use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class SessionManagementServiceImplTest method setup.
@Before
public void setup() throws ParserConfigurationException, SAXException, IOException, SecurityServiceException {
request = mock(HttpServletRequest.class);
principalCollection = new SimplePrincipalCollection();
refreshedPrincipalCollection = mock(PrincipalCollection.class);
principalHolderMock = mock(PrincipalHolder.class);
manager = mock(SecurityManager.class);
sessionFactory = mock(SessionFactory.class);
session = mock(HttpSession.class);
Subject subject = mock(Subject.class);
when(request.getSession(false)).thenReturn(session);
when(principalHolderMock.getPrincipals()).thenReturn(principalCollection);
when(manager.getSubject(isA(BaseAuthenticationToken.class))).thenReturn(subject);
when(sessionFactory.getOrCreateSession(any())).thenReturn(session);
when(session.getAttribute(SecurityConstants.SECURITY_TOKEN_KEY)).thenReturn(principalHolderMock);
when(session.getMaxInactiveInterval()).thenReturn(Integer.MAX_VALUE);
when(subject.getPrincipals()).thenReturn(refreshedPrincipalCollection);
sessionManagementServiceImpl = new SessionManagementServiceImpl();
sessionManagementServiceImpl.setSessionFactory(sessionFactory);
}
use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class WebSSOFilterTest method testDoFilterGetResultFromSession.
@Test
public void testDoFilterGetResultFromSession() throws Exception {
PrincipalCollection principalCollectionMock = mock(PrincipalCollection.class);
when(principalCollectionMock.byType(any())).thenReturn(Collections.singletonList("principal"));
PrincipalHolder principalHolderMock = mock(PrincipalHolder.class);
when(principalHolderMock.getPrincipals()).thenReturn(principalCollectionMock);
HttpSession sessionMock = mock(HttpSession.class);
when(sessionMock.getAttribute(SECURITY_TOKEN_KEY)).thenReturn(principalHolderMock);
HttpServletRequest requestMock = mock(HttpServletRequest.class);
when(requestMock.getSession(any(Boolean.class))).thenReturn(sessionMock);
when(requestMock.getRequestURI()).thenReturn(MOCK_CONTEXT);
when(requestMock.getRequestedSessionId()).thenReturn("JSESSIONID");
HttpServletResponse responseMock = mock(HttpServletResponse.class);
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.getSessionAccess()).thenReturn(true);
when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
ContextPolicy testPolicy = mock(ContextPolicy.class);
when(testPolicy.getAuthenticationMethods()).thenReturn(Collections.singletonList("basic"));
when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
AuthenticationHandler handlerMock = mock(AuthenticationHandler.class);
when(handlerMock.getAuthenticationType()).thenReturn("basic");
HandlerResult completedResult = mock(HandlerResult.class);
when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
when(completedResult.getToken()).thenReturn(mock(BaseAuthenticationToken.class));
when(handlerMock.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), anyBoolean())).thenReturn(completedResult);
SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
WebSSOFilter filter = new WebSSOFilter();
filter.setContextPolicyManager(policyManager);
filter.setHandlerList(Collections.singletonList(handlerMock));
filter.doFilter(requestMock, responseMock, filterChain);
verify(sessionMock, times(1)).getAttribute(SECURITY_TOKEN_KEY);
verify(handlerMock, times(0)).getNormalizedToken(any(), any(), any(), anyBoolean());
verify(requestMock, times(1)).setAttribute(eq(AUTHENTICATION_TOKEN_KEY), any());
}
use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class LoginFilter method addToSession.
/**
* Attaches a subject to the HttpSession associated with an HttpRequest. If a session does not
* already exist, one will be created.
*
* @param httpRequest HttpRequest associated with an HttpSession to attach the Subject to
* @param subject Subject to attach to request
*/
private void addToSession(HttpServletRequest httpRequest, Subject subject) {
HttpSession session = getSession(httpRequest);
PrincipalCollection principals = subject.getPrincipals();
PrincipalHolder principalHolder = (PrincipalHolder) session.getAttribute(SecurityConstants.SECURITY_TOKEN_KEY);
PrincipalCollection oldPrincipals = principalHolder.getPrincipals();
if (!principals.equals(oldPrincipals)) {
principalHolder.setPrincipals(principals);
}
}
use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class AuthzRealmTest method testIsPermittedOneMultiple.
@Test
public void testIsPermittedOneMultiple() throws PdpException {
permissionList.clear();
KeyValuePermission kvp = new KeyValuePermissionImpl("country", Arrays.asList("AUS", "CAN", "GBR"));
permissionList.add(kvp);
String ruleClaim = "FineAccessControls";
String countryClaim = "CountryOfAffiliation";
// create a new user here with multiple country permissions to test
List<Permission> permissions = new ArrayList<Permission>();
KeyValuePermission rulePermission = new KeyValuePermissionImpl(ruleClaim);
rulePermission.addValue("A");
rulePermission.addValue("B");
permissions.add(rulePermission);
KeyValuePermission countryPermission = new KeyValuePermissionImpl(countryClaim);
countryPermission.addValue("USA");
countryPermission.addValue("AUS");
permissions.add(countryPermission);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addObjectPermission(rulePermission);
authorizationInfo.addObjectPermission(countryPermission);
authorizationInfo.addRole("admin");
AuthzRealm testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {
@Override
public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
return authorizationInfo;
}
};
testRealm.setSecurityLogger(mock(SecurityLogger.class));
testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermissionImpl("role", Arrays.asList(roleString))));
boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
for (boolean permitted : permittedArray) {
Assert.assertEquals(true, permitted);
}
}
use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class GuestRealmTest method testDoGetAuthenticationInfo.
@Test
public void testDoGetAuthenticationInfo() {
BaseAuthenticationToken baseAuthenticationToken = new MockBaseAuthenticationToken("principal", "credentials", "0.0.0.0");
baseAuthenticationToken.setAllowGuest(true);
AuthenticationInfo authenticationInfo = guestRealm.doGetAuthenticationInfo(baseAuthenticationToken);
assertEquals(baseAuthenticationToken.getCredentials(), authenticationInfo.getCredentials());
PrincipalCollection principals = authenticationInfo.getPrincipals();
assertEquals(2, principals.asList().size());
Iterator iterator = principals.iterator();
assertEquals("Guest@0.0.0.0", iterator.next());
Object next = iterator.next();
assertTrue(next instanceof SecurityAssertion);
SecurityAssertion securityAssertion = (SecurityAssertion) next;
assertEquals(2, securityAssertion.getAttributeStatements().get(0).getAttributes().size());
boolean claim1 = false;
boolean claim2 = false;
boolean claim3 = false;
boolean claim4 = false;
for (Attribute attribute : securityAssertion.getAttributeStatements().get(0).getAttributes()) {
if (attribute.getName().equals("claim1")) {
claim1 = true;
assertEquals("value1", attribute.getValues().get(0));
}
if (attribute.getName().equals("claim2")) {
claim2 = true;
assertTrue(attribute.getValues().stream().anyMatch(v -> v.equals("value2")));
assertTrue(attribute.getValues().stream().anyMatch(v -> v.equals("value3")));
}
if (attribute.getName().equals(":")) {
claim3 = true;
}
if (attribute.getName().equals("bad")) {
claim4 = true;
}
}
assertTrue(claim1);
assertTrue(claim2);
assertFalse(claim3);
assertFalse(claim4);
AuthenticationInfo newAuthenticationInfo = guestRealm.doGetAuthenticationInfo(baseAuthenticationToken);
assertNotSame(authenticationInfo, newAuthenticationInfo);
}
Aggregations