Search in sources :

Example 16 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class AbstractIntegrationTest method initFacades.

@SuppressWarnings({ "squid:S2696" /* writing to static ddfHome to share state between test methods */
})
@PostTestConstruct
public void initFacades() {
    RestAssured.config = RestAssuredConfig.config().xmlConfig(XmlConfig.xmlConfig().namespaceAware(false));
    ddfHome = System.getProperty(DDF_HOME_PROPERTY);
    adminConfig = new AdminConfig(configAdmin);
    Security security = new org.codice.ddf.security.impl.Security();
    ((org.codice.ddf.security.impl.Security) security).setSecurityLogger(new SecurityLoggerImpl(new SubjectUtils()));
    // This proxy runs the service manager as the system subject
    serviceManager = (ServiceManager) Proxy.newProxyInstance(AbstractIntegrationTest.class.getClassLoader(), ServiceManagerImpl.class.getInterfaces(), new ServiceManagerProxy(new ServiceManagerImpl(metatype, adminConfig, bundleContext, bundleService, features), security));
    catalogBundle = new CatalogBundle(serviceManager, adminConfig);
    securityPolicy = new SecurityPolicyConfigurator(serviceManager, configAdmin);
    urlResourceReaderConfigurator = new UrlResourceReaderConfigurator(configAdmin);
    console = new KarafConsole(bundleContext, features, sessionFactory);
}
Also used : SecurityLoggerImpl(ddf.security.audit.impl.SecurityLoggerImpl) SubjectUtils(ddf.security.service.impl.SubjectUtils) UrlResourceReaderConfigurator(org.codice.ddf.itests.common.config.UrlResourceReaderConfigurator) Security(org.codice.ddf.security.Security) SecurityPolicyConfigurator(org.codice.ddf.itests.common.security.SecurityPolicyConfigurator) PostTestConstruct(org.codice.ddf.test.common.annotations.PostTestConstruct)

Example 17 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class SecurityPolicyConfigurator method createChecker.

private Callable<Boolean> createChecker(final Map<String, Object> policyProperties) {
    final ContextPolicyManager ctxPolicyMgr = services.getService(ContextPolicyManager.class);
    final PolicyManager targetPolicies = new PolicyManager();
    targetPolicies.setSecurityLogger(new SecurityLoggerImpl(new SubjectUtils()));
    targetPolicies.setPolicies(policyProperties);
    return () -> {
        for (ContextPolicy policy : ctxPolicyMgr.getAllContextPolicies()) {
            ContextPolicy targetPolicy = targetPolicies.getContextPolicy(policy.getContextPath());
            if (targetPolicy == null || !targetPolicy.getContextPath().equals(policy.getContextPath()) || !targetPolicy.getAuthenticationMethods().containsAll(policy.getAuthenticationMethods()) || !targetPolicy.getAllowedAttributeNames().containsAll(policy.getAllowedAttributeNames())) {
                return false;
            }
        }
        return true;
    };
}
Also used : PolicyManager(org.codice.ddf.security.policy.context.impl.PolicyManager) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) SecurityLoggerImpl(ddf.security.audit.impl.SecurityLoggerImpl) SubjectUtils(ddf.security.service.impl.SubjectUtils) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)

Example 18 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNestedUserOU.

@Test
public void testRetrieveClaimsValuesNestedUserOU() throws LdapException, SearchResultReferenceIOException {
    BindResult bindResult = mock(BindResult.class);
    ClaimsParameters claimsParameters;
    Connection connection = mock(Connection.class);
    ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
    ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
    LinkedAttribute membershipAttribute = new LinkedAttribute("cn");
    LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
    ClaimsCollection processedClaims;
    RoleClaimsHandler claimsHandler;
    SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
    DN resultDN = DN.valueOf("uid=tstark,OU=nested,");
    SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
    String groupName = "avengers";
    when(bindResult.isSuccess()).thenReturn(true);
    membershipAttribute.add("tstark");
    when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
    // hasNext() returns 'true' the first time, then 'false' every time after.
    when(membershipReader.hasNext()).thenReturn(true, false);
    when(membershipReader.isEntry()).thenReturn(true);
    when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
    when(membershipSearchResult.getName()).thenReturn(resultDN);
    groupNameAttribute.add(groupName);
    when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
    when(groupNameReader.hasNext()).thenReturn(true, false);
    when(groupNameReader.isEntry()).thenReturn(true);
    when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
    when(connection.bind(any())).thenReturn(bindResult);
    when(connection.search(any(), any(), eq("(&(objectClass=groupOfNames)(|(member=cn=tstark,OU=nested,)(member=uid=tstark,OU=nested,)))"), any())).thenReturn(groupNameReader);
    when(connection.search(anyString(), any(), anyString(), matches("cn"))).thenReturn(membershipReader);
    claimsHandler = new RoleClaimsHandler(new AttributeMapLoader(new SubjectUtils()));
    ConnectionFactory mockConnectionFactory = mock(ConnectionFactory.class);
    when(mockConnectionFactory.getConnection()).thenReturn(connection);
    claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
    claimsHandler.setBindMethod("Simple");
    claimsHandler.setBindUserCredentials("foo");
    claimsHandler.setBindUserDN("bar");
    claimsHandler.setMembershipUserAttribute("cn");
    claimsHandler.setLoginUserAttribute("uid");
    claimsParameters = new ClaimsParametersImpl(new UserPrincipal(USER_CN), new HashSet<>(), new HashMap<>());
    processedClaims = claimsHandler.retrieveClaims(claimsParameters);
    assertThat(processedClaims, hasSize(1));
    Claim claim = processedClaims.get(0);
    assertThat(claim.getValues(), hasSize(1));
    assertThat(claim.getValues().get(0), equalTo(groupName));
}
Also used : SubjectUtils(ddf.security.service.impl.SubjectUtils) HashMap(java.util.HashMap) Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) ClaimsParameters(ddf.security.claims.ClaimsParameters) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) BindResult(org.forgerock.opendj.ldap.responses.BindResult) ClaimsCollection(ddf.security.claims.ClaimsCollection) Claim(ddf.security.claims.Claim) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 19 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNotNullPrincipal.

