Search in sources :

Example 61 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project cxf by apache.

the class AccessTokenValidatorService method checkSecurityContext.

private void checkSecurityContext() {
    SecurityContext sc = getMessageContext().getSecurityContext();
    if (!sc.isSecure() && blockUnsecureRequests) {
        LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    if (sc.getUserPrincipal() == null && blockUnauthorizedRequests) {
        // TODO: check client certificates
        LOG.warning("Authenticated Principal is not available");
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
}
Also used : SecurityContext(javax.ws.rs.core.SecurityContext)

Example 62 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project cxf by apache.

the class TokenIntrospectionService method checkSecurityContext.

private void checkSecurityContext() {
    SecurityContext sc = mc.getSecurityContext();
    if (!sc.isSecure() && blockUnsecureRequests) {
        LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
        ExceptionUtils.toNotAuthorizedException(null, null);
    }
    if (sc.getUserPrincipal() == null && blockUnauthorizedRequests) {
        LOG.warning("Authenticated Principal is not available");
        ExceptionUtils.toNotAuthorizedException(null, null);
    }
}
Also used : SecurityContext(javax.ws.rs.core.SecurityContext)

Example 63 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project coprhd-controller by CoprHD.

the class PasswordServiceTest method testUpdatePassword.

@Test
public void testUpdatePassword() {
    PasswordService passwordResource = new PasswordService();
    passwordResource.setPropertiesMetadata(_propertiesMetadata);
    passwordResource.setAuditLogManager(new DummyAuditLogManager());
    PasswordUpdateParam passwordUpdate = getDummyPasswordUpdate("!changeMe3", null);
    passwordUpdate.setOldPassword("changeMe");
    LocalPasswordHandler ph = getDummyLocalPasswordHandler();
    ph.setLocalUsers(createLocalUsers());
    ph.setDbClient(new DummyDbClient());
    ph.setEncryptionProvider(provider);
    passwordResource.setPasswordHandler(ph);
    SecurityContext sc = new DummySecurityContext(LOCAL_ROOT);
    passwordResource.setSecurityContext(sc);
    Response res = passwordResource.updatePassword(null, null, passwordUpdate, false);
    int statusCode = res.getStatus();
    Assert.assertTrue("updatePassword failed with code " + statusCode + ": " + res.getEntity().toString(), statusCode == Status.OK.getStatusCode());
    sc = new DummySecurityContext(LOCAL_PROXYUSER);
    passwordResource.setSecurityContext(sc);
    res = passwordResource.updatePassword(null, null, passwordUpdate, false);
    statusCode = res.getStatus();
    Assert.assertTrue("updatePassword failed with code " + statusCode + ": " + res.getEntity().toString(), statusCode == Status.OK.getStatusCode());
}
Also used : Response(javax.ws.rs.core.Response) DummyDbClient(com.emc.storageos.util.DummyDbClient) SecurityContext(javax.ws.rs.core.SecurityContext) PasswordUpdateParam(com.emc.storageos.model.password.PasswordUpdateParam) LocalPasswordHandler(com.emc.storageos.systemservices.impl.util.LocalPasswordHandler) Test(org.junit.Test)

Example 64 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project coprhd-controller by CoprHD.

the class PasswordServiceTest method testUpdateUserPasswordNonExistingUser.

@Test(expected = BadRequestException.class)
public void testUpdateUserPasswordNonExistingUser() {
    PasswordService passwordResource = new PasswordService();
    passwordResource.setPropertiesMetadata(_propertiesMetadata);
    passwordResource.setAuditLogManager(new DummyAuditLogManager());
    PasswordResetParam passwordUpdate = getDummyPasswordReset("user123", "!changeme", "");
    LocalPasswordHandler ph = getDummyLocalPasswordHandler();
    ph.setLocalUsers(createLocalUsers());
    passwordResource.setPasswordHandler(ph);
    SecurityContext sc = new DummySecurityContext("root");
    passwordResource.setSecurityContext(sc);
    Response res = passwordResource.updateUserPassword(passwordUpdate, false);
}
Also used : Response(javax.ws.rs.core.Response) PasswordResetParam(com.emc.storageos.model.password.PasswordResetParam) SecurityContext(javax.ws.rs.core.SecurityContext) LocalPasswordHandler(com.emc.storageos.systemservices.impl.util.LocalPasswordHandler) Test(org.junit.Test)

Example 65 with SecurityContext

use of javax.ws.rs.core.SecurityContext in project coprhd-controller by CoprHD.

the class PasswordServiceTest method testUpdatePasswordNoPrincipal.

@Test(expected = ForbiddenException.class)
public void testUpdatePasswordNoPrincipal() {
    PasswordService passwordResource = new PasswordService();
    passwordResource.setPropertiesMetadata(_propertiesMetadata);
    passwordResource.setAuditLogManager(new DummyAuditLogManager());
    PasswordUpdateParam passwordUpdate = getDummyPasswordUpdate("!changeme", null);
    LocalPasswordHandler ph = getPasswordHandler();
    passwordResource.setPasswordHandler(ph);
    SecurityContext sc = new DummySecurityContext("noprincipal");
    passwordResource.setSecurityContext(sc);
    Response res = passwordResource.updatePassword(null, null, passwordUpdate, false);
    res.getStatus();
}
Also used : Response(javax.ws.rs.core.Response) SecurityContext(javax.ws.rs.core.SecurityContext) PasswordUpdateParam(com.emc.storageos.model.password.PasswordUpdateParam) LocalPasswordHandler(com.emc.storageos.systemservices.impl.util.LocalPasswordHandler) Test(org.junit.Test)

Aggregations

SecurityContext (javax.ws.rs.core.SecurityContext)77 Response (javax.ws.rs.core.Response)30 Context (javax.ws.rs.core.Context)18 Test (org.junit.Test)18 List (java.util.List)17 Principal (java.security.Principal)16 LoggerFactory (org.slf4j.LoggerFactory)16 Logger (org.slf4j.Logger)12 ArrayList (java.util.ArrayList)11 Collectors (java.util.stream.Collectors)11 Path (javax.ws.rs.Path)11 IOException (java.io.IOException)10 POST (javax.ws.rs.POST)8 LocalPasswordHandler (com.emc.storageos.systemservices.impl.util.LocalPasswordHandler)6 GET (javax.ws.rs.GET)6 PathParam (javax.ws.rs.PathParam)6 Produces (javax.ws.rs.Produces)6 MediaType (javax.ws.rs.core.MediaType)6 Status (javax.ws.rs.core.Response.Status)6 UriInfo (javax.ws.rs.core.UriInfo)6