Search in sources :

Example 11 with PermissionsImpl

use of ddf.security.permission.impl.PermissionsImpl in project ddf by codice.

the class OperationPluginTest method makeDecision.

private Answer<Boolean> makeDecision() {
    Map<String, List<String>> testRoleMap = new HashMap<String, List<String>>();
    List<String> testRoles = new ArrayList<String>();
    testRoles.add("A");
    testRoles.add("B");
    testRoleMap.put("Roles", testRoles);
    final KeyValueCollectionPermission testUserPermission = new PermissionsImpl().buildKeyValueCollectionPermission(CollectionPermission.READ_ACTION, testRoleMap);
    return new Answer<Boolean>() {

        @Override
        public Boolean answer(InvocationOnMock invocation) {
            Object[] args = invocation.getArguments();
            Permission incomingPermission = (Permission) args[1];
            return testUserPermission.implies(incomingPermission);
        }
    };
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Answer(org.mockito.stubbing.Answer) PermissionsImpl(ddf.security.permission.impl.PermissionsImpl) InvocationOnMock(org.mockito.invocation.InvocationOnMock) CollectionPermission(ddf.security.permission.CollectionPermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) ArrayList(java.util.ArrayList) List(java.util.List)

Example 12 with PermissionsImpl

use of ddf.security.permission.impl.PermissionsImpl in project ddf by codice.

the class FilterPluginTest method testPluginFilterResourceNoStrategiesBad.

@Test(expected = StopProcessingException.class)
public void testPluginFilterResourceNoStrategiesBad() throws StopProcessingException {
    plugin = new FilterPlugin(new Security());
    plugin.setPermissions(new PermissionsImpl());
    plugin.processPostResource(resourceResponse, getMoreRolesMetacard());
}
Also used : FilterPlugin(ddf.catalog.security.filter.plugin.FilterPlugin) PermissionsImpl(ddf.security.permission.impl.PermissionsImpl) Security(org.codice.ddf.security.impl.Security) Test(org.junit.Test)

Example 13 with PermissionsImpl

use of ddf.security.permission.impl.PermissionsImpl in project ddf by codice.

the class FilterPluginTest method setup.

@Before
public void setup() {
    AuthorizingRealm realm = mock(AuthorizingRealm.class);
    when(realm.getName()).thenReturn("mockRealm");
    when(realm.isPermitted(any(PrincipalCollection.class), any(Permission.class))).then(makeDecision());
    Collection<org.apache.shiro.realm.Realm> realms = new ArrayList<>();
    realms.add(realm);
    DefaultSecurityManager manager = new DefaultSecurityManager();
    manager.setRealms(realms);
    SimplePrincipalCollection principalCollection = new SimplePrincipalCollection(new Principal() {

        @Override
        public String getName() {
            return "testuser";
        }
    }, realm.getName());
    Subject systemSubject = new MockSubject(manager, principalCollection);
    plugin = new FilterPlugin(new Security()) {

