Examples with BasicPrincipal io.trino.spi.security.BasicPrincipal used on opensource projects

Search in sources :

Example 6 with BasicPrincipal

use of io.trino.spi.security.BasicPrincipal in project trino by trinodb.

the class TestLdapAuthenticator method testSingleBindPattern.

@Test
public void testSingleBindPattern() throws Exception {
    try (DisposableSubContext organization = openLdapServer.createOrganization();
        DisposableSubContext ignored = openLdapServer.createUser(organization, "alice", "alice-pass")) {
        LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(client, new LdapConfig().setUserBindSearchPatterns("uid=${USER}," + organization.getDistinguishedName()));
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("alice", "invalid")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: Invalid credentials");
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("unknown", "alice-pass")).isInstanceOf(RuntimeException.class).hasMessageMatching("Access Denied: Invalid credentials");
        assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
    }
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) BasicPrincipal(io.trino.spi.security.BasicPrincipal) DisposableSubContext(io.trino.plugin.password.ldap.TestingOpenLdapServer.DisposableSubContext) Test(org.testng.annotations.Test)

Example 7 with BasicPrincipal

use of io.trino.spi.security.BasicPrincipal in project trino by trinodb.

the class TestLdapAuthenticator method testGroupMembership.

@Test
public void testGroupMembership() throws Exception {
    try (DisposableSubContext organization = openLdapServer.createOrganization();
        DisposableSubContext group = openLdapServer.createGroup(organization);
        DisposableSubContext alice = openLdapServer.createUser(organization, "alice", "alice-pass");
        DisposableSubContext ignored = openLdapServer.createUser(organization, "bob", "bob-pass")) {
        LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(client, new LdapConfig().setUserBindSearchPatterns("uid=${USER}," + organization.getDistinguishedName()).setUserBaseDistinguishedName(organization.getDistinguishedName()).setGroupAuthorizationSearchPattern(format("(&(objectClass=groupOfNames)(cn=group_*)(member=uid=${USER},%s))", organization.getDistinguishedName())));
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("alice", "invalid")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: Invalid credentials");
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("unknown", "alice-pass")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: Invalid credentials");
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("bob", "bob-pass")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: User \\[bob] not a member of an authorized group");
        openLdapServer.addUserToGroup(alice, group);
        assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
    }
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) BasicPrincipal(io.trino.spi.security.BasicPrincipal) DisposableSubContext(io.trino.plugin.password.ldap.TestingOpenLdapServer.DisposableSubContext) Test(org.testng.annotations.Test)

Example 8 with BasicPrincipal

use of io.trino.spi.security.BasicPrincipal in project trino by trinodb.

the class TestLdapAuthenticator method testDistinguishedNameLookup.

@Test
public void testDistinguishedNameLookup() throws Exception {
    try (DisposableSubContext organization = openLdapServer.createOrganization();
        DisposableSubContext group = openLdapServer.createGroup(organization);
        DisposableSubContext alice = openLdapServer.createUser(organization, "alice", "alice-pass");
        DisposableSubContext bob = openLdapServer.createUser(organization, "bob", "bob-pass")) {
        LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(client, new LdapConfig().setUserBaseDistinguishedName(organization.getDistinguishedName()).setGroupAuthorizationSearchPattern(format("(&(objectClass=inetOrgPerson)(memberof=%s))", group.getDistinguishedName())).setBindDistingushedName("cn=admin,dc=trino,dc=testldap,dc=com").setBindPassword("admin"));
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("unknown_user", "invalid")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: User \\[unknown_user] not a member of an authorized group");
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("alice", "invalid")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: User \\[alice] not a member of an authorized group");
        ldapAuthenticator.invalidateCache();
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: User \\[alice] not a member of an authorized group");
        ldapAuthenticator.invalidateCache();
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("bob", "bob-pass")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: User \\[bob] not a member of an authorized group");
        ldapAuthenticator.invalidateCache();
        openLdapServer.addUserToGroup(alice, group);
        assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
        ldapAuthenticator.invalidateCache();
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("alice", "invalid")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: Invalid credentials");
        ldapAuthenticator.invalidateCache();
        // Now group authorization filter will return multiple entries
        openLdapServer.addUserToGroup(bob, group);
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass")).isInstanceOf(AccessDeniedException.class).hasMessageMatching("Access Denied: Multiple group membership results for user \\[alice].*");
        ldapAuthenticator.invalidateCache();
    }
}
Also used : AccessDeniedException(io.trino.spi.security.AccessDeniedException) BasicPrincipal(io.trino.spi.security.BasicPrincipal) DisposableSubContext(io.trino.plugin.password.ldap.TestingOpenLdapServer.DisposableSubContext) Test(org.testng.annotations.Test)

Example 9 with BasicPrincipal

use of io.trino.spi.security.BasicPrincipal in project trino by trinodb.

the class TestLdapAuthenticator method testMultipleBindPattern.

