use of ddf.security.service.SecurityManager in project ddf by codice.
the class Security method getSubject.
/**
* Gets the {@link Subject} given a user name and password.
*
* @param username username
* @param password password
* @return {@link Subject} associated with the user name and password provided
*/
public Subject getSubject(String username, String password) {
UPAuthenticationToken token = new UPAuthenticationToken(username, password);
SecurityManager securityManager = getSecurityManager();
if (securityManager != null) {
try {
return securityManager.getSubject(token);
} catch (SecurityServiceException | RuntimeException e) {
LOGGER.info("Unable to request subject for {} user.", username, e);
}
}
return null;
}
use of ddf.security.service.SecurityManager in project ddf by codice.
the class Security method getSecurityManager.
/**
* Gets a reference to the {@link SecurityManager}.
*
* @return reference to the {@link SecurityManager}
*/
public SecurityManager getSecurityManager() {
BundleContext context = getBundleContext();
if (context != null) {
ServiceReference securityManagerRef = context.getServiceReference(SecurityManager.class);
return (SecurityManager) context.getService(securityManagerRef);
}
LOGGER.warn("Unable to get Security Manager. Authentication and Authorization mechanisms will not work correctly. A restart of the system may be necessary.");
return null;
}
use of ddf.security.service.SecurityManager in project ddf by codice.
the class LoginFilterTest method testBadSigSamlCookie.
@Test(expected = ServletException.class)
public void testBadSigSamlCookie() throws IOException, XMLStreamException, ServletException, ParserConfigurationException, SAXException, SecurityServiceException {
FilterConfig filterConfig = mock(FilterConfig.class);
LoginFilter loginFilter = new LoginFilter();
loginFilter.setSessionFactory(sessionFactory);
ddf.security.service.SecurityManager securityManager = mock(SecurityManager.class);
loginFilter.setSecurityManager(securityManager);
loginFilter.setSignaturePropertiesFile("signature.properties");
try {
loginFilter.init(filterConfig);
} catch (ServletException e) {
fail(e.getMessage());
}
HttpServletRequest servletRequest = new TestHttpServletRequest();
HttpServletResponse servletResponse = mock(HttpServletResponse.class);
FilterChain filterChain = mock(FilterChain.class);
SecurityToken securityToken = new SecurityToken();
Element thisToken = readDocument("/bad_saml.xml").getDocumentElement();
securityToken.setToken(thisToken);
SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, securityToken, "karaf");
HandlerResult result = new HandlerResult(HandlerResult.Status.COMPLETED, samlToken);
servletRequest.setAttribute("ddf.security.token", result);
loginFilter.doFilter(servletRequest, servletResponse, filterChain);
}
use of ddf.security.service.SecurityManager in project ddf by codice.
the class LoginFilterTest method testValidUsernameToken.
@Test
public void testValidUsernameToken() throws IOException, XMLStreamException, ServletException, ParserConfigurationException, SAXException, SecurityServiceException {
FilterConfig filterConfig = mock(FilterConfig.class);
LoginFilter loginFilter = new LoginFilter();
loginFilter.setSessionFactory(sessionFactory);
ddf.security.service.SecurityManager securityManager = mock(ddf.security.service.SecurityManager.class);
loginFilter.setSecurityManager(securityManager);
loginFilter.init(filterConfig);
HttpServletRequest servletRequest = mock(HttpServletRequest.class);
HttpServletResponse servletResponse = mock(HttpServletResponse.class);
FilterChain filterChain = mock(FilterChain.class);
UPAuthenticationToken token = new UPAuthenticationToken("foo", "bar");
HandlerResult result = new HandlerResult(HandlerResult.Status.COMPLETED, token);
when(servletRequest.getAttribute("ddf.security.token")).thenReturn(result);
HttpSession session = mock(HttpSession.class);
when(servletRequest.getSession(true)).thenReturn(session);
when(session.getAttribute(SecurityConstants.SAML_ASSERTION)).thenReturn(new SecurityTokenHolder());
when(sessionFactory.getOrCreateSession(servletRequest)).thenReturn(session);
Subject subject = mock(Subject.class, RETURNS_DEEP_STUBS);
when(securityManager.getSubject(token)).thenReturn(subject);
SecurityAssertion assertion = mock(SecurityAssertion.class);
SecurityToken securityToken = mock(SecurityToken.class);
when(assertion.getSecurityToken()).thenReturn(securityToken);
when(subject.getPrincipals().asList()).thenReturn(Arrays.asList(assertion));
when(securityToken.getToken()).thenReturn(readDocument("/good_saml.xml").getDocumentElement());
loginFilter.doFilter(servletRequest, servletResponse, filterChain);
}
use of ddf.security.service.SecurityManager in project ddf by codice.
the class TestPepInterceptorActions method testMessageWithDefaultUrlAction.
@Test
public void testMessageWithDefaultUrlAction() throws SecurityServiceException {
PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
SecurityManager mockSecurityManager = mock(SecurityManager.class);
interceptor.setSecurityManager(mockSecurityManager);
Message messageWithAction = mock(Message.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
SecurityToken mockSecurityToken = mock(SecurityToken.class);
Subject mockSubject = mock(Subject.class);
assertNotNull(mockSecurityAssertion);
PowerMockito.mockStatic(SecurityAssertionStore.class);
PowerMockito.mockStatic(SecurityLogger.class);
when(SecurityAssertionStore.getSecurityAssertion(messageWithAction)).thenReturn(mockSecurityAssertion);
// SecurityLogger is already stubbed out
when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
when(mockSecurityToken.getToken()).thenReturn(null);
when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
QName op = new QName("http://catalog/query/", "Search", "ns1");
QName port = new QName("http://catalog/query/", "QueryPort", "ns1");
when(messageWithAction.get(MessageContext.WSDL_OPERATION)).thenReturn(op);
when(messageWithAction.get(MessageContext.WSDL_PORT)).thenReturn(port);
Exchange mockExchange = mock(Exchange.class);
BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
when(messageWithAction.getExchange()).thenReturn(mockExchange);
when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
doAnswer(new Answer<Boolean>() {
@Override
public Boolean answer(InvocationOnMock invocation) throws Throwable {
CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
assertEquals("http://catalog/query/QueryPort/SearchRequest", perm.getAction());
return true;
}
}).when(mockSubject).isPermitted(isA(CollectionPermission.class));
// This should work.
interceptor.handleMessage(messageWithAction);
PowerMockito.verifyStatic();
}
Aggregations