Search in sources :

Example 1 with DefaultRemoteUserMapper

use of org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper in project alfresco-remote-api by Alfresco.

the class InterceptingIdentityRemoteUserMapper method createRemoteUserMapperToUseForTheTest.

private RemoteUserMapper createRemoteUserMapperToUseForTheTest(boolean useIdentityService) {
    PersonService personServiceLocal = (PersonService) applicationContext.getBean("PersonService");
    RemoteUserMapper remoteUserMapper;
    if (useIdentityService) {
        InterceptingIdentityRemoteUserMapper interceptingRemoteUserMapper = new InterceptingIdentityRemoteUserMapper();
        interceptingRemoteUserMapper.setActive(true);
        interceptingRemoteUserMapper.setPersonService(personServiceLocal);
        interceptingRemoteUserMapper.setIdentityServiceDeployment(null);
        interceptingRemoteUserMapper.setUserIdToReturn(user2);
        remoteUserMapper = interceptingRemoteUserMapper;
    } else {
        DefaultRemoteUserMapper interceptingRemoteUserMapper = new InterceptingDefaultRemoteUserMapper();
        interceptingRemoteUserMapper.setActive(true);
        interceptingRemoteUserMapper.setPersonService(personServiceLocal);
        interceptingRemoteUserMapper.setProxyUserName(null);
        remoteUserMapper = interceptingRemoteUserMapper;
    }
    return remoteUserMapper;
}
Also used : RemoteUserMapper(org.alfresco.repo.security.authentication.external.RemoteUserMapper) DefaultRemoteUserMapper(org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper) IdentityServiceRemoteUserMapper(org.alfresco.repo.security.authentication.identityservice.IdentityServiceRemoteUserMapper) DefaultRemoteUserMapper(org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper) PersonService(org.alfresco.service.cmr.security.PersonService)

Example 2 with DefaultRemoteUserMapper

use of org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper in project alfresco-remote-api by Alfresco.

the class InterceptingIdentityRemoteUserMapper method checkGetTicketViaBearerAuthHeader.

/**
 * @param useIdentityService if not true we use "external" authentication in the chain,
 *                           if it is true we use "identity-service"
 */
private void checkGetTicketViaBearerAuthHeader(boolean useIdentityService) throws Exception {
    final String folderName = "F2_" + GUID.generate();
    Paging paging = getPaging(0, 100);
    LoginTicket loginRequest = null;
    LoginTicketResponse validatedTicket = null;
    HttpResponse response = null;
    Map<String, String> header = new HashMap<>();
    runPreCheckToEnsureBasicFunctionalityWorks(folderName, paging);
    RemoteUserMapper remoteUserMapper = createRemoteUserMapperToUseForTheTest(useIdentityService);
    setupAuthChainForTest(useIdentityService, remoteUserMapper);
    if (!useIdentityService) {
        // these tests run by default with multi tenancy enabled
        header.put("X-Alfresco-Remote-User", buildUserNameMultiTenancyAware());
        response = getAll(getNodeChildrenUrl(Nodes.PATH_MY), paging, null, header, 200);
        List<Document> nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class);
        // this is "someUserName" user home, and it should be empty
        assertEquals(0, nodes.size());
    }
    // check that without an Authorization header, we still can't get the ticket
    getSingle(TICKETS_URL, People.DEFAULT_USER, null, header, TICKETS_API_NAME, 400);
    Map<String, String> headersWtihBasicAuth = new HashMap<>(header);
    headersWtihBasicAuth.put("Authorization", "basic " + encodeB64("someRandomString"));
    // "someRandomString" will be considered the ticket, and that is not valid still
    getSingle(TICKETS_URL, People.DEFAULT_USER, null, headersWtihBasicAuth, TICKETS_API_NAME, 404);
    checkRemoteUserMapperWasCalled(useIdentityService);
    reset(useIdentityService);
    headersWtihBasicAuth = new HashMap<>(header);
    headersWtihBasicAuth.put("Authorization", "basic " + encodeB64(user2 + ":user2password"));
    // only "Ticket base authentication required." is accepted
    getSingle(TICKETS_URL, People.DEFAULT_USER, null, headersWtihBasicAuth, TICKETS_API_NAME, 400);
    checkRemoteUserMapperWasCalled(useIdentityService);
    // now, for the big test. use "someOtherRandomString" as the ticket, because we override the IdentityServiceRemoteUserMapper in our test
    reset(useIdentityService);
    header.put("Authorization", "bearer " + "someOtherRandomString");
    // NOTE: external authentication (using the DefaultRemoteUserMapper) could be used to login
    // if you include some value in the "bearer" authorization header;
    // We consider this not to be a big problem since we trust external uses with any api call
    response = getSingle(TICKETS_URL, People.DEFAULT_USER, null, header, TICKETS_API_NAME, 200);
    validatedTicket = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
    assertNotNull("We should have gotten a valid ticket id", validatedTicket.getId());
    checkRemoteUserMapperWasCalled(useIdentityService);
    reset(useIdentityService);
}
Also used : LoginTicketResponse(org.alfresco.rest.api.model.LoginTicketResponse) RemoteUserMapper(org.alfresco.repo.security.authentication.external.RemoteUserMapper) DefaultRemoteUserMapper(org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper) IdentityServiceRemoteUserMapper(org.alfresco.repo.security.authentication.identityservice.IdentityServiceRemoteUserMapper) HashMap(java.util.HashMap) Paging(org.alfresco.rest.api.tests.client.PublicApiClient.Paging) HttpResponse(org.alfresco.rest.api.tests.client.HttpResponse) Document(org.alfresco.rest.api.tests.client.data.Document) LoginTicket(org.alfresco.rest.api.model.LoginTicket)

