Search in sources :

Example 21 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class BasicHTTPAuthenticatorTest method testGoodPasswordWithValidator.

@Test
public void testGoodPasswordWithValidator() throws IOException, ServletException {
    CredentialsValidator validator = EasyMock.createMock(CredentialsValidator.class);
    BasicHTTPAuthenticator authenticatorWithValidator = new BasicHTTPAuthenticator(CACHE_MANAGER_PROVIDER, "basic", "basic", null, null, false, null, null, false, validator);
    String header = StringUtils.utf8Base64("userA:helloworld");
    header = StringUtils.format("Basic %s", header);
    EasyMock.expect(validator.validateCredentials(EasyMock.eq("basic"), EasyMock.eq("basic"), EasyMock.eq("userA"), EasyMock.aryEq("helloworld".toCharArray()))).andReturn(new AuthenticationResult("userA", "basic", "basic", null)).times(1);
    EasyMock.replay(validator);
    HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
    EasyMock.expect(req.getHeader("Authorization")).andReturn(header);
    req.setAttribute(AuthConfig.DRUID_AUTHENTICATION_RESULT, new AuthenticationResult("userA", "basic", "basic", null));
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(req);
    HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
    EasyMock.replay(resp);
    FilterChain filterChain = EasyMock.createMock(FilterChain.class);
    filterChain.doFilter(req, resp);
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(filterChain);
    Filter authenticatorFilter = authenticatorWithValidator.getFilter();
    authenticatorFilter.doFilter(req, resp, filterChain);
    EasyMock.verify(req, resp, validator, filterChain);
}
Also used : BasicHTTPAuthenticator(org.apache.druid.security.basic.authentication.BasicHTTPAuthenticator) HttpServletRequest(javax.servlet.http.HttpServletRequest) Filter(javax.servlet.Filter) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) CredentialsValidator(org.apache.druid.security.basic.authentication.validator.CredentialsValidator) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 22 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class DBCredentialsValidatorTest method validateMissingUser.

@Test
public void validateMissingUser() {
    String authenticatorName = "basic";
    String authorizerName = "basic";
    String username = "userC";
    String password = "helloworld";
    AuthenticationResult result = validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray());
    Assert.assertNull(result);
}
Also used : AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 23 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class DBCredentialsValidatorTest method validateGoodCredentials.

@Test
public void validateGoodCredentials() {
    String authenticatorName = "basic";
    String authorizerName = "basic";
    String username = "userA";
    String password = "helloworld";
    AuthenticationResult result = validator.validateCredentials(authenticatorName, authorizerName, username, password.toCharArray());
    Assert.assertNotNull(result);
    Assert.assertEquals(username, result.getIdentity());
    Assert.assertEquals(authenticatorName, result.getAuthenticatedBy());
    Assert.assertEquals(authorizerName, result.getAuthorizerName());
    Assert.assertNull(result.getContext());
}
Also used : AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 24 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class BasicRoleBasedAuthorizerTest method testAuthGroupMappingPatternRightMask.

