Search in sources :

Example 1 with SecurityLogger

use of ddf.security.audit.SecurityLogger in project ddf by codice.

the class PepInterceptorInvalidSubjectTest method testMessageInvalidSecurityAssertionToken.

// CHECKSTYLE.ON: VisibilityModifier
@Test
public void testMessageInvalidSecurityAssertionToken() throws SecurityServiceException {
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> mockSecurityAssertion));
    interceptor.setSecurityLogger(mock(SecurityLogger.class));
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithInvalidSecurityAssertion = mock(Message.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("urn:catalog:query", "search", "ns1");
    QName port = new QName("urn:catalog:query", "query-port", "ns1");
    when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
    when(messageWithInvalidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithInvalidSecurityAssertion.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(false);
    expectedExForInvalidSubject.expect(AccessDeniedException.class);
    expectedExForInvalidSubject.expectMessage("Unauthorized");
    // This should throw
    interceptor.handleMessage(messageWithInvalidSecurityAssertion);
}
Also used : SecurityAssertion(ddf.security.assertion.SecurityAssertion) SecurityLogger(ddf.security.audit.SecurityLogger) Assert.assertNotNull(org.junit.Assert.assertNotNull) CollectionPermission(ddf.security.permission.CollectionPermission) Message(org.apache.cxf.message.Message) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) Subject(ddf.security.Subject) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException) Mockito.spy(org.mockito.Mockito.spy) Exchange(org.apache.cxf.message.Exchange) SecurityServiceException(ddf.security.service.SecurityServiceException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SoapOperationInfo(org.apache.cxf.binding.soap.model.SoapOperationInfo) Rule(org.junit.Rule) QName(javax.xml.namespace.QName) SecurityManager(ddf.security.service.SecurityManager) ExpectedException(org.junit.rules.ExpectedException) ArgumentMatchers.isA(org.mockito.ArgumentMatchers.isA) Mockito.mock(org.mockito.Mockito.mock) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) QName(javax.xml.namespace.QName) CollectionPermission(ddf.security.permission.CollectionPermission) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Example 2 with SecurityLogger

use of ddf.security.audit.SecurityLogger in project ddf by codice.

the class PepInterceptorNullAssertionTokenTest method testMessageNullSecurityAssertionToken.

@Test
public void testMessageNullSecurityAssertionToken() {
    Message messageWithNullSecurityAssertion = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    assertNotNull(mockSecurityAssertion);
    PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> mockSecurityAssertion));
    interceptor.setSecurityLogger(mock(SecurityLogger.class));
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getToken()).thenReturn(null);
    expectedExForNullMessage.expect(AccessDeniedException.class);
    expectedExForNullMessage.expectMessage("Unauthorized");
    interceptor.handleMessage(messageWithNullSecurityAssertion);
}
Also used : SecurityAssertion(ddf.security.assertion.SecurityAssertion) Rule(org.junit.Rule) SecurityLogger(ddf.security.audit.SecurityLogger) Assert.assertNotNull(org.junit.Assert.assertNotNull) Message(org.apache.cxf.message.Message) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException) Mockito.spy(org.mockito.Mockito.spy) ExpectedException(org.junit.rules.ExpectedException) Mockito.mock(org.mockito.Mockito.mock) Message(org.apache.cxf.message.Message) SecurityAssertion(ddf.security.assertion.SecurityAssertion) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Example 3 with SecurityLogger

use of ddf.security.audit.SecurityLogger in project ddf by codice.

the class SslLdapLoginModule method installSecurityLogger.

private void installSecurityLogger() {
    BundleContext bundleContext = getContext();
    if (bundleContext != null) {
        ServiceReference serviceReference = bundleContext.getServiceReference(SecurityLogger.class.getName());
        securityLogger = (SecurityLogger) bundleContext.getService(serviceReference);
        bundleContext.ungetService(serviceReference);
    }
}
Also used : BundleContext(org.osgi.framework.BundleContext) ServiceReference(org.osgi.framework.ServiceReference) SecurityLogger(ddf.security.audit.SecurityLogger)

Example 4 with SecurityLogger

use of ddf.security.audit.SecurityLogger in project ddf by codice.

the class PepInterceptorNullAssertionTest method testMessageNullSecurityAssertion.