Example 3 with DefaultRemoteUserMapper

use of org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper in project alfresco-remote-api by Alfresco.

the class BlockingRemoteUserMapper method checkExtAuthStillWorks.

private void checkExtAuthStillWorks(RequiredAuthentication required, Set<String> families) {
    blockingRemoteUserMapper.reset();
    DefaultRemoteUserMapper defaultRemoteUserMapper = new DefaultRemoteUserMapper();
    defaultRemoteUserMapper.setActive(true);
    defaultRemoteUserMapper.setProxyUserName(null);
    defaultRemoteUserMapper.setPersonService(personService);
    remoteUserAuthenticatorFactory.setRemoteUserMapper(defaultRemoteUserMapper);
    HttpServletRequest mockHttpRequest = mock(HttpServletRequest.class);
    when(mockHttpRequest.getScheme()).thenReturn("http");
    final String userName = "RAFACAT_usr_" + (int) (Math.random() * 1000);
    when(mockHttpRequest.getHeader(proxyHeader)).thenReturn(userName);
    WebScriptServletRequest mockRequest = mock(WebScriptServletRequest.class);
    when(mockRequest.getHttpServletRequest()).thenReturn(mockHttpRequest);
    WebScript mockWebScript = mock(WebScript.class);
    Match mockMatch = new Match("fake", Collections.EMPTY_MAP, "whatever", mockWebScript);
    when(mockRequest.getServiceMatch()).thenReturn(mockMatch);
    Description mockDescription = mock(Description.class);
    when(mockWebScript.getDescription()).thenReturn(mockDescription);
    when(mockDescription.getFamilys()).thenReturn(families);
    WebScriptServletResponse mockResponse = prepareMockResponse();
    Authenticator authenticator = remoteUserAuthenticatorFactory.create(mockRequest, mockResponse);
    final boolean authenticated = authenticator.authenticate(required, false);
    assertTrue("This should be authenticating with external auth", authenticated);
    assertFalse("We have been using the DefaultRemoteUserMapper, so our BlockingRemoteUserMapper shouldn't have been called", blockingRemoteUserMapper.isWasInterrupted());
    assertEquals("BlockingRemoteUserMapper shouldn't have been called", blockingRemoteUserMapper.getTimePassed(), 0);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Description(org.springframework.extensions.webscripts.Description) DefaultRemoteUserMapper(org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper) WebScriptServletResponse(org.springframework.extensions.webscripts.servlet.WebScriptServletResponse) WebScriptServletRequest(org.springframework.extensions.webscripts.servlet.WebScriptServletRequest) WebScript(org.springframework.extensions.webscripts.WebScript) Authenticator(org.springframework.extensions.webscripts.Authenticator) Match(org.springframework.extensions.webscripts.Match)

Aggregations

DefaultRemoteUserMapper (org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper)3 RemoteUserMapper (org.alfresco.repo.security.authentication.external.RemoteUserMapper)2 IdentityServiceRemoteUserMapper (org.alfresco.repo.security.authentication.identityservice.IdentityServiceRemoteUserMapper)2 HashMap (java.util.HashMap)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 LoginTicket (org.alfresco.rest.api.model.LoginTicket)1 LoginTicketResponse (org.alfresco.rest.api.model.LoginTicketResponse)1 HttpResponse (org.alfresco.rest.api.tests.client.HttpResponse)1 Paging (org.alfresco.rest.api.tests.client.PublicApiClient.Paging)1 Document (org.alfresco.rest.api.tests.client.data.Document)1 PersonService (org.alfresco.service.cmr.security.PersonService)1 Authenticator (org.springframework.extensions.webscripts.Authenticator)1 Description (org.springframework.extensions.webscripts.Description)1 Match (org.springframework.extensions.webscripts.Match)1 WebScript (org.springframework.extensions.webscripts.WebScript)1 WebScriptServletRequest (org.springframework.extensions.webscripts.servlet.WebScriptServletRequest)1 WebScriptServletResponse (org.springframework.extensions.webscripts.servlet.WebScriptServletResponse)1