use of org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper in project alfresco-remote-api by Alfresco.
the class InterceptingIdentityRemoteUserMapper method createRemoteUserMapperToUseForTheTest.
private RemoteUserMapper createRemoteUserMapperToUseForTheTest(boolean useIdentityService) {
PersonService personServiceLocal = (PersonService) applicationContext.getBean("PersonService");
RemoteUserMapper remoteUserMapper;
if (useIdentityService) {
InterceptingIdentityRemoteUserMapper interceptingRemoteUserMapper = new InterceptingIdentityRemoteUserMapper();
interceptingRemoteUserMapper.setActive(true);
interceptingRemoteUserMapper.setPersonService(personServiceLocal);
interceptingRemoteUserMapper.setIdentityServiceDeployment(null);
interceptingRemoteUserMapper.setUserIdToReturn(user2);
remoteUserMapper = interceptingRemoteUserMapper;
} else {
DefaultRemoteUserMapper interceptingRemoteUserMapper = new InterceptingDefaultRemoteUserMapper();
interceptingRemoteUserMapper.setActive(true);
interceptingRemoteUserMapper.setPersonService(personServiceLocal);
interceptingRemoteUserMapper.setProxyUserName(null);
remoteUserMapper = interceptingRemoteUserMapper;
}
return remoteUserMapper;
}
use of org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper in project alfresco-remote-api by Alfresco.
the class InterceptingIdentityRemoteUserMapper method checkGetTicketViaBearerAuthHeader.
/**
* @param useIdentityService if not true we use "external" authentication in the chain,
* if it is true we use "identity-service"
*/
private void checkGetTicketViaBearerAuthHeader(boolean useIdentityService) throws Exception {
final String folderName = "F2_" + GUID.generate();
Paging paging = getPaging(0, 100);
LoginTicket loginRequest = null;
LoginTicketResponse validatedTicket = null;
HttpResponse response = null;
Map<String, String> header = new HashMap<>();
runPreCheckToEnsureBasicFunctionalityWorks(folderName, paging);
RemoteUserMapper remoteUserMapper = createRemoteUserMapperToUseForTheTest(useIdentityService);
setupAuthChainForTest(useIdentityService, remoteUserMapper);
if (!useIdentityService) {
// these tests run by default with multi tenancy enabled
header.put("X-Alfresco-Remote-User", buildUserNameMultiTenancyAware());
response = getAll(getNodeChildrenUrl(Nodes.PATH_MY), paging, null, header, 200);
List<Document> nodes = RestApiUtil.parseRestApiEntries(response.getJsonResponse(), Document.class);
// this is "someUserName" user home, and it should be empty
assertEquals(0, nodes.size());
}
// check that without an Authorization header, we still can't get the ticket
getSingle(TICKETS_URL, People.DEFAULT_USER, null, header, TICKETS_API_NAME, 400);
Map<String, String> headersWtihBasicAuth = new HashMap<>(header);
headersWtihBasicAuth.put("Authorization", "basic " + encodeB64("someRandomString"));
// "someRandomString" will be considered the ticket, and that is not valid still
getSingle(TICKETS_URL, People.DEFAULT_USER, null, headersWtihBasicAuth, TICKETS_API_NAME, 404);
checkRemoteUserMapperWasCalled(useIdentityService);
reset(useIdentityService);
headersWtihBasicAuth = new HashMap<>(header);
headersWtihBasicAuth.put("Authorization", "basic " + encodeB64(user2 + ":user2password"));
// only "Ticket base authentication required." is accepted
getSingle(TICKETS_URL, People.DEFAULT_USER, null, headersWtihBasicAuth, TICKETS_API_NAME, 400);
checkRemoteUserMapperWasCalled(useIdentityService);
// now, for the big test. use "someOtherRandomString" as the ticket, because we override the IdentityServiceRemoteUserMapper in our test
reset(useIdentityService);
header.put("Authorization", "bearer " + "someOtherRandomString");
// NOTE: external authentication (using the DefaultRemoteUserMapper) could be used to login
// if you include some value in the "bearer" authorization header;
// We consider this not to be a big problem since we trust external uses with any api call
response = getSingle(TICKETS_URL, People.DEFAULT_USER, null, header, TICKETS_API_NAME, 200);
validatedTicket = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
assertNotNull("We should have gotten a valid ticket id", validatedTicket.getId());
checkRemoteUserMapperWasCalled(useIdentityService);
reset(useIdentityService);
}
use of org.alfresco.repo.security.authentication.external.DefaultRemoteUserMapper in project alfresco-remote-api by Alfresco.
the class BlockingRemoteUserMapper method checkExtAuthStillWorks.
private void checkExtAuthStillWorks(RequiredAuthentication required, Set<String> families) {
blockingRemoteUserMapper.reset();
DefaultRemoteUserMapper defaultRemoteUserMapper = new DefaultRemoteUserMapper();
defaultRemoteUserMapper.setActive(true);
defaultRemoteUserMapper.setProxyUserName(null);
defaultRemoteUserMapper.setPersonService(personService);
remoteUserAuthenticatorFactory.setRemoteUserMapper(defaultRemoteUserMapper);
HttpServletRequest mockHttpRequest = mock(HttpServletRequest.class);
when(mockHttpRequest.getScheme()).thenReturn("http");
final String userName = "RAFACAT_usr_" + (int) (Math.random() * 1000);
when(mockHttpRequest.getHeader(proxyHeader)).thenReturn(userName);
WebScriptServletRequest mockRequest = mock(WebScriptServletRequest.class);
when(mockRequest.getHttpServletRequest()).thenReturn(mockHttpRequest);
WebScript mockWebScript = mock(WebScript.class);
Match mockMatch = new Match("fake", Collections.EMPTY_MAP, "whatever", mockWebScript);
when(mockRequest.getServiceMatch()).thenReturn(mockMatch);
Description mockDescription = mock(Description.class);
when(mockWebScript.getDescription()).thenReturn(mockDescription);
when(mockDescription.getFamilys()).thenReturn(families);
WebScriptServletResponse mockResponse = prepareMockResponse();
Authenticator authenticator = remoteUserAuthenticatorFactory.create(mockRequest, mockResponse);
final boolean authenticated = authenticator.authenticate(required, false);
assertTrue("This should be authenticating with external auth", authenticated);
assertFalse("We have been using the DefaultRemoteUserMapper, so our BlockingRemoteUserMapper shouldn't have been called", blockingRemoteUserMapper.isWasInterrupted());
assertEquals("BlockingRemoteUserMapper shouldn't have been called", blockingRemoteUserMapper.getTimePassed(), 0);
}
Aggregations