        @Override
        protected Subject getSystemSubject() {
            return systemSubject;
        }
    };
    plugin.setPermissions(new PermissionsImpl());
    plugin.setSubjectOperations(new SubjectUtils());
    plugin.setSecurityLogger(mock(SecurityLogger.class));
    QueryRequestImpl request = getSampleRequest();
    Map<String, Serializable> properties = new HashMap<>();
    Subject subject = new MockSubject(manager, principalCollection);
    properties.put(SecurityConstants.SECURITY_SUBJECT, subject);
    request.setProperties(properties);
    incomingResponse = new QueryResponseImpl(request);
    ResourceRequest resourceRequest = mock(ResourceRequest.class);
    when(resourceRequest.getProperties()).thenReturn(properties);
    resourceResponse = new ResourceResponseImpl(resourceRequest, mock(Resource.class));
    resourceResponse.setProperties(properties);
    DeleteRequest deleteRequest = mock(DeleteRequest.class);
    when(deleteRequest.getProperties()).thenReturn(properties);
    List<Metacard> deletedMetacards = new ArrayList<>();
    deletedMetacards.add(getExactRolesMetacard());
    deleteResponse = new DeleteResponseImpl(deleteRequest, properties, deletedMetacards);
    List<Metacard> badDeletedMetacards = new ArrayList<>();
    badDeletedMetacards.add(getMoreRolesMetacard());
    badDeleteResponse = new DeleteResponseImpl(deleteRequest, properties, badDeletedMetacards);
    createRequest = new CreateRequestImpl(getExactRolesMetacard());
    createRequest.setProperties(properties);
    badCreateRequest = new CreateRequestImpl(getMoreRolesMetacard());
    badCreateRequest.setProperties(properties);
    updateRequest = new UpdateRequestImpl(getExactRolesMetacard().getId(), getExactRolesMetacard());
    updateRequest.setProperties(properties);
    ResultImpl result1 = new ResultImpl(getMoreRolesMetacard());
    ResultImpl result2 = new ResultImpl(getMissingRolesMetacard());
    ResultImpl result3 = new ResultImpl(getExactRolesMetacard());
    ResultImpl result4 = new ResultImpl(getNoRolesMetacard());
    ResultImpl result5 = new ResultImpl(getNoSecurityAttributeMetacard());
    incomingResponse.addResult(result1, false);
    incomingResponse.addResult(result2, false);
    incomingResponse.addResult(result3, false);
    incomingResponse.addResult(result4, false);
    incomingResponse.addResult(result5, true);
}
Also used : SubjectUtils(ddf.security.service.impl.SubjectUtils) Serializable(java.io.Serializable) FilterPlugin(ddf.catalog.security.filter.plugin.FilterPlugin) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ResultImpl(ddf.catalog.data.impl.ResultImpl) Security(org.codice.ddf.security.impl.Security) AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm) PermissionsImpl(ddf.security.permission.impl.PermissionsImpl) CollectionPermission(ddf.security.permission.CollectionPermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ResourceResponseImpl(ddf.catalog.operation.impl.ResourceResponseImpl) DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager) DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject) Subject(ddf.security.Subject) QueryResponseImpl(ddf.catalog.operation.impl.QueryResponseImpl) Metacard(ddf.catalog.data.Metacard) DeleteResponseImpl(ddf.catalog.operation.impl.DeleteResponseImpl) QueryRequestImpl(ddf.catalog.operation.impl.QueryRequestImpl) CreateRequestImpl(ddf.catalog.operation.impl.CreateRequestImpl) ResourceRequest(ddf.catalog.operation.ResourceRequest) UpdateRequestImpl(ddf.catalog.operation.impl.UpdateRequestImpl) DeleteRequest(ddf.catalog.operation.DeleteRequest) Principal(java.security.Principal) SecurityLogger(ddf.security.audit.SecurityLogger) Before(org.junit.Before)

Example 14 with PermissionsImpl

use of ddf.security.permission.impl.PermissionsImpl in project ddf by codice.

the class ConfluenceSourceTest method setup.

