Search in sources :

Example 66 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class FilterPluginTest method setup.

@Before
public void setup() {
    AuthorizingRealm realm = mock(AuthorizingRealm.class);
    when(realm.getName()).thenReturn("mockRealm");
    when(realm.isPermitted(any(PrincipalCollection.class), any(Permission.class))).then(makeDecision());
    Collection<org.apache.shiro.realm.Realm> realms = new ArrayList<>();
    realms.add(realm);
    DefaultSecurityManager manager = new DefaultSecurityManager();
    manager.setRealms(realms);
    SimplePrincipalCollection principalCollection = new SimplePrincipalCollection(new Principal() {

        @Override
        public String getName() {
            return "testuser";
        }
    }, realm.getName());
    Subject systemSubject = new MockSubject(manager, principalCollection);
    plugin = new FilterPlugin(new Security()) {

        @Override
        protected Subject getSystemSubject() {
            return systemSubject;
        }
    };
    plugin.setPermissions(new PermissionsImpl());
    plugin.setSubjectOperations(new SubjectUtils());
    plugin.setSecurityLogger(mock(SecurityLogger.class));
    QueryRequestImpl request = getSampleRequest();
    Map<String, Serializable> properties = new HashMap<>();
    Subject subject = new MockSubject(manager, principalCollection);
    properties.put(SecurityConstants.SECURITY_SUBJECT, subject);
    request.setProperties(properties);
    incomingResponse = new QueryResponseImpl(request);
    ResourceRequest resourceRequest = mock(ResourceRequest.class);
    when(resourceRequest.getProperties()).thenReturn(properties);
    resourceResponse = new ResourceResponseImpl(resourceRequest, mock(Resource.class));
    resourceResponse.setProperties(properties);
    DeleteRequest deleteRequest = mock(DeleteRequest.class);
    when(deleteRequest.getProperties()).thenReturn(properties);
    List<Metacard> deletedMetacards = new ArrayList<>();
    deletedMetacards.add(getExactRolesMetacard());
    deleteResponse = new DeleteResponseImpl(deleteRequest, properties, deletedMetacards);
    List<Metacard> badDeletedMetacards = new ArrayList<>();
    badDeletedMetacards.add(getMoreRolesMetacard());
    badDeleteResponse = new DeleteResponseImpl(deleteRequest, properties, badDeletedMetacards);
    createRequest = new CreateRequestImpl(getExactRolesMetacard());
    createRequest.setProperties(properties);
    badCreateRequest = new CreateRequestImpl(getMoreRolesMetacard());
    badCreateRequest.setProperties(properties);
    updateRequest = new UpdateRequestImpl(getExactRolesMetacard().getId(), getExactRolesMetacard());
    updateRequest.setProperties(properties);
    ResultImpl result1 = new ResultImpl(getMoreRolesMetacard());
    ResultImpl result2 = new ResultImpl(getMissingRolesMetacard());
    ResultImpl result3 = new ResultImpl(getExactRolesMetacard());
    ResultImpl result4 = new ResultImpl(getNoRolesMetacard());
    ResultImpl result5 = new ResultImpl(getNoSecurityAttributeMetacard());
    incomingResponse.addResult(result1, false);
    incomingResponse.addResult(result2, false);
    incomingResponse.addResult(result3, false);
    incomingResponse.addResult(result4, false);
    incomingResponse.addResult(result5, true);
}
Also used : SubjectUtils(ddf.security.service.impl.SubjectUtils) Serializable(java.io.Serializable) FilterPlugin(ddf.catalog.security.filter.plugin.FilterPlugin) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ResultImpl(ddf.catalog.data.impl.ResultImpl) Security(org.codice.ddf.security.impl.Security) AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm) PermissionsImpl(ddf.security.permission.impl.PermissionsImpl) CollectionPermission(ddf.security.permission.CollectionPermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) AuthorizingRealm(org.apache.shiro.realm.AuthorizingRealm) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) ResourceResponseImpl(ddf.catalog.operation.impl.ResourceResponseImpl) DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager) DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject) Subject(ddf.security.Subject) QueryResponseImpl(ddf.catalog.operation.impl.QueryResponseImpl) Metacard(ddf.catalog.data.Metacard) DeleteResponseImpl(ddf.catalog.operation.impl.DeleteResponseImpl) QueryRequestImpl(ddf.catalog.operation.impl.QueryRequestImpl) CreateRequestImpl(ddf.catalog.operation.impl.CreateRequestImpl) ResourceRequest(ddf.catalog.operation.ResourceRequest) UpdateRequestImpl(ddf.catalog.operation.impl.UpdateRequestImpl) DeleteRequest(ddf.catalog.operation.DeleteRequest) Principal(java.security.Principal) SecurityLogger(ddf.security.audit.SecurityLogger) Before(org.junit.Before)

