Search in sources :

Example 11 with GroupPrincipal

use of org.apache.knox.gateway.security.GroupPrincipal in project knox by apache.

the class SwitchCaseIdentityAssertionFilterTest method testDefaultConfig.

@Test
public void testDefaultConfig() throws Exception {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("Member@us.apache.org"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("Admin"));
    filter.init(config);
    String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] groups = filter.mapGroupPrincipals(actual, subject);
    assertThat(actual, is("member@us.apache.org"));
    assertThat(groups, is(arrayContainingInAnyOrder("admin", "users")));
}
Also used : GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 12 with GroupPrincipal

use of org.apache.knox.gateway.security.GroupPrincipal in project knox by apache.

the class SwitchCaseIdentityAssertionFilterTest method testUpperPrincipalAndGroups.

@Test
public void testUpperPrincipalAndGroups() throws Exception {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.case")).andReturn("Upper").anyTimes();
    EasyMock.expect(config.getInitParameter("group.principal.case")).andReturn("Upper").anyTimes();
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("Member@us.apache.org"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("Admin"));
    filter.init(config);
    String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] groups = filter.mapGroupPrincipals(actual, subject);
    assertThat(actual, is("MEMBER@US.APACHE.ORG"));
    assertThat(groups, is(arrayContainingInAnyOrder("ADMIN", "USERS")));
}
Also used : GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 13 with GroupPrincipal

use of org.apache.knox.gateway.security.GroupPrincipal in project knox by apache.

the class SwitchCaseIdentityAssertionFilterTest method testLowerPrincipalAndGroups.

@Test
public void testLowerPrincipalAndGroups() throws Exception {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.case")).andReturn("lower").anyTimes();
    EasyMock.expect(config.getInitParameter("group.principal.case")).andReturn("LOWER").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("Member@us.apache.org"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("Admin"));
    filter.init(config);
    String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] groups = filter.mapGroupPrincipals(actual, subject);
    assertThat(actual, is("member@us.apache.org"));
    assertThat(groups, is(arrayContainingInAnyOrder("admin", "users")));
}
Also used : GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 14 with GroupPrincipal

use of org.apache.knox.gateway.security.GroupPrincipal in project knox by apache.

the class DefaultIdentityAssertionFilterTest method testInitParameters.

@Test
public void testInitParameters() throws Exception {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    IdentityAsserterFilter filter = new IdentityAsserterFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("lmccay"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("admin"));
    filter.init(config);
    String username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] groups = filter.mapGroupPrincipals(username, subject);
    assertEquals("lmccay", username);
    // means for the caller to use the existing subject groups
    assertNull(groups);
    config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("lmccay,kminder=hdfs;newuser=mapred").anyTimes();
    EasyMock.expect(config.getInitParameter("group.principal.mapping")).andReturn("kminder=group1;lmccay=mrgroup,mrducks").anyTimes();
    context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.replay(config);
    filter.init(config);
    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] mappedGroups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
    assertEquals("hdfs", username);
    assertTrue("mrgroup not found in groups: " + mappedGroups, groupFoundIn("mrgroup", mappedGroups));
    assertTrue("mrducks not found in groups: " + mappedGroups, groupFoundIn("mrducks", mappedGroups));
    assertFalse("group1 WAS found in groups: " + mappedGroups, groupFoundIn("group1", mappedGroups));
    subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("kminder"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("admin"));
    config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("lmccay,kminder=hdfs;newuser=mapred").anyTimes();
    EasyMock.expect(config.getInitParameter("group.principal.mapping")).andReturn("kminder=group1;lmccay=mrgroup,mrducks").anyTimes();
    context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.replay(config);
    filter.init(config);
    username = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    mappedGroups = filter.mapGroupPrincipals(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName(), subject);
    assertEquals("hdfs", username);
    assertTrue("group1 not found in groups: " + mappedGroups, groupFoundIn("group1", mappedGroups));
}
Also used : GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Principal(java.security.Principal) GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) Test(org.junit.Test)

Aggregations

GroupPrincipal (org.apache.knox.gateway.security.GroupPrincipal)14 Subject (javax.security.auth.Subject)13 PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)13 FilterConfig (javax.servlet.FilterConfig)12 Test (org.junit.Test)12 ServletContext (javax.servlet.ServletContext)11 Principal (java.security.Principal)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 IOException (java.io.IOException)1 URISyntaxException (java.net.URISyntaxException)1 PrivilegedActionException (java.security.PrivilegedActionException)1 FilterChain (javax.servlet.FilterChain)1 ServletException (javax.servlet.ServletException)1 ServletRequest (javax.servlet.ServletRequest)1 ServletResponse (javax.servlet.ServletResponse)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 ImpersonatedPrincipal (org.apache.knox.gateway.security.ImpersonatedPrincipal)1