@Before
public void setup() {
    MetacardType type = new MetacardTypeImpl("confluence", MetacardImpl.BASIC_METACARD.getAttributeDescriptors());
    transformer = new ConfluenceInputTransformer(type, Collections.emptyList());
    encryptionService = mock(EncryptionService.class);
    reader = mock(ResourceReader.class);
    factory = mock(SecureCxfClientFactory.class);
    clientBuilderFactory = mock(ClientBuilderFactory.class);
    client = mock(SearchResource.class);
    registry = mock(AttributeRegistry.class);
    clientResponse = mock(Response.class);
    when(factory.getClient()).thenReturn(client);
    doReturn(clientResponse).when(client).search(anyString(), isNull(), isNull(), anyString(), anyInt(), anyInt(), anyBoolean());
    when(encryptionService.decryptValue(anyString())).thenReturn("decryptedPass");
    when(registry.lookup("attrib1")).thenReturn(Optional.of(new AttributeDescriptorImpl("attrib1", true, true, true, false, BasicTypes.STRING_TYPE)));
    when(registry.lookup("attrib2")).thenReturn(Optional.of(new AttributeDescriptorImpl("attrib2", true, true, true, true, BasicTypes.STRING_TYPE)));
    confluence = new TestConfluenceSource(adapter, encryptionService, transformer, reader, registry, factory, clientBuilderFactory);
    confluence.setSecurityLogger(mock(SecurityLogger.class));
    confluence.setPermissions(new PermissionsImpl());
    confluence.setAvailabilityPollInterval(1);
    confluence.setConfigurationPid("configPid");
    confluence.setEndpointUrl("https://confluence/rest/api/content");
    confluence.setExpandedSections(Collections.singletonList("expandedField"));
    confluence.setUsername("username");
    confluence.setPassword("password");
    confluence.setIncludeArchivedSpaces(false);
    List<String> additionalAttributes = new ArrayList<>();
    additionalAttributes.add("attrib1=val1");
    additionalAttributes.add("attrib2=val1,val2,val3");
    confluence.setAttributeOverrides(additionalAttributes);
}
Also used : ResourceReader(ddf.catalog.resource.ResourceReader) SecureCxfClientFactory(org.codice.ddf.cxf.client.SecureCxfClientFactory) ClientBuilderFactory(org.codice.ddf.cxf.client.ClientBuilderFactory) ArrayList(java.util.ArrayList) MetacardTypeImpl(ddf.catalog.data.impl.MetacardTypeImpl) AttributeDescriptorImpl(ddf.catalog.data.impl.AttributeDescriptorImpl) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SearchResource(org.codice.ddf.confluence.api.SearchResource) MetacardType(ddf.catalog.data.MetacardType) Response(javax.ws.rs.core.Response) SourceResponse(ddf.catalog.operation.SourceResponse) AttributeRegistry(ddf.catalog.data.AttributeRegistry) EncryptionService(ddf.security.encryption.EncryptionService) PermissionsImpl(ddf.security.permission.impl.PermissionsImpl) SecurityLogger(ddf.security.audit.SecurityLogger) Before(org.junit.Before)

Example 15 with PermissionsImpl

use of ddf.security.permission.impl.PermissionsImpl in project ddf by codice.

the class CatalogFrameworkImplTest method createFramework.

