Search in sources :

Example 11 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class Security method getSubject.

/**
     * Gets the {@link Subject} given a user name and password.
     *
     * @param username username
     * @param password password
     * @return {@link Subject} associated with the user name and password provided
     */
public Subject getSubject(String username, String password) {
    UPAuthenticationToken token = new UPAuthenticationToken(username, password);
    SecurityManager securityManager = getSecurityManager();
    if (securityManager != null) {
        try {
            return securityManager.getSubject(token);
        } catch (SecurityServiceException | RuntimeException e) {
            LOGGER.info("Unable to request subject for {} user.", username, e);
        }
    }
    return null;
}
Also used : SecurityServiceException(ddf.security.service.SecurityServiceException) SecurityManager(ddf.security.service.SecurityManager) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)

Example 12 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class Security method getSecurityManager.

/**
     * Gets a reference to the {@link SecurityManager}.
     *
     * @return reference to the {@link SecurityManager}
     */
public SecurityManager getSecurityManager() {
    BundleContext context = getBundleContext();
    if (context != null) {
        ServiceReference securityManagerRef = context.getServiceReference(SecurityManager.class);
        return (SecurityManager) context.getService(securityManagerRef);
    }
    LOGGER.warn("Unable to get Security Manager. Authentication and Authorization mechanisms will not work correctly. A restart of the system may be necessary.");
    return null;
}
Also used : SecurityManager(ddf.security.service.SecurityManager) BundleContext(org.osgi.framework.BundleContext) ServiceReference(org.osgi.framework.ServiceReference)

Example 13 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class LoginFilterTest method testBadSigSamlCookie.

@Test(expected = ServletException.class)
public void testBadSigSamlCookie() throws IOException, XMLStreamException, ServletException, ParserConfigurationException, SAXException, SecurityServiceException {
    FilterConfig filterConfig = mock(FilterConfig.class);
    LoginFilter loginFilter = new LoginFilter();
    loginFilter.setSessionFactory(sessionFactory);
    ddf.security.service.SecurityManager securityManager = mock(SecurityManager.class);
    loginFilter.setSecurityManager(securityManager);
    loginFilter.setSignaturePropertiesFile("signature.properties");
    try {
        loginFilter.init(filterConfig);
    } catch (ServletException e) {
        fail(e.getMessage());
    }
    HttpServletRequest servletRequest = new TestHttpServletRequest();
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = mock(FilterChain.class);
    SecurityToken securityToken = new SecurityToken();
    Element thisToken = readDocument("/bad_saml.xml").getDocumentElement();
    securityToken.setToken(thisToken);
    SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, securityToken, "karaf");
    HandlerResult result = new HandlerResult(HandlerResult.Status.COMPLETED, samlToken);
    servletRequest.setAttribute("ddf.security.token", result);
    loginFilter.doFilter(servletRequest, servletResponse, filterChain);
}
Also used : FilterChain(javax.servlet.FilterChain) Element(org.w3c.dom.Element) HttpServletResponse(javax.servlet.http.HttpServletResponse) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken) ServletException(javax.servlet.ServletException) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) FilterConfig(javax.servlet.FilterConfig) SecurityManager(ddf.security.service.SecurityManager) Test(org.junit.Test)

Example 14 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class LoginFilterTest method testValidUsernameToken.

@Test
public void testValidUsernameToken() throws IOException, XMLStreamException, ServletException, ParserConfigurationException, SAXException, SecurityServiceException {
    FilterConfig filterConfig = mock(FilterConfig.class);
    LoginFilter loginFilter = new LoginFilter();
    loginFilter.setSessionFactory(sessionFactory);
    ddf.security.service.SecurityManager securityManager = mock(ddf.security.service.SecurityManager.class);
    loginFilter.setSecurityManager(securityManager);
    loginFilter.init(filterConfig);
    HttpServletRequest servletRequest = mock(HttpServletRequest.class);
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = mock(FilterChain.class);
    UPAuthenticationToken token = new UPAuthenticationToken("foo", "bar");
    HandlerResult result = new HandlerResult(HandlerResult.Status.COMPLETED, token);
    when(servletRequest.getAttribute("ddf.security.token")).thenReturn(result);
    HttpSession session = mock(HttpSession.class);
    when(servletRequest.getSession(true)).thenReturn(session);
    when(session.getAttribute(SecurityConstants.SAML_ASSERTION)).thenReturn(new SecurityTokenHolder());
    when(sessionFactory.getOrCreateSession(servletRequest)).thenReturn(session);
    Subject subject = mock(Subject.class, RETURNS_DEEP_STUBS);
    when(securityManager.getSubject(token)).thenReturn(subject);
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    when(assertion.getSecurityToken()).thenReturn(securityToken);
    when(subject.getPrincipals().asList()).thenReturn(Arrays.asList(assertion));
    when(securityToken.getToken()).thenReturn(readDocument("/good_saml.xml").getDocumentElement());
    loginFilter.doFilter(servletRequest, servletResponse, filterChain);
}
Also used : HttpSession(javax.servlet.http.HttpSession) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityTokenHolder(ddf.security.common.SecurityTokenHolder) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken) FilterConfig(javax.servlet.FilterConfig) SecurityManager(ddf.security.service.SecurityManager) Test(org.junit.Test)

Example 15 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class TestPepInterceptorActions method testMessageWithDefaultUrlAction.

@Test
public void testMessageWithDefaultUrlAction() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithAction = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithAction)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    QName op = new QName("http://catalog/query/", "Search", "ns1");
    QName port = new QName("http://catalog/query/", "QueryPort", "ns1");
    when(messageWithAction.get(MessageContext.WSDL_OPERATION)).thenReturn(op);
    when(messageWithAction.get(MessageContext.WSDL_PORT)).thenReturn(port);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    when(messageWithAction.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(null);
    doAnswer(new Answer<Boolean>() {

        @Override
        public Boolean answer(InvocationOnMock invocation) throws Throwable {
            CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
            assertEquals("http://catalog/query/QueryPort/SearchRequest", perm.getAction());
            return true;
        }
    }).when(mockSubject).isPermitted(isA(CollectionPermission.class));
    // This should work.
    interceptor.handleMessage(messageWithAction);
    PowerMockito.verifyStatic();
}
Also used : BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) QName(javax.xml.namespace.QName) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) InvocationOnMock(org.mockito.invocation.InvocationOnMock) CollectionPermission(ddf.security.permission.CollectionPermission) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Aggregations

SecurityManager (ddf.security.service.SecurityManager)26 Test (org.junit.Test)19 Subject (ddf.security.Subject)14 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)13 SecurityAssertion (ddf.security.assertion.SecurityAssertion)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 SecurityServiceException (ddf.security.service.SecurityServiceException)9 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)9 CollectionPermission (ddf.security.permission.CollectionPermission)7 Response (javax.ws.rs.core.Response)7 Message (org.apache.cxf.message.Message)7 Matchers.containsString (org.hamcrest.Matchers.containsString)7 Matchers.anyString (org.mockito.Matchers.anyString)7 Exchange (org.apache.cxf.message.Exchange)6 BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)6 X509Certificate (java.security.cert.X509Certificate)5 QName (javax.xml.namespace.QName)5 InvocationOnMock (org.mockito.invocation.InvocationOnMock)4 Element (org.w3c.dom.Element)4 FilterChain (javax.servlet.FilterChain)3