use of ddf.security.service.impl.SubjectUtils in project ddf by codice.
the class AbstractIntegrationTest method initFacades.
@SuppressWarnings({ "squid:S2696" /* writing to static ddfHome to share state between test methods */
})
@PostTestConstruct
public void initFacades() {
RestAssured.config = RestAssuredConfig.config().xmlConfig(XmlConfig.xmlConfig().namespaceAware(false));
ddfHome = System.getProperty(DDF_HOME_PROPERTY);
adminConfig = new AdminConfig(configAdmin);
Security security = new org.codice.ddf.security.impl.Security();
((org.codice.ddf.security.impl.Security) security).setSecurityLogger(new SecurityLoggerImpl(new SubjectUtils()));
// This proxy runs the service manager as the system subject
serviceManager = (ServiceManager) Proxy.newProxyInstance(AbstractIntegrationTest.class.getClassLoader(), ServiceManagerImpl.class.getInterfaces(), new ServiceManagerProxy(new ServiceManagerImpl(metatype, adminConfig, bundleContext, bundleService, features), security));
catalogBundle = new CatalogBundle(serviceManager, adminConfig);
securityPolicy = new SecurityPolicyConfigurator(serviceManager, configAdmin);
urlResourceReaderConfigurator = new UrlResourceReaderConfigurator(configAdmin);
console = new KarafConsole(bundleContext, features, sessionFactory);
}
use of ddf.security.service.impl.SubjectUtils in project ddf by codice.
the class SecurityPolicyConfigurator method createChecker.
private Callable<Boolean> createChecker(final Map<String, Object> policyProperties) {
final ContextPolicyManager ctxPolicyMgr = services.getService(ContextPolicyManager.class);
final PolicyManager targetPolicies = new PolicyManager();
targetPolicies.setSecurityLogger(new SecurityLoggerImpl(new SubjectUtils()));
targetPolicies.setPolicies(policyProperties);
return () -> {
for (ContextPolicy policy : ctxPolicyMgr.getAllContextPolicies()) {
ContextPolicy targetPolicy = targetPolicies.getContextPolicy(policy.getContextPath());
if (targetPolicy == null || !targetPolicy.getContextPath().equals(policy.getContextPath()) || !targetPolicy.getAuthenticationMethods().containsAll(policy.getAuthenticationMethods()) || !targetPolicy.getAllowedAttributeNames().containsAll(policy.getAllowedAttributeNames())) {
return false;
}
}
return true;
};
}
use of ddf.security.service.impl.SubjectUtils in project ddf by codice.
the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNestedUserOU.
@Test
public void testRetrieveClaimsValuesNestedUserOU() throws LdapException, SearchResultReferenceIOException {
BindResult bindResult = mock(BindResult.class);
ClaimsParameters claimsParameters;
Connection connection = mock(Connection.class);
ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
LinkedAttribute membershipAttribute = new LinkedAttribute("cn");
LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
ClaimsCollection processedClaims;
RoleClaimsHandler claimsHandler;
SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
DN resultDN = DN.valueOf("uid=tstark,OU=nested,");
SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
String groupName = "avengers";
when(bindResult.isSuccess()).thenReturn(true);
membershipAttribute.add("tstark");
when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
// hasNext() returns 'true' the first time, then 'false' every time after.
when(membershipReader.hasNext()).thenReturn(true, false);
when(membershipReader.isEntry()).thenReturn(true);
when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
when(membershipSearchResult.getName()).thenReturn(resultDN);
groupNameAttribute.add(groupName);
when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
when(groupNameReader.hasNext()).thenReturn(true, false);
when(groupNameReader.isEntry()).thenReturn(true);
when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
when(connection.bind(any())).thenReturn(bindResult);
when(connection.search(any(), any(), eq("(&(objectClass=groupOfNames)(|(member=cn=tstark,OU=nested,)(member=uid=tstark,OU=nested,)))"), any())).thenReturn(groupNameReader);
when(connection.search(anyString(), any(), anyString(), matches("cn"))).thenReturn(membershipReader);
claimsHandler = new RoleClaimsHandler(new AttributeMapLoader(new SubjectUtils()));
ConnectionFactory mockConnectionFactory = mock(ConnectionFactory.class);
when(mockConnectionFactory.getConnection()).thenReturn(connection);
claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
claimsHandler.setBindMethod("Simple");
claimsHandler.setBindUserCredentials("foo");
claimsHandler.setBindUserDN("bar");
claimsHandler.setMembershipUserAttribute("cn");
claimsHandler.setLoginUserAttribute("uid");
claimsParameters = new ClaimsParametersImpl(new UserPrincipal(USER_CN), new HashSet<>(), new HashMap<>());
processedClaims = claimsHandler.retrieveClaims(claimsParameters);
assertThat(processedClaims, hasSize(1));
Claim claim = processedClaims.get(0);
assertThat(claim.getValues(), hasSize(1));
assertThat(claim.getValues().get(0), equalTo(groupName));
}
use of ddf.security.service.impl.SubjectUtils in project ddf by codice.