private CatalogFrameworkImpl createFramework(FrameworkProperties frameworkProperties) {
    final SourcePoller<SourceStatus> mockStatusSourcePoller = mock(SourcePoller.class);
    doAnswer(invocationOnMock -> Optional.of(((Source) invocationOnMock.getArguments()[0]).isAvailable() ? SourceStatus.AVAILABLE : SourceStatus.UNAVAILABLE)).when(mockStatusSourcePoller).getCachedValueForSource(any(Source.class));
    final SourcePoller<Set<ContentType>> mockContentTypesSourcePoller = mock(SourcePoller.class);
    doAnswer(invocationOnMock -> Optional.of(((Source) invocationOnMock.getArguments()[0]).getContentTypes())).when(mockContentTypesSourcePoller).getCachedValueForSource(any(Source.class));
    OperationsSecuritySupport opsSecurity = new OperationsSecuritySupport();
    MetacardFactory metacardFactory = new MetacardFactory(frameworkProperties.getMimeTypeToTransformerMapper(), uuidGenerator);
    OperationsMetacardSupport opsMetacard = new OperationsMetacardSupport(frameworkProperties, metacardFactory);
    SourceOperations sourceOperations = new SourceOperations(frameworkProperties, mock(ActionRegistry.class), mockStatusSourcePoller, mockContentTypesSourcePoller);
    QueryOperations queryOperations = new QueryOperations(frameworkProperties, sourceOperations, opsSecurity, opsMetacard);
    queryOperations.setSecurityLogger(mock(SecurityLogger.class));
    queryOperations.setPermissions(new PermissionsImpl());
    OperationsStorageSupport opsStorage = new OperationsStorageSupport(sourceOperations, queryOperations);
    OperationsCatalogStoreSupport opsCatStore = new OperationsCatalogStoreSupport(frameworkProperties, sourceOperations);
    CreateOperations createOperations = new CreateOperations(frameworkProperties, queryOperations, sourceOperations, opsSecurity, opsMetacard, opsCatStore, opsStorage);
    UpdateOperations updateOperations = new UpdateOperations(frameworkProperties, queryOperations, sourceOperations, opsSecurity, opsMetacard, opsCatStore, opsStorage);
    DeleteOperations deleteOperations = new DeleteOperations(frameworkProperties, queryOperations, sourceOperations, opsSecurity, opsMetacard);
    ResourceOperations resourceOperations = new ResourceOperations(frameworkProperties, queryOperations, opsSecurity);
    TransformOperations transformOperations = new TransformOperations(frameworkProperties);
    Historian historian = new Historian();
    historian.setHistoryEnabled(false);
    updateOperations.setHistorian(historian);
    deleteOperations.setHistorian(historian);
    CatalogFrameworkImpl catalogFramework = new CatalogFrameworkImpl(createOperations, updateOperations, deleteOperations, queryOperations, resourceOperations, sourceOperations, transformOperations);
    // Conditionally bind objects if framework properties are setup
    if (CollectionUtils.isNotEmpty(frameworkProperties.getCatalogProviders())) {
        sourceOperations.bind(provider);
    }
    if (CollectionUtils.isNotEmpty(frameworkProperties.getStorageProviders())) {
        sourceOperations.bind(storageProvider);
    }
    return catalogFramework;
}
Also used : OperationsCatalogStoreSupport(ddf.catalog.impl.operations.OperationsCatalogStoreSupport) Set(java.util.Set) HashSet(java.util.HashSet) SourceOperations(ddf.catalog.impl.operations.SourceOperations) SourceStatus(org.codice.ddf.catalog.sourcepoller.SourceStatus) ResourceOperations(ddf.catalog.impl.operations.ResourceOperations) RemoteDeleteOperations(ddf.catalog.impl.operations.RemoteDeleteOperations) DeleteOperations(ddf.catalog.impl.operations.DeleteOperations) ActionRegistry(ddf.action.ActionRegistry) TransformOperations(ddf.catalog.impl.operations.TransformOperations) Source(ddf.catalog.source.Source) ByteSource(com.google.common.io.ByteSource) FederatedSource(ddf.catalog.source.FederatedSource) MetacardFactory(ddf.catalog.impl.operations.MetacardFactory) OperationsStorageSupport(ddf.catalog.impl.operations.OperationsStorageSupport) QueryOperations(ddf.catalog.impl.operations.QueryOperations) UpdateOperations(ddf.catalog.impl.operations.UpdateOperations) PermissionsImpl(ddf.security.permission.impl.PermissionsImpl) OperationsSecuritySupport(ddf.catalog.impl.operations.OperationsSecuritySupport) CreateOperations(ddf.catalog.impl.operations.CreateOperations) Historian(ddf.catalog.history.Historian) OperationsMetacardSupport(ddf.catalog.impl.operations.OperationsMetacardSupport) SecurityLogger(ddf.security.audit.SecurityLogger)

Aggregations

PermissionsImpl (ddf.security.permission.impl.PermissionsImpl)17 ArrayList (java.util.ArrayList)8 Test (org.junit.Test)8 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)7 SecurityLogger (ddf.security.audit.SecurityLogger)6 Before (org.junit.Before)5 FilterPlugin (ddf.catalog.security.filter.plugin.FilterPlugin)4 ByteSource (com.google.common.io.ByteSource)3 Metacard (ddf.catalog.data.Metacard)3 QueryOperations (ddf.catalog.impl.operations.QueryOperations)3 ResourceOperations (ddf.catalog.impl.operations.ResourceOperations)3 SourceOperations (ddf.catalog.impl.operations.SourceOperations)3 ResourceRequest (ddf.catalog.operation.ResourceRequest)3 FederatedSource (ddf.catalog.source.FederatedSource)3 Source (ddf.catalog.source.Source)3 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 Set (java.util.Set)3 SourceStatus (org.codice.ddf.catalog.sourcepoller.SourceStatus)3 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)3