Example 1 with SecurityLogger
use of ddf.security.audit.SecurityLogger in project ddf by codice.
the class PepInterceptorInvalidSubjectTest method testMessageInvalidSecurityAssertionToken.
// CHECKSTYLE.ON: VisibilityModifier
@Test
public void testMessageInvalidSecurityAssertionToken() throws SecurityServiceException {
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> mockSecurityAssertion));
interceptor.setSecurityLogger(mock(SecurityLogger.class));
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithInvalidSecurityAssertion = mock(Message.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
QName op = new QName("urn:catalog:query", "search", "ns1");
QName port = new QName("urn:catalog:query", "query-port", "ns1");
when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
Exchange mockExchange = mock(Exchange.class);
BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
when(messageWithInvalidSecurityAssertion.getExchange()).thenReturn(mockExchange);
when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
expectedExForInvalidSubject.expect(AccessDeniedException.class);
expectedExForInvalidSubject.expectMessage("Unauthorized");
// This should throw
interceptor.handleMessage(messageWithInvalidSecurityAssertion);
}
Also used :
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
SecurityLogger(ddf.security.audit.SecurityLogger)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
CollectionPermission(ddf.security.permission.CollectionPermission)
Message(org.apache.cxf.message.Message)
BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo)
Subject(ddf.security.Subject)
Test(org.junit.Test)
Mockito.when(org.mockito.Mockito.when)
AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException)
Mockito.spy(org.mockito.Mockito.spy)
Exchange(org.apache.cxf.message.Exchange)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SoapOperationInfo(org.apache.cxf.binding.soap.model.SoapOperationInfo)
Rule(org.junit.Rule)
QName(javax.xml.namespace.QName)
SecurityManager(ddf.security.service.SecurityManager)
ExpectedException(org.junit.rules.ExpectedException)
ArgumentMatchers.isA(org.mockito.ArgumentMatchers.isA)
Mockito.mock(org.mockito.Mockito.mock)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Exchange(org.apache.cxf.message.Exchange)
BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo)
SecurityManager(ddf.security.service.SecurityManager)
Message(org.apache.cxf.message.Message)
QName(javax.xml.namespace.QName)
CollectionPermission(ddf.security.permission.CollectionPermission)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Subject(ddf.security.Subject)
SecurityLogger(ddf.security.audit.SecurityLogger)
Test(org.junit.Test)
Example 2 with SecurityLogger
use of ddf.security.audit.SecurityLogger in project ddf by codice.
the class PepInterceptorNullAssertionTokenTest method testMessageNullSecurityAssertionToken.
@Test
public void testMessageNullSecurityAssertionToken() {
Message messageWithNullSecurityAssertion = mock(Message.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
assertNotNull(mockSecurityAssertion);
PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> mockSecurityAssertion));
interceptor.setSecurityLogger(mock(SecurityLogger.class));
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getToken()).thenReturn(null);
expectedExForNullMessage.expect(AccessDeniedException.class);
expectedExForNullMessage.expectMessage("Unauthorized");
interceptor.handleMessage(messageWithNullSecurityAssertion);
}
Also used :
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Rule(org.junit.Rule)
SecurityLogger(ddf.security.audit.SecurityLogger)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
Message(org.apache.cxf.message.Message)
Test(org.junit.Test)
Mockito.when(org.mockito.Mockito.when)
AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException)
Mockito.spy(org.mockito.Mockito.spy)
ExpectedException(org.junit.rules.ExpectedException)
Mockito.mock(org.mockito.Mockito.mock)
Message(org.apache.cxf.message.Message)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
SecurityLogger(ddf.security.audit.SecurityLogger)
Test(org.junit.Test)
Example 3 with SecurityLogger
use of ddf.security.audit.SecurityLogger in project ddf by codice.
the class SslLdapLoginModule method installSecurityLogger.
private void installSecurityLogger() {
BundleContext bundleContext = getContext();
if (bundleContext != null) {
ServiceReference serviceReference = bundleContext.getServiceReference(SecurityLogger.class.getName());
securityLogger = (SecurityLogger) bundleContext.getService(serviceReference);
bundleContext.ungetService(serviceReference);
}
}
Also used :
BundleContext(org.osgi.framework.BundleContext)
ServiceReference(org.osgi.framework.ServiceReference)
SecurityLogger(ddf.security.audit.SecurityLogger)
Example 4 with SecurityLogger
use of ddf.security.audit.SecurityLogger in project ddf by codice.
the class PepInterceptorNullAssertionTest method testMessageNullSecurityAssertion.