the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNotNullPrincipal.
@Test
public void testRetrieveClaimsValuesNotNullPrincipal() throws LdapException, SearchResultReferenceIOException {
BindResult bindResult = mock(BindResult.class);
ClaimsParameters claimsParameters;
Connection connection = mock(Connection.class);
ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
ClaimsCollection processedClaims;
RoleClaimsHandler claimsHandler;
SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
DN resultDN = DN.valueOf("uid=tstark,");
SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
String groupName = "avengers";
when(bindResult.isSuccess()).thenReturn(true);
membershipAttribute.add("tstark");
when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
// hasNext() returns 'true' the first time, then 'false' every time after.
when(membershipReader.hasNext()).thenReturn(true, false);
when(membershipReader.isEntry()).thenReturn(true);
when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
when(membershipSearchResult.getName()).thenReturn(resultDN);
groupNameAttribute.add(groupName);
when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
when(groupNameReader.hasNext()).thenReturn(true, false);
when(groupNameReader.isEntry()).thenReturn(true);
when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
when(connection.bind(any())).thenReturn(bindResult);
when(connection.search(any(), any(), eq("(&(objectClass=groupOfNames)(|(member=uid=tstark,)(member=uid=tstark,)))"), any())).thenReturn(groupNameReader);
when(connection.search(anyString(), any(), anyString(), matches("uid"))).thenReturn(membershipReader);
claimsHandler = new RoleClaimsHandler(new AttributeMapLoader(new SubjectUtils()));
ConnectionFactory mockConnectionFactory = mock(ConnectionFactory.class);
when(mockConnectionFactory.getConnection()).thenReturn(connection);
claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
claimsHandler.setBindMethod("Simple");
claimsHandler.setBindUserCredentials("foo");
claimsHandler.setBindUserDN("bar");
claimsParameters = new ClaimsParametersImpl(new UserPrincipal(USER_CN), new HashSet<>(), new HashMap<>());
processedClaims = claimsHandler.retrieveClaims(claimsParameters);
assertThat(processedClaims, hasSize(1));
Claim claim = processedClaims.get(0);
assertThat(claim.getValues(), hasSize(1));
assertThat(claim.getValues().get(0), equalTo(groupName));
}
use of ddf.security.service.impl.SubjectUtils in project ddf by codice.
the class IdpLogoutActionProviderTest method testGetAction.
@Test
public void testGetAction() throws Exception {
SecurityAssertion assertion = mock(SecurityAssertion.class);
Principal principal = mock(Principal.class);
when(principal.getName()).thenReturn("name");
when(assertion.getPrincipal()).thenReturn(principal);
when(assertion.getTokenType()).thenReturn("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
PrincipalCollection principalCollection = mock(PrincipalCollection.class);
List<SecurityAssertion> securityAssertions = Collections.singletonList(assertion);
when(principalCollection.byType(SecurityAssertion.class)).thenReturn(securityAssertions);
Subject subject = mock(Subject.class);
when(subject.getPrincipals()).thenReturn(principalCollection);
idpLogoutActionProvider.setSubjectOperations(new SubjectUtils());
Action action = idpLogoutActionProvider.getAction(ImmutableMap.of(SecurityConstants.SECURITY_SUBJECT, subject));
Assert.assertTrue("Expected the encrypted nameId and time", action.getUrl().getQuery().contains(URLEncoder.encode(nameIdTime)));
}
Aggregations