Example 67 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class OpenSearchParserImplTest method getMockSubject.

private Subject getMockSubject(String principalName) {
    Subject subject = mock(Subject.class);
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    Principal principal = mock(Principal.class);
    when(securityAssertion.getPrincipal()).thenReturn(principal);
    when(principal.getName()).thenReturn(principalName);
    when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
    when(subject.getPrincipals()).thenReturn(principalCollection);
    return subject;
}
Also used : PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) Principal(java.security.Principal)

Example 68 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class AbstractDownloadsStatusEventPublisherTest method addSecurity.

private void addSecurity() {
    org.apache.shiro.mgt.SecurityManager secManager = new DefaultSecurityManager();
    PrincipalCollection principals = new SimplePrincipalCollection(USER_ID, "testrealm");
    Subject subject = new Subject.Builder(secManager).principals(principals).session(new SimpleSession()).authenticated(true).buildSubject();
    ThreadContext.bind(secManager);
    ThreadContext.bind(subject);
}
Also used : PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager) SimpleSession(org.apache.shiro.session.mgt.SimpleSession) Subject(org.apache.shiro.subject.Subject)

Example 69 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class GuestInterceptor method handleMessage.

@Override
public void handleMessage(SoapMessage message) throws Fault {
    if (message != null) {
        HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);
        LOGGER.debug("Getting new Guest user token");
        Principal principal = null;
        Subject subject = null;
        try {
            subject = getSubject(request.getRemoteAddr());
        } catch (AuthenticationException e) {
            throw new Fault(e);
        }
        if (subject != null) {
            PrincipalCollection principals = subject.getPrincipals();
            SecurityAssertion securityAssertion = principals.oneByType(SecurityAssertion.class);
            if (securityAssertion != null) {
                principal = new SecurityAssertionPrincipalDefault(securityAssertion);
            } else {
                LOGGER.debug("Subject did not contain a security assertion");
            }
            message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
            message.put(WSS4J_CHECK_STRING, Boolean.TRUE);
        }
    } else {
        LOGGER.debug("Incoming SOAP message is null - guest interceptor makes no sense.");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) AuthenticationException(org.codice.ddf.platform.filter.AuthenticationException) SecurityAssertionPrincipalDefault(ddf.security.assertion.impl.SecurityAssertionPrincipalDefault) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) Fault(org.apache.cxf.interceptor.Fault) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Principal(java.security.Principal) Subject(ddf.security.Subject)

Example 70 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class IdpLogoutActionProviderTest method testGetAction.

@Test
public void testGetAction() throws Exception {
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    Principal principal = mock(Principal.class);
    when(principal.getName()).thenReturn("name");
    when(assertion.getPrincipal()).thenReturn(principal);
    when(assertion.getTokenType()).thenReturn("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    List<SecurityAssertion> securityAssertions = Collections.singletonList(assertion);
    when(principalCollection.byType(SecurityAssertion.class)).thenReturn(securityAssertions);
    Subject subject = mock(Subject.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    idpLogoutActionProvider.setSubjectOperations(new SubjectUtils());
    Action action = idpLogoutActionProvider.getAction(ImmutableMap.of(SecurityConstants.SECURITY_SUBJECT, subject));
    Assert.assertTrue("Expected the encrypted nameId and time", action.getUrl().getQuery().contains(URLEncoder.encode(nameIdTime)));
}
Also used : SubjectUtils(ddf.security.service.impl.SubjectUtils) Action(ddf.action.Action) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Principal(java.security.Principal) Subject(org.apache.shiro.subject.Subject) Test(org.junit.Test)

Aggregations

PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)88 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)40 Test (org.junit.Test)36 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 Subject (ddf.security.Subject)15 Subject (org.apache.shiro.subject.Subject)15 Principal (java.security.Principal)14 ArrayList (java.util.ArrayList)10 DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)10 AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)9 Permission (org.apache.shiro.authz.Permission)8 Session (org.apache.shiro.session.Session)8 SimpleSession (org.apache.shiro.session.mgt.SimpleSession)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)7 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)6 Attribute (ddf.security.assertion.Attribute)5 Map (java.util.Map)5 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)5 CollectionPermission (ddf.security.permission.CollectionPermission)4