@Test
public void testMessageNullSecurityAssertion() {
    PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> null));
    interceptor.setSecurityLogger(mock(SecurityLogger.class));
    Message messageWithNullSecurityAssertion = mock(Message.class);
    // SecurityLogger is already stubbed out
    expectedExForNullMessage.expect(AccessDeniedException.class);
    expectedExForNullMessage.expectMessage("Unauthorized");
    interceptor.handleMessage(messageWithNullSecurityAssertion);
}
Also used : Rule(org.junit.Rule) SecurityLogger(ddf.security.audit.SecurityLogger) Message(org.apache.cxf.message.Message) Test(org.junit.Test) AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException) Mockito.spy(org.mockito.Mockito.spy) ExpectedException(org.junit.rules.ExpectedException) Mockito.mock(org.mockito.Mockito.mock) Message(org.apache.cxf.message.Message) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Example 5 with SecurityLogger

use of ddf.security.audit.SecurityLogger in project ddf by codice.

the class PepInterceptorValidSubjectTest method testMessageValidSecurityAssertionToken.

@Test
public void testMessageValidSecurityAssertionToken() throws SecurityServiceException {
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    PEPAuthorizingInterceptor interceptor = spy(new PEPAuthorizingInterceptor(m -> mockSecurityAssertion));
    interceptor.setSecurityLogger(mock(SecurityLogger.class));
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithValidSecurityAssertion = mock(Message.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("urn:catalog:query", "search", "ns1");
    QName port = new QName("urn:catalog:query", "query-port", "ns1");
    when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.operation")).thenReturn(op);
    when(messageWithValidSecurityAssertion.get("javax.xml.ws.wsdl.port")).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithValidSecurityAssertion.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    when(mockSubject.isPermitted(isA(CollectionPermission.class))).thenReturn(true);
    // This should work.
    interceptor.handleMessage(messageWithValidSecurityAssertion);
}
Also used : SecurityAssertion(ddf.security.assertion.SecurityAssertion) SecurityLogger(ddf.security.audit.SecurityLogger) Assert.assertNotNull(org.junit.Assert.assertNotNull) CollectionPermission(ddf.security.permission.CollectionPermission) Message(org.apache.cxf.message.Message) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) Subject(ddf.security.Subject) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) Mockito.spy(org.mockito.Mockito.spy) Exchange(org.apache.cxf.message.Exchange) SecurityServiceException(ddf.security.service.SecurityServiceException) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SoapOperationInfo(org.apache.cxf.binding.soap.model.SoapOperationInfo) QName(javax.xml.namespace.QName) SecurityManager(ddf.security.service.SecurityManager) ArgumentMatchers.isA(org.mockito.ArgumentMatchers.isA) Mockito.mock(org.mockito.Mockito.mock) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) QName(javax.xml.namespace.QName) CollectionPermission(ddf.security.permission.CollectionPermission) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Aggregations

SecurityLogger (ddf.security.audit.SecurityLogger)5 Message (org.apache.cxf.message.Message)4 Test (org.junit.Test)4 Mockito.mock (org.mockito.Mockito.mock)4 Mockito.spy (org.mockito.Mockito.spy)4 SecurityAssertion (ddf.security.assertion.SecurityAssertion)3 AccessDeniedException (org.apache.cxf.interceptor.security.AccessDeniedException)3 Assert.assertNotNull (org.junit.Assert.assertNotNull)3 Rule (org.junit.Rule)3 ExpectedException (org.junit.rules.ExpectedException)3 Mockito.when (org.mockito.Mockito.when)3 Subject (ddf.security.Subject)2 CollectionPermission (ddf.security.permission.CollectionPermission)2 SecurityManager (ddf.security.service.SecurityManager)2 SecurityServiceException (ddf.security.service.SecurityServiceException)2 QName (javax.xml.namespace.QName)2 SoapOperationInfo (org.apache.cxf.binding.soap.model.SoapOperationInfo)2 Exchange (org.apache.cxf.message.Exchange)2 BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)2 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)2