@Test
public void testRetrieveClaimsValuesNotNullPrincipal() throws LdapException, SearchResultReferenceIOException {
    BindResult bindResult = mock(BindResult.class);
    ClaimsParameters claimsParameters;
    Connection connection = mock(Connection.class);
    ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
    ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
    LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
    LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
    ClaimsCollection processedClaims;
    RoleClaimsHandler claimsHandler;
    SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
    DN resultDN = DN.valueOf("uid=tstark,");
    SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
    String groupName = "avengers";
    when(bindResult.isSuccess()).thenReturn(true);
    membershipAttribute.add("tstark");
    when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
    // hasNext() returns 'true' the first time, then 'false' every time after.
    when(membershipReader.hasNext()).thenReturn(true, false);
    when(membershipReader.isEntry()).thenReturn(true);
    when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
    when(membershipSearchResult.getName()).thenReturn(resultDN);
    groupNameAttribute.add(groupName);
    when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
    when(groupNameReader.hasNext()).thenReturn(true, false);
    when(groupNameReader.isEntry()).thenReturn(true);
    when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
    when(connection.bind(any())).thenReturn(bindResult);
    when(connection.search(any(), any(), eq("(&(objectClass=groupOfNames)(|(member=uid=tstark,)(member=uid=tstark,)))"), any())).thenReturn(groupNameReader);
    when(connection.search(anyString(), any(), anyString(), matches("uid"))).thenReturn(membershipReader);
    claimsHandler = new RoleClaimsHandler(new AttributeMapLoader(new SubjectUtils()));
    ConnectionFactory mockConnectionFactory = mock(ConnectionFactory.class);
    when(mockConnectionFactory.getConnection()).thenReturn(connection);
    claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
    claimsHandler.setBindMethod("Simple");
    claimsHandler.setBindUserCredentials("foo");
    claimsHandler.setBindUserDN("bar");
    claimsParameters = new ClaimsParametersImpl(new UserPrincipal(USER_CN), new HashSet<>(), new HashMap<>());
    processedClaims = claimsHandler.retrieveClaims(claimsParameters);
    assertThat(processedClaims, hasSize(1));
    Claim claim = processedClaims.get(0);
    assertThat(claim.getValues(), hasSize(1));
    assertThat(claim.getValues().get(0), equalTo(groupName));
}
Also used : SubjectUtils(ddf.security.service.impl.SubjectUtils) HashMap(java.util.HashMap) Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) ClaimsParameters(ddf.security.claims.ClaimsParameters) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory) ClaimsParametersImpl(ddf.security.claims.impl.ClaimsParametersImpl) BindResult(org.forgerock.opendj.ldap.responses.BindResult) ClaimsCollection(ddf.security.claims.ClaimsCollection) Claim(ddf.security.claims.Claim) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 20 with SubjectUtils

use of ddf.security.service.impl.SubjectUtils in project ddf by codice.

the class IdpLogoutActionProviderTest method testGetAction.

@Test
public void testGetAction() throws Exception {
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    Principal principal = mock(Principal.class);
    when(principal.getName()).thenReturn("name");
    when(assertion.getPrincipal()).thenReturn(principal);
    when(assertion.getTokenType()).thenReturn("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    List<SecurityAssertion> securityAssertions = Collections.singletonList(assertion);
    when(principalCollection.byType(SecurityAssertion.class)).thenReturn(securityAssertions);
    Subject subject = mock(Subject.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    idpLogoutActionProvider.setSubjectOperations(new SubjectUtils());
    Action action = idpLogoutActionProvider.getAction(ImmutableMap.of(SecurityConstants.SECURITY_SUBJECT, subject));
    Assert.assertTrue("Expected the encrypted nameId and time", action.getUrl().getQuery().contains(URLEncoder.encode(nameIdTime)));
}
Also used : SubjectUtils(ddf.security.service.impl.SubjectUtils) Action(ddf.action.Action) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Principal(java.security.Principal) Subject(org.apache.shiro.subject.Subject) Test(org.junit.Test)

Aggregations

SubjectUtils (ddf.security.service.impl.SubjectUtils)20 Test (org.junit.Test)10 Metacard (ddf.catalog.data.Metacard)5 DownloadStatusInfoImpl (ddf.catalog.event.retrievestatus.DownloadStatusInfoImpl)5 Before (org.junit.Before)5 Action (ddf.action.Action)4 ResourceCacheImpl (ddf.catalog.cache.impl.ResourceCacheImpl)4 ResourceResponse (ddf.catalog.operation.ResourceResponse)4 HashMap (java.util.HashMap)4 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)4 ActionProvider (ddf.action.ActionProvider)3 Claim (ddf.security.claims.Claim)3 ClaimsCollection (ddf.security.claims.ClaimsCollection)3 ClaimsParameters (ddf.security.claims.ClaimsParameters)3 ClaimsParametersImpl (ddf.security.claims.impl.ClaimsParametersImpl)3 HashSet (java.util.HashSet)3 UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)3 MockInputStream (ddf.catalog.cache.MockInputStream)2 SecurityLoggerImpl (ddf.security.audit.impl.SecurityLoggerImpl)2 IOException (java.io.IOException)2