@Test
public void testAuthGroupMappingPatternRightMask() {
    // Admin
    BasicAuthorizerGroupMapping adminGrroupMapping = new BasicAuthorizerGroupMapping("adminGrroupMapping", "CN=admin,*", null);
    updater.createGroupMapping(LDAP_AUTHORIZER_NAME, adminGrroupMapping);
    updater.createRole(LDAP_AUTHORIZER_NAME, "adminDruidRole");
    updater.assignGroupMappingRole(LDAP_AUTHORIZER_NAME, "adminGrroupMapping", "adminDruidRole");
    List<ResourceAction> adminPermissions = Arrays.asList(new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE), new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.READ));
    updater.setPermissions(LDAP_AUTHORIZER_NAME, "adminDruidRole", adminPermissions);
    // User
    BasicAuthorizerGroupMapping userGrroupMapping = new BasicAuthorizerGroupMapping("userGrroupMapping", "CN=user,*", null);
    updater.createGroupMapping(LDAP_AUTHORIZER_NAME, userGrroupMapping);
    updater.createRole(LDAP_AUTHORIZER_NAME, "userDruidRole");
    updater.assignGroupMappingRole(LDAP_AUTHORIZER_NAME, "userGrroupMapping", "userDruidRole");
    List<ResourceAction> userPermissions = Collections.singletonList(new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.READ));
    updater.setPermissions(LDAP_AUTHORIZER_NAME, "userDruidRole", userPermissions);
    Map<String, Object> contexMap = new HashMap<>();
    contexMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, adminSearchResult);
    AuthenticationResult authenticationResult = new AuthenticationResult("druidadmin", "druid", null, contexMap);
    Access access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.READ);
    Assert.assertTrue(access.isAllowed());
    access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE);
    Assert.assertTrue(access.isAllowed());
    access = ldapAuthorizer.authorize(authenticationResult, new Resource("wrongResource", ResourceType.DATASOURCE), Action.WRITE);
    Assert.assertFalse(access.isAllowed());
    contexMap = new HashMap<>();
    contexMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, userSearchResult);
    authenticationResult = new AuthenticationResult("druiduser", "druid", null, contexMap);
    access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE);
    Assert.assertFalse(access.isAllowed());
    access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.READ);
    Assert.assertTrue(access.isAllowed());
    access = ldapAuthorizer.authorize(authenticationResult, new Resource("wrongResource", ResourceType.DATASOURCE), Action.READ);
    Assert.assertFalse(access.isAllowed());
}
Also used : BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping) HashMap(java.util.HashMap) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 25 with AuthenticationResult

use of org.apache.druid.server.security.AuthenticationResult in project druid by druid-io.

the class BasicRoleBasedAuthorizerTest method testAuthMissingGroupMapping.

@Test
public void testAuthMissingGroupMapping() {
    BasicAuthorizerGroupMapping groupMapping = new BasicAuthorizerGroupMapping("druidGroupMapping", "CN=unknown,*", null);
    updater.createGroupMapping(LDAP_AUTHORIZER_NAME, groupMapping);
    updater.createRole(LDAP_AUTHORIZER_NAME, "druidRole");
    updater.assignGroupMappingRole(LDAP_AUTHORIZER_NAME, "druidGroupMapping", "druidRole");
    List<ResourceAction> permissions = Arrays.asList(new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE), new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.READ));
    updater.setPermissions(LDAP_AUTHORIZER_NAME, "druidRole", permissions);
    Map<String, Object> contexMap = new HashMap<>();
    contexMap.put(BasicAuthUtils.SEARCH_RESULT_CONTEXT_KEY, userSearchResult);
    AuthenticationResult authenticationResult = new AuthenticationResult("druiduser", "druid", null, contexMap);
    Access access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE);
    Assert.assertFalse(access.isAllowed());
    access = ldapAuthorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.READ);
    Assert.assertFalse(access.isAllowed());
    access = ldapAuthorizer.authorize(authenticationResult, new Resource("wrongResource", ResourceType.DATASOURCE), Action.WRITE);
    Assert.assertFalse(access.isAllowed());
    access = ldapAuthorizer.authorize(authenticationResult, new Resource("wrongResource", ResourceType.DATASOURCE), Action.READ);
    Assert.assertFalse(access.isAllowed());
}
Also used : BasicAuthorizerGroupMapping(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerGroupMapping) HashMap(java.util.HashMap) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Aggregations

AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)58 Test (org.junit.Test)40 Response (javax.ws.rs.core.Response)25 Access (org.apache.druid.server.security.Access)17 HttpServletRequest (javax.servlet.http.HttpServletRequest)16 Resource (org.apache.druid.server.security.Resource)12 HashMap (java.util.HashMap)10 List (java.util.List)10 AuthConfig (org.apache.druid.server.security.AuthConfig)10 Authorizer (org.apache.druid.server.security.Authorizer)10 ImmutableList (com.google.common.collect.ImmutableList)9 Map (java.util.Map)9 HttpServletResponse (javax.servlet.http.HttpServletResponse)8 AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)8 FilterChain (javax.servlet.FilterChain)7 Action (org.apache.druid.server.security.Action)7 ArrayList (java.util.ArrayList)6 Set (java.util.Set)6 TreeMap (java.util.TreeMap)6 DefaultObjectMapper (org.apache.druid.jackson.DefaultObjectMapper)6