@Test
public void testMultipleBindPattern() throws Exception {
    try (DisposableSubContext organization = openLdapServer.createOrganization();
        DisposableSubContext alternativeOrganization = openLdapServer.createOrganization();
        DisposableSubContext ignored = openLdapServer.createUser(organization, "alice", "alice-pass");
        DisposableSubContext ignored1 = openLdapServer.createUser(alternativeOrganization, "bob", "bob-pass");
        DisposableSubContext ignored2 = openLdapServer.createUser(alternativeOrganization, "alice", "alt-alice-pass")) {
        LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(client, new LdapConfig().setUserBindSearchPatterns(format("uid=${USER},%s:uid=${USER},%s", organization.getDistinguishedName(), alternativeOrganization.getDistinguishedName())));
        assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
        ldapAuthenticator.invalidateCache();
        assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("bob", "bob-pass"), new BasicPrincipal("bob"));
        ldapAuthenticator.invalidateCache();
        assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alt-alice-pass"), new BasicPrincipal("alice"));
        ldapAuthenticator.invalidateCache();
        assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
        ldapAuthenticator.invalidateCache();
    }
}
Also used : BasicPrincipal(io.trino.spi.security.BasicPrincipal) DisposableSubContext(io.trino.plugin.password.ldap.TestingOpenLdapServer.DisposableSubContext) Test(org.testng.annotations.Test)

Example 10 with BasicPrincipal

use of io.trino.spi.security.BasicPrincipal in project trino by trinodb.

the class TestLdapAuthenticatorWithTimeouts method testReadTimeout.

@Test
public void testReadTimeout() throws Exception {
    try (DisposableSubContext organization = openLdapServer.createOrganization();
        DisposableSubContext group = openLdapServer.createGroup(organization);
        DisposableSubContext alice = openLdapServer.createUser(organization, "alice", "alice-pass")) {
        openLdapServer.addUserToGroup(alice, group);
        LdapConfig ldapConfig = new LdapConfig().setLdapUrl(proxyLdapUrl).setLdapReadTimeout(new Duration(1, SECONDS)).setUserBindSearchPatterns("uid=${USER}," + organization.getDistinguishedName()).setUserBaseDistinguishedName(organization.getDistinguishedName()).setGroupAuthorizationSearchPattern(format("(&(objectClass=groupOfNames)(cn=group_*)(member=uid=${USER},%s))", organization.getDistinguishedName()));
        LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(new JdkLdapAuthenticatorClient(ldapConfig), ldapConfig);
        assertThatThrownBy(() -> ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass")).isInstanceOf(RuntimeException.class).hasMessageMatching(".*Authentication error.*");
        LdapConfig withIncreasedTimeout = ldapConfig.setLdapReadTimeout(new Duration(30, SECONDS));
        assertEquals(new LdapAuthenticator(new JdkLdapAuthenticatorClient(withIncreasedTimeout), withIncreasedTimeout).createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
    }
}
Also used : BasicPrincipal(io.trino.spi.security.BasicPrincipal) Duration(io.airlift.units.Duration) DisposableSubContext(io.trino.plugin.password.ldap.TestingOpenLdapServer.DisposableSubContext) Test(org.testng.annotations.Test)

Aggregations

BasicPrincipal (io.trino.spi.security.BasicPrincipal)12 DisposableSubContext (io.trino.plugin.password.ldap.TestingOpenLdapServer.DisposableSubContext)6 AccessDeniedException (io.trino.spi.security.AccessDeniedException)6 Test (org.testng.annotations.Test)6 ImmutableSet (com.google.common.collect.ImmutableSet)3 Identity (io.trino.spi.security.Identity)3 Objects.requireNonNull (java.util.Objects.requireNonNull)3 Optional (java.util.Optional)3 Inject (javax.inject.Inject)3 ContainerRequestContext (javax.ws.rs.container.ContainerRequestContext)3 Duration (io.airlift.units.Duration)2 URI (java.net.URI)2 MoreObjects.firstNonNull (com.google.common.base.MoreObjects.firstNonNull)1 Preconditions.checkState (com.google.common.base.Preconditions.checkState)1 CacheBuilder (com.google.common.cache.CacheBuilder)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 Iterables.getOnlyElement (com.google.common.collect.Iterables.getOnlyElement)1 Escaper (com.google.common.escape.Escaper)1 Hashing (com.google.common.hash.Hashing)1 Resources (com.google.common.io.Resources)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial