Examples with PrimaryPrincipal org.apache.knox.gateway.security.PrimaryPrincipal used on opensource projects

Search in sources :

Example 26 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class HadoopGroupProviderFilterTest method badConfigTest.

/**
 * Test for a bad config (nonexistent). This test proves, we are not falling
 * back on {@link ShellBasedUnixGroupsMapping} because we explicitly use
 * {@link LdapGroupsMapping} and in case of bad config we get empty groups
 * (Hadoop way).
 *
 * @throws ServletException
 */
@SuppressWarnings({ "unchecked", "rawtypes" })
@Test
public void badConfigTest() throws ServletException {
    final List<String> keysList = Arrays.asList("hadoop.security.group.mapping", "hadoop.security.group.mapping.ldap.bind.user", "hadoop.security.group.mapping.ldap.bind.password", "hadoop.security.group.mapping.ldap.url", "hadoop.security.group.mapping.ldap.search.filter.group", "hadoop.security.group.mapping.ldap.search.attr.member", "hadoop.security.group.mapping.ldap.search.filter.user");
    final FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping")).andReturn("org.apache.hadoop.security.LdapGroupsMapping").anyTimes();
    EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping.ldap.bind.user")).andReturn("uid=dummy,ou=people,dc=hadoop,dc=apache,dc=org").anyTimes();
    EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping.ldap.bind.password")).andReturn("unbind-me-please").anyTimes();
    EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping.ldap.url")).andReturn("ldap://nomansland:33389").anyTimes();
    EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping.ldap.search.filter.group")).andReturn("(objectclass=groupOfNames)").anyTimes();
    EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping.ldap.search.attr.member")).andReturn("member").anyTimes();
    EasyMock.expect(config.getInitParameter("hadoop.security.group.mapping.ldap.search.filter.user")).andReturn("(&amp;(|(objectclass=person)(objectclass=applicationProcess))(cn={0}))").anyTimes();
    EasyMock.expect(config.getInitParameterNames()).andReturn(Collections.enumeration((keysList))).anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    final HadoopGroupProviderFilter filter = new HadoopGroupProviderFilter();
    final Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal(username));
    filter.init(config);
    final String principal = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    final String[] groups = filter.mapGroupPrincipals(principal, subject);
    assertThat(principal, is(username));
    /*
     * Unfortunately, Hadoop does not let us know what went wrong all we get is
     * empty groups
     */
    assertThat(groups.length, is(0));
}
Also used : PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 27 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class RegexIdentityAssertionFilterTest method testMapDomain.

@Test
public void testMapDomain() throws Exception {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("member@us.apache.org"));
    subject.getPrincipals().add(new GroupPrincipal("user"));
    subject.getPrincipals().add(new GroupPrincipal("admin"));
    String actual;
    // Test dictionary lookup.
    config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.expect(config.getInitParameter("input")).andReturn("(.*)@(.*?)\\..*").anyTimes();
    EasyMock.expect(config.getInitParameter("output")).andReturn("prefix_{1}_suffix:{[2]}").anyTimes();
    EasyMock.expect(config.getInitParameter("lookup")).andReturn("us=USA;ca=CANADA").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    filter.init(config);
    actual = filter.mapUserPrincipal("member1@us.apache.org");
    assertThat(actual, is("prefix_member1_suffix:USA"));
    actual = filter.mapUserPrincipal("member2@ca.apache.org");
    assertThat(actual, is("prefix_member2_suffix:CANADA"));
    actual = filter.mapUserPrincipal("member3@nj.apache.org");
    assertThat(actual, is("prefix_member3_suffix:"));
}
Also used : GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 28 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class SwitchCaseIdentityAssertionFilterTest method testDefaultConfig.

@Test
public void testDefaultConfig() throws Exception {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("Member@us.apache.org"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("Admin"));
    filter.init(config);
    String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] groups = filter.mapGroupPrincipals(actual, subject);
    assertThat(actual, is("member@us.apache.org"));
    assertThat(groups, is(arrayContainingInAnyOrder("admin", "users")));
}
Also used : GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 29 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class SwitchCaseIdentityAssertionFilterTest method testNonePrincipalAndGroups.

@Test
public void testNonePrincipalAndGroups() throws Exception {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.case")).andReturn("none").anyTimes();
    EasyMock.expect(config.getInitParameter("group.principal.case")).andReturn("NONE").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("Member@us.apache.org"));
    filter.init(config);
    String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] groups = filter.mapGroupPrincipals(actual, subject);
    assertThat(actual, is("Member@us.apache.org"));
    assertThat(groups, is(nullValue()));
}
Also used : PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 30 with PrimaryPrincipal

use of org.apache.knox.gateway.security.PrimaryPrincipal in project knox by apache.

the class SwitchCaseIdentityAssertionFilterTest method testNoGroups.

@Test
public void testNoGroups() throws Exception {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.expect(config.getInitParameter("principal.case")).andReturn("upper").anyTimes();
    EasyMock.expect(config.getInitParameter("group.principal.case")).andReturn("upper").anyTimes();
    EasyMock.expect(config.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    ServletContext context = EasyMock.createNiceMock(ServletContext.class);
    EasyMock.expect(config.getServletContext()).andReturn(context).anyTimes();
    EasyMock.expect(context.getInitParameter("principal.mapping")).andReturn("").anyTimes();
    EasyMock.replay(config);
    EasyMock.replay(context);
    SwitchCaseIdentityAssertionFilter filter = new SwitchCaseIdentityAssertionFilter();
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("Member@us.apache.org"));
    filter.init(config);
    String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
    String[] groups = filter.mapGroupPrincipals(actual, subject);
    assertThat(actual, is("MEMBER@US.APACHE.ORG"));
    assertThat(groups, is(nullValue()));
}
Also used : PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Aggregations

PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)42 Subject (javax.security.auth.Subject)30 Test (org.junit.Test)30 HttpServletRequest (javax.servlet.http.HttpServletRequest)19 ServletContext (javax.servlet.ServletContext)18 FilterConfig (javax.servlet.FilterConfig)17 HttpServletResponse (javax.servlet.http.HttpServletResponse)17 GroupPrincipal (org.apache.knox.gateway.security.GroupPrincipal)16 Principal (java.security.Principal)13 ServletException (javax.servlet.ServletException)12 SignedJWT (com.nimbusds.jwt.SignedJWT)10 Properties (java.util.Properties)10 Date (java.util.Date)9 ImpersonatedPrincipal (org.apache.knox.gateway.security.ImpersonatedPrincipal)4 HashSet (java.util.HashSet)3 IOException (java.io.IOException)2 PrintWriter (java.io.PrintWriter)2 StringWriter (java.io.StringWriter)2 URISyntaxException (java.net.URISyntaxException)2 PrivilegedActionException (java.security.PrivilegedActionException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial