Examples with SubjectUtils ddf.security.service.impl.SubjectUtils used on opensource projects

Example 16 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class AbstractIntegrationTest method initFacades.

@SuppressWarnings({ "squid:S2696" /* writing to static ddfHome to share state between test methods */
})
@PostTestConstruct
public void initFacades() {
    RestAssured.config = RestAssuredConfig.config().xmlConfig(XmlConfig.xmlConfig().namespaceAware(false));
    ddfHome = System.getProperty(DDF_HOME_PROPERTY);
    adminConfig = new AdminConfig(configAdmin);
    Security security = new org.codice.ddf.security.impl.Security();
    ((org.codice.ddf.security.impl.Security) security).setSecurityLogger(new SecurityLoggerImpl(new SubjectUtils()));
    // This proxy runs the service manager as the system subject
    serviceManager = (ServiceManager) Proxy.newProxyInstance(AbstractIntegrationTest.class.getClassLoader(), ServiceManagerImpl.class.getInterfaces(), new ServiceManagerProxy(new ServiceManagerImpl(metatype, adminConfig, bundleContext, bundleService, features), security));
    catalogBundle = new CatalogBundle(serviceManager, adminConfig);
    securityPolicy = new SecurityPolicyConfigurator(serviceManager, configAdmin);
    urlResourceReaderConfigurator = new UrlResourceReaderConfigurator(configAdmin);
    console = new KarafConsole(bundleContext, features, sessionFactory);
}

Example 17 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class SecurityPolicyConfigurator method createChecker.

private Callable<Boolean> createChecker(final Map<String, Object> policyProperties) {
    final ContextPolicyManager ctxPolicyMgr = services.getService(ContextPolicyManager.class);
    final PolicyManager targetPolicies = new PolicyManager();
    targetPolicies.setSecurityLogger(new SecurityLoggerImpl(new SubjectUtils()));
    targetPolicies.setPolicies(policyProperties);
    return () -> {
        for (ContextPolicy policy : ctxPolicyMgr.getAllContextPolicies()) {
            ContextPolicy targetPolicy = targetPolicies.getContextPolicy(policy.getContextPath());
            if (targetPolicy == null || !targetPolicy.getContextPath().equals(policy.getContextPath()) || !targetPolicy.getAuthenticationMethods().containsAll(policy.getAuthenticationMethods()) || !targetPolicy.getAllowedAttributeNames().containsAll(policy.getAllowedAttributeNames())) {
                return false;
            }
        }
        return true;
    };
}

Example 18 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNestedUserOU.

@Test
public void testRetrieveClaimsValuesNestedUserOU() throws LdapException, SearchResultReferenceIOException {
    BindResult bindResult = mock(BindResult.class);
    ClaimsParameters claimsParameters;
    Connection connection = mock(Connection.class);
    ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
    ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
    LinkedAttribute membershipAttribute = new LinkedAttribute("cn");
    LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
    ClaimsCollection processedClaims;
    RoleClaimsHandler claimsHandler;
    SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
    DN resultDN = DN.valueOf("uid=tstark,OU=nested,");
    SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
    String groupName = "avengers";
    when(bindResult.isSuccess()).thenReturn(true);
    membershipAttribute.add("tstark");
    when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
    // hasNext() returns 'true' the first time, then 'false' every time after.
    when(membershipReader.hasNext()).thenReturn(true, false);
    when(membershipReader.isEntry()).thenReturn(true);
    when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
    when(membershipSearchResult.getName()).thenReturn(resultDN);
    groupNameAttribute.add(groupName);
    when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
    when(groupNameReader.hasNext()).thenReturn(true, false);
    when(groupNameReader.isEntry()).thenReturn(true);
    when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
    when(connection.bind(any())).thenReturn(bindResult);
    when(connection.search(any(), any(), eq("(&(objectClass=groupOfNames)(|(member=cn=tstark,OU=nested,)(member=uid=tstark,OU=nested,)))"), any())).thenReturn(groupNameReader);
    when(connection.search(anyString(), any(), anyString(), matches("cn"))).thenReturn(membershipReader);
    claimsHandler = new RoleClaimsHandler(new AttributeMapLoader(new SubjectUtils()));
    ConnectionFactory mockConnectionFactory = mock(ConnectionFactory.class);
    when(mockConnectionFactory.getConnection()).thenReturn(connection);
    claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
    claimsHandler.setBindMethod("Simple");
    claimsHandler.setBindUserCredentials("foo");
    claimsHandler.setBindUserDN("bar");
    claimsHandler.setMembershipUserAttribute("cn");
    claimsHandler.setLoginUserAttribute("uid");
    claimsParameters = new ClaimsParametersImpl(new UserPrincipal(USER_CN), new HashSet<>(), new HashMap<>());
    processedClaims = claimsHandler.retrieveClaims(claimsParameters);
    assertThat(processedClaims, hasSize(1));
    Claim claim = processedClaims.get(0);
    assertThat(claim.getValues(), hasSize(1));
    assertThat(claim.getValues().get(0), equalTo(groupName));
}

