use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class BasicHTTPAuthenticatorTest method testGoodPasswordWithValidator.
@Test
public void testGoodPasswordWithValidator() throws IOException, ServletException {
CredentialsValidator validator = EasyMock.createMock(CredentialsValidator.class);
BasicHTTPAuthenticator authenticatorWithValidator = new BasicHTTPAuthenticator(CACHE_MANAGER_PROVIDER, "basic", "basic", null, null, false, null, null, false, validator);
String header = StringUtils.utf8Base64("userA:helloworld");
header = StringUtils.format("Basic %s", header);
EasyMock.expect(validator.validateCredentials(EasyMock.eq("basic"), EasyMock.eq("basic"), EasyMock.eq("userA"), EasyMock.aryEq("helloworld".toCharArray()))).andReturn(new AuthenticationResult("userA", "basic", "basic", null)).times(1);
EasyMock.replay(validator);
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
req.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, new AuthenticationResult("userA", "basic", "basic", null));
EasyMock.expectLastCall().times(1);
EasyMock.replay(req);
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
EasyMock.replay(resp);
FilterChain filterChain = EasyMock.createMock(FilterChain.class);
filterChain.doFilter(req, resp);
EasyMock.expectLastCall().times(1);
EasyMock.replay(filterChain);
Filter authenticatorFilter = authenticatorWithValidator.getFilter();
authenticatorFilter.doFilter(req, resp, filterChain);
EasyMock.verify(req, resp, validator, filterChain);
}
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class DBCredentialsValidatorTest method validateMissingUser.
@Test
public void validateMissingUser() {
String authenticatorName = "basic";
String authorizerName = "basic";
String username = "userC";
String password = "helloworld";
AuthenticationResult result = validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray());
Assert.assertNull(result);
}
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class DBCredentialsValidatorTest method validateGoodCredentials.
@Test
public void validateGoodCredentials() {
String authenticatorName = "basic";
String authorizerName = "basic";
String username = "userA";
String password = "helloworld";
AuthenticationResult result = validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray());
Assert.assertNotNull(result);
Assert.assertEquals(username, result.getIdentity());
Assert.assertEquals(authenticatorName, result.getAuthenticatedBy());
Assert.assertEquals(authorizerName, result.getAuthorizerName());
Assert.assertNull(result.getContext());
}
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class BasicRoleBasedAuthorizerTest method testAuthGroupMappingPatternRightMask.
@Test
public void testAuthGroupMappingPatternRightMask() {
// Admin
BasicAuthorizerGroupMapping adminGrroupMapping = new BasicAuthorizerGroupMapping("adminGrroupMapping", "CN=admin,*", null);
updater.createGroupMapping(LDAP_AUTHORIZER_NAME, adminGrroupMapping);
updater.createRole(LDAP_AUTHORIZER_NAME, "adminDruidRole");
updater.assignGroupMappingRole(LDAP_AUTHORIZER_NAME, "adminGrroupMapping", "adminDruidRole");
List<ResourceAction> adminPermissions = Arrays.asList(new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE), new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.READ));
updater.setPermissions(LDAP_AUTHORIZER_NAME, "adminDruidRole", adminPermissions);
// User
BasicAuthorizerGroupMapping userGrroupMapping = new BasicAuthorizerGroupMapping("userGrroupMapping", "CN=user,*", null);
updater.createGroupMapping(LDAP_AUTHORIZER_NAME, userGrroupMapping);
updater.createRole(LDAP_AUTHORIZER_NAME, "userDruidRole");
updater.assignGroupMappingRole(LDAP_AUTHORIZER_NAME, "userGrroupMapping", "userDruidRole");
List<ResourceAction> userPermissions = Collections.singletonList(new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.READ));
updater.setPermissions(LDAP_AUTHORIZER_NAME, "userDruidRole", userPermissions);
Map<String, Object> contexMap = new HashMap<>();
contexMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, adminSearchResult);
AuthenticationResult authenticationResult = new AuthenticationResult("druidadmin", "druid", null, contexMap);
Access access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.READ);
Assert.assertTrue(access.isAllowed());
access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE);
Assert.assertTrue(access.isAllowed());
access = ldapAuthorizer.authorize(authenticationResult, new Resource("wrongResource", ResourceType.DATASOURCE), Action.WRITE);
Assert.assertFalse(access.isAllowed());
contexMap = new HashMap<>();
contexMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, userSearchResult);
authenticationResult = new AuthenticationResult("druiduser", "druid", null, contexMap);
access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE);
Assert.assertFalse(access.isAllowed());
access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.READ);
Assert.assertTrue(access.isAllowed());
access = ldapAuthorizer.authorize(authenticationResult, new Resource("wrongResource", ResourceType.DATASOURCE), Action.READ);
Assert.assertFalse(access.isAllowed());
}
use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.
the class BasicRoleBasedAuthorizerTest method testAuthMissingGroupMapping.
@Test
public void testAuthMissingGroupMapping() {
BasicAuthorizerGroupMapping groupMapping = new BasicAuthorizerGroupMapping("druidGroupMapping", "CN=unknown,*", null);
updater.createGroupMapping(LDAP_AUTHORIZER_NAME, groupMapping);
updater.createRole(LDAP_AUTHORIZER_NAME, "druidRole");
updater.assignGroupMappingRole(LDAP_AUTHORIZER_NAME, "druidGroupMapping", "druidRole");
List<ResourceAction> permissions = Arrays.asList(new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE), new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.READ));
updater.setPermissions(LDAP_AUTHORIZER_NAME, "druidRole", permissions);
Map<String, Object> contexMap = new HashMap<>();
contexMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, userSearchResult);
AuthenticationResult authenticationResult = new AuthenticationResult("druiduser", "druid", null, contexMap);
Access access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE);
Assert.assertFalse(access.isAllowed());
access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.READ);
Assert.assertFalse(access.isAllowed());
access = ldapAuthorizer.authorize(authenticationResult, new Resource("wrongResource", ResourceType.DATASOURCE), Action.WRITE);
Assert.assertFalse(access.isAllowed());
access = ldapAuthorizer.authorize(authenticationResult, new Resource("wrongResource", ResourceType.DATASOURCE), Action.READ);
Assert.assertFalse(access.isAllowed());
}
Aggregations