@Test
public void testMessageNullSecurityAssertion() {
PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> null));
interceptor.setSecurityLogger(mock(SecurityLogger.class));
Message messageWithNullSecurityAssertion = mock(Message.class);
// SecurityLogger is already stubbed out
expectedExForNullMessage.expect(AccessDeniedException.class);
expectedExForNullMessage.expectMessage("Unauthorized");
interceptor.handleMessage(messageWithNullSecurityAssertion);
}
Also used :
Rule(org.junit.Rule)
SecurityLogger(ddf.security.audit.SecurityLogger)
Message(org.apache.cxf.message.Message)
Test(org.junit.Test)
AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException)
Mockito.spy(org.mockito.Mockito.spy)
ExpectedException(org.junit.rules.ExpectedException)
Mockito.mock(org.mockito.Mockito.mock)
Message(org.apache.cxf.message.Message)
SecurityLogger(ddf.security.audit.SecurityLogger)
Test(org.junit.Test)
Example 5 with SecurityLogger
use of ddf.security.audit.SecurityLogger in project ddf by codice.
the class PepInterceptorValidSubjectTest method testMessageValidSecurityAssertionToken.
@Test
public void testMessageValidSecurityAssertionToken() throws SecurityServiceException {
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> mockSecurityAssertion));
interceptor.setSecurityLogger(mock(SecurityLogger.class));
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithValidSecurityAssertion = mock(Message.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
QName op = new QName("urn:catalog:query", "search", "ns1");
QName port = new QName("urn:catalog:query", "query-port", "ns1");
when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
Exchange mockExchange = mock(Exchange.class);
BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
when(messageWithValidSecurityAssertion.getExchange()).thenReturn(mockExchange);
when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(true);
// This should work.
interceptor.handleMessage(messageWithValidSecurityAssertion);
}
Also used :
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
SecurityLogger(ddf.security.audit.SecurityLogger)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
CollectionPermission(ddf.security.permission.CollectionPermission)
Message(org.apache.cxf.message.Message)
BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo)
Subject(ddf.security.Subject)
Test(org.junit.Test)
Mockito.when(org.mockito.Mockito.when)
Mockito.spy(org.mockito.Mockito.spy)
Exchange(org.apache.cxf.message.Exchange)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SoapOperationInfo(org.apache.cxf.binding.soap.model.SoapOperationInfo)
QName(javax.xml.namespace.QName)
SecurityManager(ddf.security.service.SecurityManager)
ArgumentMatchers.isA(org.mockito.ArgumentMatchers.isA)
Mockito.mock(org.mockito.Mockito.mock)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Exchange(org.apache.cxf.message.Exchange)
BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo)
SecurityManager(ddf.security.service.SecurityManager)
Message(org.apache.cxf.message.Message)
QName(javax.xml.namespace.QName)
CollectionPermission(ddf.security.permission.CollectionPermission)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Subject(ddf.security.Subject)
SecurityLogger(ddf.security.audit.SecurityLogger)
Test(org.junit.Test)
Aggregations
SecurityLogger (ddf.security.audit.SecurityLogger)5
Message (org.apache.cxf.message.Message)4
Test (org.junit.Test)4
Mockito.mock (org.mockito.Mockito.mock)4
Mockito.spy (org.mockito.Mockito.spy)4
SecurityAssertion (ddf.security.assertion.SecurityAssertion)3
AccessDeniedException (org.apache.cxf.interceptor.security.AccessDeniedException)3
Assert.assertNotNull (org.junit.Assert.assertNotNull)3
Rule (org.junit.Rule)3
ExpectedException (org.junit.rules.ExpectedException)3
Mockito.when (org.mockito.Mockito.when)3
Subject (ddf.security.Subject)2
CollectionPermission (ddf.security.permission.CollectionPermission)2
SecurityManager (ddf.security.service.SecurityManager)2
SecurityServiceException (ddf.security.service.SecurityServiceException)2
QName (javax.xml.namespace.QName)2
SoapOperationInfo (org.apache.cxf.binding.soap.model.SoapOperationInfo)2
Exchange (org.apache.cxf.message.Exchange)2
BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)2
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)2