Example 19 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNotNullPrincipal.

@Test
public void testRetrieveClaimsValuesNotNullPrincipal() throws LdapException, SearchResultReferenceIOException {
    BindResult bindResult = mock(BindResult.class);
    ClaimsParameters claimsParameters;
    Connection connection = mock(Connection.class);
    ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
    ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
    LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
    LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
    ClaimsCollection processedClaims;
    RoleClaimsHandler claimsHandler;
    SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
    DN resultDN = DN.valueOf("uid=tstark,");
    SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
    String groupName = "avengers";
    when(bindResult.isSuccess()).thenReturn(true);
    membershipAttribute.add("tstark");
    when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
    // hasNext() returns 'true' the first time, then 'false' every time after.
    when(membershipReader.hasNext()).thenReturn(true, false);
    when(membershipReader.isEntry()).thenReturn(true);
    when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
    when(membershipSearchResult.getName()).thenReturn(resultDN);
    groupNameAttribute.add(groupName);
    when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
    when(groupNameReader.hasNext()).thenReturn(true, false);
    when(groupNameReader.isEntry()).thenReturn(true);
    when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
    when(connection.bind(any())).thenReturn(bindResult);
    when(connection.search(any(), any(), eq("(&(objectClass=groupOfNames)(|(member=uid=tstark,)(member=uid=tstark,)))"), any())).thenReturn(groupNameReader);
    when(connection.search(anyString(), any(), anyString(), matches("uid"))).thenReturn(membershipReader);
    claimsHandler = new RoleClaimsHandler(new AttributeMapLoader(new SubjectUtils()));
    ConnectionFactory mockConnectionFactory = mock(ConnectionFactory.class);
    when(mockConnectionFactory.getConnection()).thenReturn(connection);
    claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
    claimsHandler.setBindMethod("Simple");
    claimsHandler.setBindUserCredentials("foo");
    claimsHandler.setBindUserDN("bar");
    claimsParameters = new ClaimsParametersImpl(new UserPrincipal(USER_CN), new HashSet<>(), new HashMap<>());
    processedClaims = claimsHandler.retrieveClaims(claimsParameters);
    assertThat(processedClaims, hasSize(1));
    Claim claim = processedClaims.get(0);
    assertThat(claim.getValues(), hasSize(1));
    assertThat(claim.getValues().get(0), equalTo(groupName));
}

Example 20 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class IdpLogoutActionProviderTest method testGetAction.

@Test
public void testGetAction() throws Exception {
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    Principal principal = mock(Principal.class);
    when(principal.getName()).thenReturn("name");
    when(assertion.getPrincipal()).thenReturn(principal);
    when(assertion.getTokenType()).thenReturn("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    List<SecurityAssertion> securityAssertions = Collections.singletonList(assertion);
    when(principalCollection.byType(SecurityAssertion.class)).thenReturn(securityAssertions);
    Subject subject = mock(Subject.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    idpLogoutActionProvider.setSubjectOperations(new SubjectUtils());
    Action action = idpLogoutActionProvider.getAction(ImmutableMap.of(SecurityConstants.SECURITY_SUBJECT, subject));
    Assert.assertTrue("Expected the encrypted nameId and time", action.getUrl().getQuery().contains(URLEncoder.encode(nameIdTime)));
}