) o).map(XSString::getValue).collect(Collectors.toList());
}
Also used : Arrays(java.util.Arrays) X500Principal(javax.security.auth.x500.X500Principal) SortedSet(java.util.SortedSet) LoggerFactory(org.slf4j.LoggerFactory) BCStyle(org.bouncycastle.asn1.x500.style.BCStyle) TreeSet(java.util.TreeSet) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) X500Name(org.bouncycastle.asn1.x500.X500Name) Attribute(org.opensaml.saml.saml2.core.Attribute) Subject(org.apache.shiro.subject.Subject) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) StringTokenizer(java.util.StringTokenizer) Map(java.util.Map) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) XSString(org.opensaml.core.xml.schema.XSString) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) Nullable(javax.annotation.Nullable) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Logger(org.slf4j.Logger) RDN(org.bouncycastle.asn1.x500.RDN) Predicate(java.util.function.Predicate) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Collection(java.util.Collection) Collectors(java.util.stream.Collectors) GuestPrincipal(ddf.security.principal.GuestPrincipal) List(java.util.List) Principal(java.security.Principal) Collections(java.util.Collections) Validate(org.apache.commons.lang.Validate) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) XSString(org.opensaml.core.xml.schema.XSString) SecurityAssertion(ddf.security.assertion.SecurityAssertion)

Example 18 with SecurityAssertion

use of ddf.security.assertion.SecurityAssertion in project ddf by codice.

the class TestPepInterceptorActions method testMessageWithNoAction.

@Test(expected = AccessDeniedException.class)
public void testMessageWithNoAction() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithoutAction = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithoutAction)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithoutAction.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
    // This should throw an exception.
    interceptor.handleMessage(messageWithoutAction);
    PowerMockito.verifyStatic();
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) CollectionPermission(ddf.security.permission.CollectionPermission) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 19 with SecurityAssertion

use of ddf.security.assertion.SecurityAssertion in project ddf by codice.

the class TestPepInterceptorInvalidSubject method testMessageInvalidSecurityAssertionToken.

// CHECKSTYLE.ON: VisibilityModifier
@Test
public void testMessageInvalidSecurityAssertionToken() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithInvalidSecurityAssertion = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithInvalidSecurityAssertion)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("urn:catalog:query", "search", "ns1");
    QName port = new QName("urn:catalog:query", "query-port", "ns1");
    when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
    when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithInvalidSecurityAssertion.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
    expectedExForInvalidSubject.expect(AccessDeniedException.class);
    expectedExForInvalidSubject.expectMessage("Unauthorized");
    // This should throw
    interceptor.handleMessage(messageWithInvalidSecurityAssertion);
    PowerMockito.verifyStatic();
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) QName(javax.xml.namespace.QName) CollectionPermission(ddf.security.permission.CollectionPermission) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 20 with SecurityAssertion

use of ddf.security.assertion.SecurityAssertion in project ddf by codice.

the class AbstractAuthorizingRealm method doGetAuthorizationInfo.

/**
     * Takes the security attributes about the subject of the incoming security token and builds
     * sets of permissions and roles for use in further checking.
     *
     * @param principalCollection holds the security assertions for the primary principal of this request
     * @return a new collection of permissions and roles corresponding to the security assertions
     * @throws AuthorizationException if there are no security assertions associated with this principal collection or
     *                                if the token cannot be processed successfully.
     */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    LOGGER.debug("Retrieving authorization info for {}", principalCollection.getPrimaryPrincipal());
    SecurityAssertion assertion = principalCollection.oneByType(SecurityAssertion.class);
    if (assertion == null) {
        String msg = "No assertion found, cannot retrieve authorization info.";
        throw new AuthorizationException(msg);
    }
    List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
    Set<Permission> permissions = new HashSet<>();
    Set<String> roles = new HashSet<>();
    Map<String, Set<String>> permissionsMap = new HashMap<>();
    Collection<Expansion> expansionServices = getUserExpansionServices();
    for (AttributeStatement curStatement : attributeStatements) {
        addAttributesToMap(curStatement.getAttributes(), permissionsMap, expansionServices);
    }
    for (Map.Entry<String, Set<String>> entry : permissionsMap.entrySet()) {
        permissions.add(new KeyValuePermission(entry.getKey(), entry.getValue()));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Adding permission: {} : {}", entry.getKey(), StringUtils.join(entry.getValue(), ","));
        }
    }
    if (permissionsMap.containsKey(SAML_ROLE)) {
        roles.addAll(permissionsMap.get(SAML_ROLE));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Adding roles to authorization info: {}", StringUtils.join(roles, ","));
        }
    }
    info.setObjectPermissions(permissions);
    info.setRoles(roles);
    return info;
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) HashSet(java.util.HashSet) Set(java.util.Set) AuthorizationException(org.apache.shiro.authz.AuthorizationException) HashMap(java.util.HashMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) XSString(org.opensaml.core.xml.schema.XSString) SecurityAssertion(ddf.security.assertion.SecurityAssertion) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) Expansion(ddf.security.expansion.Expansion) HashMap(java.util.HashMap) Map(java.util.Map) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) KeyValuePermission(ddf.security.permission.KeyValuePermission) HashSet(java.util.HashSet)

Aggregations

SecurityAssertion (ddf.security.assertion.SecurityAssertion)35 Subject (ddf.security.Subject)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 Test (org.junit.Test)14 SecurityManager (ddf.security.service.SecurityManager)11 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)11 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)9 CollectionPermission (ddf.security.permission.CollectionPermission)8 Message (org.apache.cxf.message.Message)8 SecurityServiceException (ddf.security.service.SecurityServiceException)6 Exchange (org.apache.cxf.message.Exchange)6 BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)6 Element (org.w3c.dom.Element)6 SecurityAssertionImpl (ddf.security.assertion.impl.SecurityAssertionImpl)5 Principal (java.security.Principal)5 HttpSession (javax.servlet.http.HttpSession)5 SecurityTokenHolder (ddf.security.common.SecurityTokenHolder)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 QName (javax.xml.namespace.QName)4 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial