Example 6 with GroupPrincipal
use of org.apache.knox.gateway.security.GroupPrincipal in project knox by apache.
the class SwitchCaseIdentityAssertionFilterTest method testDefaultGroupsConfOverride.
@Test
public void testDefaultGroupsConfOverride() throws Exception {
FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
EasyMock.expect(config.getInitParameter("principal.case")).andReturn("UPPER").anyTimes();
EasyMock.expect(config.getInitParameter("group.principal.case")).andReturn("none").anyTimes();
ServletContext context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
Subject subject = new Subject();
subject.getPrincipals().add(new PrimaryPrincipal("Member@us.apache.org"));
subject.getPrincipals().add(new GroupPrincipal("users"));
subject.getPrincipals().add(new GroupPrincipal("Admin"));
filter.init(config);
String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
String[] groups = filter.mapGroupPrincipals(actual, subject);
assertThat(actual, is("MEMBER@US.APACHE.ORG"));
assertThat(groups, is(nullValue()));
}
Also used :
GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
ServletContext(javax.servlet.ServletContext)
FilterConfig(javax.servlet.FilterConfig)
Subject(javax.security.auth.Subject)
Test(org.junit.Test)
Example 7 with GroupPrincipal
use of org.apache.knox.gateway.security.GroupPrincipal in project knox by apache.
the class DefaultIdentityAssertionFilterTest method testContextParameters.
@Test
public void testContextParameters() throws Exception {
// for backward compatibility of old deployment contributor's method
// of adding init params to the servlet context instead of to the filter.
// There is the possibility that previously deployed topologies will have
// init params in web.xml at the context level instead of the filter level.
FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
ServletContext context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
IdentityAsserterFilter filter = new IdentityAsserterFilter();
Subject subject = new Subject();
subject.getPrincipals().add(new PrimaryPrincipal("lmccay"));
subject.getPrincipals().add(new GroupPrincipal("users"));
subject.getPrincipals().add(new GroupPrincipal("admin"));
filter.init(config);
String username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
String[] groups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
// String[] groups = filter.mapGroupPrincipals(username, subject);
assertEquals("lmccay", username);
// means for the caller to use the existing subject groups
assertNull(groups);
config = EasyMock.createNiceMock(FilterConfig.class);
EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("lmccay,kminder=hdfs;newuser=mapred").anyTimes();
EasyMock.expect(context.getInitParameter("group.principal.mapping")).andReturn("kminder=group1;lmccay=mrgroup,mrducks").anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
filter.init(config);
username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
groups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
assertEquals("hdfs", username);
assertTrue("mrgroup not found in groups: " + groups, groupFoundIn("mrgroup", groups));
assertTrue("mrducks not found in groups: " + groups, groupFoundIn("mrducks", groups));
assertFalse("group1 WAS found in groups: " + groups, groupFoundIn("group1", groups));
subject = new Subject();
subject.getPrincipals().add(new PrimaryPrincipal("kminder"));
subject.getPrincipals().add(new GroupPrincipal("users"));
subject.getPrincipals().add(new GroupPrincipal("admin"));
config = EasyMock.createNiceMock(FilterConfig.class);
EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("lmccay,kminder=hdfs;newuser=mapred").anyTimes();
EasyMock.expect(context.getInitParameter("group.principal.mapping")).andReturn("kminder=group1;lmccay=mrgroup,mrducks").anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
filter.init(config);
username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
assertEquals("hdfs", username);
}
Also used :
GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
ServletContext(javax.servlet.ServletContext)
FilterConfig(javax.servlet.FilterConfig)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
Test(org.junit.Test)
Example 8 with GroupPrincipal
use of org.apache.knox.gateway.security.GroupPrincipal in project knox by apache.
the class ConcatIdentityAssertionFilterTest method testPrefixAndSuffix.
@Test
public void testPrefixAndSuffix() throws Exception {
FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
ServletContext context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
ConcatIdentityAssertionFilter filter = new ConcatIdentityAssertionFilter();
Subject subject = new Subject();
subject.getPrincipals().add(new PrimaryPrincipal("larry"));
subject.getPrincipals().add(new GroupPrincipal("users"));
subject.getPrincipals().add(new GroupPrincipal("admin"));
filter.init(config);
String username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
String[] groups = filter.mapGroupPrincipals(username, subject);
assertEquals(username, "larry");
// means for the caller to use the existing subject groups
assertNull(groups);
config = EasyMock.createNiceMock(FilterConfig.class);
EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
EasyMock.expect(config.getInitParameter("concat.prefix")).andReturn("sir-").anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
filter.init(config);
username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
assertEquals(username, "sir-larry");
config = EasyMock.createNiceMock(FilterConfig.class);
context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
EasyMock.expect(config.getInitParameter("concat.suffix")).andReturn("-tenant-1").anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
filter.init(config);
username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
assertEquals(username, "larry-tenant-1");
config = EasyMock.createNiceMock(FilterConfig.class);
context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
EasyMock.expect(config.getInitParameter("concat.prefix")).andReturn("sir-").anyTimes();
EasyMock.expect(config.getInitParameter("concat.suffix")).andReturn("-tenant-1").anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
filter.init(config);
username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
assertEquals(username, "sir-larry-tenant-1");
}
Also used :
GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
ServletContext(javax.servlet.ServletContext)
FilterConfig(javax.servlet.FilterConfig)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
Test(org.junit.Test)
Example 9 with GroupPrincipal
use of org.apache.knox.gateway.security.GroupPrincipal in project knox by apache.
the class RegexIdentityAssertionFilterTest method testMapDomain.
@Test
public void testMapDomain() throws Exception {
FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
ServletContext context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
Subject subject = new Subject();
subject.getPrincipals().add(new PrimaryPrincipal("member@us.apache.org"));
subject.getPrincipals().add(new GroupPrincipal("user"));
subject.getPrincipals().add(new GroupPrincipal("admin"));
String actual;
// Test dictionary lookup.
config = EasyMock.createNiceMock(FilterConfig.class);
EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
EasyMock.expect(config.getInitParameter("input")).andReturn("(.*)@(.*?)\\..*").anyTimes();
EasyMock.expect(config.getInitParameter("output")).andReturn("prefix_{1}_suffix:{[2]}").anyTimes();
EasyMock.expect(config.getInitParameter("lookup")).andReturn("us=USA;ca=CANADA").anyTimes();
EasyMock.replay(config);
EasyMock.replay(context);
filter.init(config);
actual = filter.mapUserPrincipal("member1@us.apache.org");
assertThat(actual, is("prefix_member1_suffix:USA"));
actual = filter.mapUserPrincipal("member2@ca.apache.org");
assertThat(actual, is("prefix_member2_suffix:CANADA"));
actual = filter.mapUserPrincipal("member3@nj.apache.org");
assertThat(actual, is("prefix_member3_suffix:"));
}
Also used :
GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
ServletContext(javax.servlet.ServletContext)
FilterConfig(javax.servlet.FilterConfig)
Subject(javax.security.auth.Subject)
Test(org.junit.Test)
Example 10 with GroupPrincipal
use of org.apache.knox.gateway.security.GroupPrincipal in project knox by apache.
the class SwitchCaseIdentityAssertionFilter method mapGroupPrincipals.
@Override
public String[] mapGroupPrincipals(String mappedPrincipalName, Subject subject) {
String[] groupNames = null;
if (groupCase != SwitchCase.NONE) {
Set<GroupPrincipal> groups = subject.getPrincipals(GroupPrincipal.class);
if (groups != null && !groups.isEmpty()) {
groupNames = new String[groups.size()];
int i = 0;
for (GroupPrincipal group : groups) {
groupNames[i++] = switchCase(group.getName(), groupCase);
}
}
}
return groupNames;
}
Also used :
GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal)
Aggregations
GroupPrincipal (org.apache.knox.gateway.security.GroupPrincipal)14
Subject (javax.security.auth.Subject)13
PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)13
FilterConfig (javax.servlet.FilterConfig)12
Test (org.junit.Test)12
ServletContext (javax.servlet.ServletContext)11
Principal (java.security.Principal)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
IOException (java.io.IOException)1
URISyntaxException (java.net.URISyntaxException)1
PrivilegedActionException (java.security.PrivilegedActionException)1
FilterChain (javax.servlet.FilterChain)1
ServletException (javax.servlet.ServletException)1
ServletRequest (javax.servlet.ServletRequest)1
ServletResponse (javax.servlet.ServletResponse)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
ImpersonatedPrincipal (org.apache.knox.gateway.security.ImpersonatedPrincipal)1
