use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.
the class RoleClaimsHandlerTest method testRetrieveClaimsValuesIgnoredReferences.
@Test
public void testRetrieveClaimsValuesIgnoredReferences() throws LdapException, SearchResultReferenceIOException {
BindResult bindResult = mock(BindResult.class);
ClaimsParameters claimsParameters;
Connection connection = mock(Connection.class);
ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
ClaimsCollection processedClaims;
RoleClaimsHandler claimsHandler;
SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
DN resultDN = DN.valueOf("uid=tstark,");
SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
String groupName = "avengers";
when(bindResult.isSuccess()).thenReturn(true);
membershipAttribute.add("tstark");
when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
// simulate two items in the list (a reference and an entry)
when(membershipReader.hasNext()).thenReturn(true, true, false);
// test a reference followed by entries thereafter
when(membershipReader.isEntry()).thenReturn(false, true);
when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
when(membershipSearchResult.getName()).thenReturn(resultDN);
groupNameAttribute.add(groupName);
when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
when(groupNameReader.hasNext()).thenReturn(true, true, false);
when(groupNameReader.isEntry()).thenReturn(false, true);
when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
when(connection.bind(any())).thenReturn(bindResult);
when(connection.search(any(), any(), eq("(&(objectClass=groupOfNames)(|(member=uid=tstark,)(member=uid=tstark,)))"), any())).thenReturn(groupNameReader);
when(connection.search(anyString(), any(), anyString(), matches("uid"))).thenReturn(membershipReader);
claimsHandler = new RoleClaimsHandler(new AttributeMapLoader(new SubjectUtils()));
ConnectionFactory mockConnectionFactory = mock(ConnectionFactory.class);
when(mockConnectionFactory.getConnection()).thenReturn(connection);
claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
claimsHandler.setBindMethod("Simple");
claimsHandler.setBindUserCredentials("foo");
claimsHandler.setBindUserDN("bar");
claimsParameters = new ClaimsParametersImpl(new UserPrincipal(USER_CN), new HashSet<>(), new HashMap<>());
processedClaims = claimsHandler.retrieveClaims(claimsParameters);
assertThat(processedClaims, hasSize(1));
Claim claim = processedClaims.get(0);
assertThat(claim.getValues(), hasSize(1));
assertThat(claim.getValues().get(0), equalTo(groupName));
}
use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.
the class UsersAttributesFileClaimsHandlerTest method testRetrieveClaimValuesRegex.
@Test
public void testRetrieveClaimValuesRegex() throws IOException {
// given
System.setProperty(SystemBaseUrl.INTERNAL_HOST, "testHostname");
final UsersAttributesFileClaimsHandler usersAttributesFileClaimsHandler = new UsersAttributesFileClaimsHandler();
usersAttributesFileClaimsHandler.setUsersAttributesFileLocation(getPathForValidTestAttributesFile());
final ClaimsCollection ClaimsCollection = getClaimsCollectionForValidTestAttributesFile();
final Principal principal = mock(Principal.class);
when(principal.getName()).thenReturn("myhostname");
final ClaimsParameters regexClaimsParameters = new ClaimsParametersImpl(principal, new HashSet<>(), new HashMap<>());
// when
ClaimsCollection processedClaims = usersAttributesFileClaimsHandler.retrieveClaims(regexClaimsParameters);
// then
assertThat(processedClaims, contains(allOf(hasProperty("name", is("reg")), hasProperty("values", containsInAnyOrder("ex")))));
}
use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.
the class UsersAttributesFileClaimsHandlerTest method testRetrieveClaimValuesAdmin.
@Test
public void testRetrieveClaimValuesAdmin() throws IOException {
// given
System.setProperty(SystemBaseUrl.INTERNAL_HOST, "testHostname");
final UsersAttributesFileClaimsHandler usersAttributesFileClaimsHandler = new UsersAttributesFileClaimsHandler();
usersAttributesFileClaimsHandler.setUsersAttributesFileLocation(getPathForValidTestAttributesFile());
final ClaimsCollection ClaimsCollection = getClaimsCollectionForValidTestAttributesFile();
final ClaimsParameters localhostClaimsParameters;
final Principal principal = mock(Principal.class);
when(principal.getName()).thenReturn("admin");
localhostClaimsParameters = new ClaimsParametersImpl(principal, new HashSet<>(), new HashMap<>());
// when
final ClaimsCollection processedClaims = usersAttributesFileClaimsHandler.retrieveClaims(localhostClaimsParameters);
// then
assertThat(processedClaims, contains(allOf(hasProperty("name", is("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")), hasProperty("values", containsInAnyOrder("admin@testHostname")))));
}
use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.
the class PKIRealm method createPrincipalCollectionFromCertificate.
private SimplePrincipalCollection createPrincipalCollectionFromCertificate(X500Principal principal) {
SimplePrincipalCollection principals = new SimplePrincipalCollection();
DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
AttributeStatement attributeStatement = new AttributeStatementDefault();
HashMap<String, Object> properties = createProperties(principal);
for (ClaimsHandler claimsHandler : claimsHandlers) {
ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(principal, Collections.singleton(principal), properties));
mergeClaimsToAttributes(attributeStatement, claims);
}
final Instant now = Instant.now();
SecurityAssertion assertion = assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(principal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours))).tokenType(PKI_TOKEN_TYPE).build();
principals.add(assertion, "PKI");
return principals;
}
use of ddf.security.claims.impl.ClaimsParametersImpl in project ddf by codice.
the class UsernamePasswordRealm method createPrincipalCollectionFromSubject.
private SimplePrincipalCollection createPrincipalCollectionFromSubject(Subject subject) {
SimplePrincipalCollection principals = new SimplePrincipalCollection();
DefaultSecurityAssertionBuilder assertionBuilder = new DefaultSecurityAssertionBuilder();
AttributeStatement attributeStatement = new AttributeStatementDefault();
Principal userPrincipal = subject.getPrincipals().stream().filter(p -> p instanceof UserPrincipal).findFirst().orElseThrow(AuthenticationException::new);
Set<Principal> rolePrincipals = subject.getPrincipals().stream().filter(p -> p instanceof RolePrincipal).collect(Collectors.toSet());
for (ClaimsHandler claimsHandler : claimsHandlers) {
ClaimsCollection claims = claimsHandler.retrieveClaims(new ClaimsParametersImpl(userPrincipal, rolePrincipals, new HashMap<>()));
mergeClaimsToAttributes(attributeStatement, claims);
}
final Instant now = Instant.now();
assertionBuilder.addAttributeStatement(attributeStatement).userPrincipal(userPrincipal).weight(SecurityAssertion.LOCAL_AUTH_WEIGHT).issuer("DDF").notBefore(Date.from(now)).notOnOrAfter(Date.from(now.plus(fourHours)));
for (Principal principal : rolePrincipals) {
assertionBuilder.addPrincipal(principal);
}
assertionBuilder.tokenType(USER_PASS_TOKEN_TYPE);
SecurityAssertion assertion = assertionBuilder.build();
principals.add(assertion, "UP");
return principals;
}
Aggregations