Example 31 with UserPrincipal
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class LdapLoginModuleTest method testTrimmedUsernameLogin.
@Test
public void testTrimmedUsernameLogin() throws Exception {
Properties options = ldapLoginModuleOptions();
options.put("usernames.trim", "true");
LDAPLoginModule module = new LDAPLoginModule();
Subject subject = new Subject();
module.initialize(subject, new NamePasswordCallbackHandler("cheese ", "foodie"), null, options);
assertEquals("Precondition", 0, subject.getPrincipals().size());
assertTrue(module.login());
assertTrue(module.commit());
assertEquals(1, subject.getPrincipals().size());
boolean foundUser = false;
boolean foundRole = false;
for (Principal pr : subject.getPrincipals()) {
if (pr instanceof UserPrincipal) {
assertEquals("cheese", pr.getName());
foundUser = true;
} else if (pr instanceof RolePrincipal) {
assertEquals("admin", pr.getName());
foundRole = true;
}
}
assertTrue(foundUser);
// cheese is not an admin so no roles should be returned
assertFalse(foundRole);
assertTrue(module.logout());
assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used :
NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)
Properties(org.apache.felix.utils.properties.Properties)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Subject(javax.security.auth.Subject)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Test(org.junit.Test)
Example 32 with UserPrincipal
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class LdapLoginModuleTest method testRoleMappingAdvanced.
@Test
public void testRoleMappingAdvanced() throws Exception {
Properties options = ldapLoginModuleOptions();
options.put(LDAPOptions.ROLE_MAPPING, "admin=karaf,test;admin=another");
LDAPLoginModule module = new LDAPLoginModule();
Subject subject = new Subject();
module.initialize(subject, new NamePasswordCallbackHandler("admin", "admin123"), null, options);
assertEquals("Precondition", 0, subject.getPrincipals().size());
assertTrue(module.login());
assertTrue(module.commit());
assertEquals(4, subject.getPrincipals().size());
final List<String> roles = new ArrayList<>(Arrays.asList("karaf", "test", "another"));
boolean foundUser = false;
boolean foundRole = false;
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof UserPrincipal) {
assertEquals("admin", principal.getName());
foundUser = true;
} else if (principal instanceof RolePrincipal) {
assertTrue(roles.remove(principal.getName()));
foundRole = true;
}
}
assertTrue(foundUser);
assertTrue(foundRole);
assertTrue(roles.isEmpty());
assertTrue(module.logout());
assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used :
NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)
ArrayList(java.util.ArrayList)
Properties(org.apache.felix.utils.properties.Properties)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Subject(javax.security.auth.Subject)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Test(org.junit.Test)
Example 33 with UserPrincipal
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project ddf by codice.
the class LdapClaimsHandlerTest method setup.
@Before
public void setup() throws Exception {
claimsParameters = mock(ClaimsParameters.class);
when(claimsParameters.getPrincipal()).thenReturn(new UserPrincipal(USER_DN));
mockEntry = mock(SearchResultEntry.class);
LinkedAttribute attribute = new LinkedAttribute(ATTRIBUTE_NAME);
attribute.add(USER_DN);
mockEntryReader = mock(ConnectionEntryReader.class);
mockBindRequest = mock(BindRequest.class);
PowerMockito.mockStatic(BindMethodChooser.class);
when(BindMethodChooser.selectBindMethod(eq(BINDING_TYPE), eq(BIND_USER_DN), eq(BIND_USER_CREDENTIALS), eq(REALM), eq(KCD))).thenReturn(mockBindRequest);
Map<String, String> map = new HashMap<>();
map.put(NAME_IDENTIFIER_CLAIM_URI, ATTRIBUTE_NAME);
PowerMockito.mockStatic(AttributeMapLoader.class);
when(AttributeMapLoader.buildClaimsMapFile(anyString())).thenReturn(map);
when(AttributeMapLoader.getUser(any(Principal.class))).then(i -> i.getArgumentAt(0, Principal.class).getName());
when(AttributeMapLoader.getBaseDN(any(Principal.class), anyString(), eq(false))).then(i -> i.getArgumentAt(1, String.class));
claimsHandler = new LdapClaimsHandler();
mockBindResult = mock(BindResult.class);
mockConnection = mock(Connection.class);
mockConnectionFactory = PowerMockito.mock(LDAPConnectionFactory.class);
when(mockConnectionFactory.getConnection()).thenReturn(mockConnection);
when(mockConnection.bind(anyString(), any(char[].class))).thenReturn(mockBindResult);
when(mockConnection.bind(any(BindRequest.class))).thenReturn(mockBindResult);
when(mockConnection.search(anyObject(), anyObject(), anyObject(), anyObject())).thenReturn(mockEntryReader);
when(mockEntryReader.hasNext()).thenReturn(true, false);
