Example 1 with Claim
use of ddf.security.claims.Claim in project ddf by codice.
the class RoleClaimsHandlerTest method testRetrieveClaimsValuesIgnoredReferences.
@Test
public void testRetrieveClaimsValuesIgnoredReferences() throws LdapException, SearchResultReferenceIOException {
BindResult bindResult = mock(BindResult.class);
ClaimsParameters claimsParameters;
Connection connection = mock(Connection.class);
ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
ClaimsCollection processedClaims;
RoleClaimsHandler claimsHandler;
SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
DN resultDN = DN.valueOf("uid=tstark,");
SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
String groupName = "avengers";
when(bindResult.isSuccess()).thenReturn(true);
membershipAttribute.add("tstark");
when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
// simulate two items in the list (a reference and an entry)
when(membershipReader.hasNext()).thenReturn(true, true, false);
// test a reference followed by entries thereafter
when(membershipReader.isEntry()).thenReturn(false, true);
when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
when(membershipSearchResult.getName()).thenReturn(resultDN);
groupNameAttribute.add(groupName);
when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
when(groupNameReader.hasNext()).thenReturn(true, true, false);
when(groupNameReader.isEntry()).thenReturn(false, true);
when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
when(connection.bind(any())).thenReturn(bindResult);
when(connection.search(any(), any(), eq("(&(objectClass=groupOfNames)(|(member=uid=tstark,)(member=uid=tstark,)))"), any())).thenReturn(groupNameReader);
when(connection.search(anyString(), any(), anyString(), matches("uid"))).thenReturn(membershipReader);
claimsHandler = new RoleClaimsHandler(new AttributeMapLoader(new SubjectUtils()));
ConnectionFactory mockConnectionFactory = mock(ConnectionFactory.class);
when(mockConnectionFactory.getConnection()).thenReturn(connection);
claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
claimsHandler.setBindMethod("Simple");
claimsHandler.setBindUserCredentials("foo");
claimsHandler.setBindUserDN("bar");
claimsParameters = new ClaimsParametersImpl(new UserPrincipal(USER_CN), new HashSet<>(), new HashMap<>());
processedClaims = claimsHandler.retrieveClaims(claimsParameters);
assertThat(processedClaims, hasSize(1));
Claim claim = processedClaims.get(0);
assertThat(claim.getValues(), hasSize(1));
assertThat(claim.getValues().get(0), equalTo(groupName));
}
Also used :
SubjectUtils(ddf.security.service.impl.SubjectUtils)
HashMap(java.util.HashMap)
Connection(org.forgerock.opendj.ldap.Connection)
DN(org.forgerock.opendj.ldap.DN)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
ClaimsParameters(ddf.security.claims.ClaimsParameters)
LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory)
ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
ClaimsCollection(ddf.security.claims.ClaimsCollection)
Claim(ddf.security.claims.Claim)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 2 with Claim
use of ddf.security.claims.Claim in project ddf by codice.
the class LdapClaimsHandlerTest method testRetrieveClaimsValues.
@Test
public void testRetrieveClaimsValues() throws URISyntaxException, LdapException {
when(mockBindResult.isSuccess()).thenReturn(true);
ClaimsCollection processedClaims = claimsHandler.retrieveClaims(claimsParameters);
assertThat(processedClaims, hasSize(1));
Claim claim = processedClaims.get(0);
assertThat(claim.getValues(), contains(DUMMY_VALUE));
verify(mockConnection).search(eq(USER_BASE_DN), any(), eq("(&(objectclass=person)(uid=cn=Tony Stark,ou=avengers,dc=marvel,dc=com))"), eq(ATTRIBUTE_NAME));
}
Also used :
ClaimsCollection(ddf.security.claims.ClaimsCollection)
Claim(ddf.security.claims.Claim)
Test(org.junit.Test)
Example 3 with Claim
use of ddf.security.claims.Claim in project ddf by codice.
the class PKIRealm method mergeClaimsToAttributes.
private void mergeClaimsToAttributes(AttributeStatement attributeStatement, ClaimsCollection claims) {
for (Claim claim : claims) {
Attribute newAttr = new AttributeDefault();
newAttr.setName(claim.getName());
newAttr.setValues(claim.getValues());
boolean found = false;
for (Attribute attribute : attributeStatement.getAttributes()) {
if (attribute.getName().equals(newAttr.getName())) {
found = true;
for (String value : newAttr.getValues()) {
attribute.addValue(value);
}
}
}
if (!found) {
attributeStatement.addAttribute(newAttr);
}
}
}
Also used :
Attribute(ddf.security.assertion.Attribute)
AttributeDefault(ddf.security.assertion.impl.AttributeDefault)
Claim(ddf.security.claims.Claim)
Example 4 with Claim
use of ddf.security.claims.Claim in project ddf by codice.
the class UsernamePasswordRealm method mergeClaimsToAttributes.
private void mergeClaimsToAttributes(AttributeStatement attributeStatement, ClaimsCollection claims) {
for (Claim claim : claims) {
Attribute newAttr = new AttributeDefault();
newAttr.setName(claim.getName());
newAttr.setValues(claim.getValues());
boolean found = false;
for (Attribute attribute : attributeStatement.getAttributes()) {
if (attribute.getName().equals(newAttr.getName())) {
found = true;
for (String value : newAttr.getValues()) {
attribute.addValue(value);
}
}
}
if (!found) {
attributeStatement.addAttribute(newAttr);
}
}
}
Also used :
Attribute(ddf.security.assertion.Attribute)
AttributeDefault(ddf.security.assertion.impl.AttributeDefault)
Claim(ddf.security.claims.Claim)
Example 5 with Claim
use of ddf.security.claims.Claim in project ddf by codice.
the class AttributeQueryClaimsHandler method createSingleValuedClaim.
/**
* Creates a single valued claim.
*
* @param claimType The claim type.
* @param claimValue The claim value.
* @return The claim.
* @throws URISyntaxException
*/
protected Claim createSingleValuedClaim(String claimType, String claimValue) {
Claim claim = new ClaimImpl(claimType);
claim.addValue(claimValue);
LOGGER.debug("Created claim with type [{}] and value [{}].", claimType, claimValue);
return claim;
}Aggregations
Claim (ddf.security.claims.Claim)12
ClaimsCollection (ddf.security.claims.ClaimsCollection)8
ClaimImpl (ddf.security.claims.impl.ClaimImpl)6
Connection (org.forgerock.opendj.ldap.Connection)5
BindResult (org.forgerock.opendj.ldap.responses.BindResult)5
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)5
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)5
ClaimsCollectionImpl (ddf.security.claims.impl.ClaimsCollectionImpl)4
Principal (java.security.Principal)4
HashMap (java.util.HashMap)4
Test (org.junit.Test)4
ClaimsParameters (ddf.security.claims.ClaimsParameters)3
ClaimsParametersImpl (ddf.security.claims.impl.ClaimsParametersImpl)3
SubjectUtils (ddf.security.service.impl.SubjectUtils)3
HashSet (java.util.HashSet)3
X500Principal (javax.security.auth.x500.X500Principal)3
UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)3
ConnectionFactory (org.forgerock.opendj.ldap.ConnectionFactory)3
DN (org.forgerock.opendj.ldap.DN)3
LinkedAttribute (org.forgerock.opendj.ldap.LinkedAttribute)3