when(mockEntryReader.readEntry()).thenReturn(mockEntry);
when(mockEntry.getAttribute(anyString())).thenReturn(attribute);
claimsHandler.setLdapConnectionFactory(mockConnectionFactory);
claimsHandler.setPropertyFileLocation("thisstringisnotempty");
claimsHandler.setBindMethod(BINDING_TYPE);
claimsHandler.setBindUserCredentials(BIND_USER_CREDENTIALS);
claimsHandler.setRealm(REALM);
claimsHandler.setKdcAddress(KCD);
claimsHandler.setUserBaseDN(USER_BASE_DN);
claims = new ClaimCollection();
Claim claim = new Claim();
claim.setClaimType(new URI(NAME_IDENTIFIER_CLAIM_URI));
claims.add(claim);
}
Also used :
HashMap(java.util.HashMap)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
Connection(org.forgerock.opendj.ldap.Connection)
Matchers.anyString(org.mockito.Matchers.anyString)
URI(java.net.URI)
NAME_IDENTIFIER_CLAIM_URI(ddf.security.SubjectUtils.NAME_IDENTIFIER_CLAIM_URI)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Principal(java.security.Principal)
Claim(org.apache.cxf.rt.security.claims.Claim)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Before(org.junit.Before)
Example 34 with UserPrincipal
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project ddf by codice.
the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNotNullPrincipal.
@Test
public void testRetrieveClaimsValuesNotNullPrincipal() throws LdapException, SearchResultReferenceIOException {
BindResult bindResult = mock(BindResult.class);
ClaimsParameters claimsParameters;
Connection connection = mock(Connection.class);
ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
LDAPConnectionFactory connectionFactory = PowerMockito.mock(LDAPConnectionFactory.class);
LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
ProcessedClaimCollection processedClaims;
RoleClaimsHandler claimsHandler;
SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
String groupName = "avengers";
when(bindResult.isSuccess()).thenReturn(true);
membershipAttribute.add("tstark");
when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
// hasNext() returns 'true' the first time, then 'false' every time after.
when(membershipReader.hasNext()).thenReturn(true, false);
when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
groupNameAttribute.add(groupName);
when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
when(groupNameReader.hasNext()).thenReturn(true, false);
when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
when(connection.bind(anyObject())).thenReturn(bindResult);
when(connection.search(anyObject(), anyObject(), eq("(&(objectClass=groupOfNames)(member=uid=tstark,))"), anyVararg())).thenReturn(groupNameReader);
when(connection.search(anyString(), anyObject(), anyString(), matches("uid"))).thenReturn(membershipReader);
when(connectionFactory.getConnection()).thenReturn(connection);
claimsHandler = new RoleClaimsHandler();
claimsHandler.setLdapConnectionFactory(connectionFactory);
claimsHandler.setBindMethod("Simple");
claimsHandler.setBindUserCredentials("foo");
claimsHandler.setBindUserDN("bar");
claimsParameters = new ClaimsParameters();
claimsParameters.setPrincipal(new UserPrincipal(USER_CN));
ClaimCollection claimCollection = new ClaimCollection();
processedClaims = claimsHandler.retrieveClaimValues(claimCollection, claimsParameters);
assertThat(processedClaims, hasSize(1));
ProcessedClaim claim = processedClaims.get(0);
assertThat(claim.getPrincipal(), equalTo(new UserPrincipal(USER_CN)));
assertThat(claim.getValues(), hasSize(1));
assertThat(claim.getValues().get(0), equalTo(groupName));
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
Connection(org.forgerock.opendj.ldap.Connection)
Matchers.anyString(org.mockito.Matchers.anyString)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Aggregations
UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)34
RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)26
Properties (org.apache.felix.utils.properties.Properties)16
Test (org.junit.Test)15
Subject (javax.security.auth.Subject)14
Principal (java.security.Principal)13
NamePasswordCallbackHandler (org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)13
GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)12
IOException (java.io.IOException)9
LoginException (javax.security.auth.login.LoginException)9
ArrayList (java.util.ArrayList)8
NameCallback (javax.security.auth.callback.NameCallback)7
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)7
File (java.io.File)6
Callback (javax.security.auth.callback.Callback)6
HashMap (java.util.HashMap)5
PasswordCallback (javax.security.auth.callback.PasswordCallback)5
FailedLoginException (javax.security.auth.login.FailedLoginException)4
DirContext (javax.naming.directory.DirContext)3
CallbackHandler (javax.security.auth.callback.CallbackHandler)2
