Example 26 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class AbstractAuthorizationAnnotationTest method bindAuthenticatedUser.
protected void bindAuthenticatedUser() {
PrincipalCollection principals = new SimplePrincipalCollection("test", realm.getName());
bind(new Subject.Builder(securityManager).principals(principals).authenticated(true).buildSubject());
}
Also used :
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Example 27 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class SubjectUtils method getName.
/**
* Retrieves the user name from a given subject.
*
* @param subject Subject to get the user name from.
* @param defaultName Name to send back if no user name was found.
* @param returnDisplayName return formatted user name for displaying
* @return String representation of the user name if available or defaultName if no user name
* could be found or incoming subject was null.
*/
@Override
public String getName(Subject subject, String defaultName, boolean returnDisplayName) {
String name = defaultName;
if (subject != null) {
PrincipalCollection principals = subject.getPrincipals();
if (principals != null) {
Collection<SecurityAssertion> assertions = principals.byType(SecurityAssertion.class);
if (!assertions.isEmpty()) {
List<SecurityAssertion> assertionList = new ArrayList<>(assertions);
assertionList.sort(new SecurityAssertionComparator());
for (SecurityAssertion assertion : assertionList) {
Principal principal = assertion.getPrincipal();
if (principal instanceof KerberosPrincipal) {
StringTokenizer st = new StringTokenizer(principal.getName(), "@");
st = new StringTokenizer(st.nextToken(), "/");
name = st.nextToken();
} else {
name = principal.getName();
}
if (returnDisplayName) {
name = getDisplayName(principal, name);
}
if (StringUtils.isNotEmpty(name)) {
break;
}
}
} else {
// send back the primary principal as a string
name = principals.getPrimaryPrincipal().toString();
}
} else {
LOGGER.debug("No principals located in the incoming subject, cannot look up user name. Using default name of {}.", defaultName);
}
} else {
LOGGER.debug("Incoming subject was null, cannot look up user name. Using default name of {}.", defaultName);
}
LOGGER.debug("Sending back name {}.", name);
return name;
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
StringTokenizer(java.util.StringTokenizer)
ArrayList(java.util.ArrayList)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
X500Principal(javax.security.auth.x500.X500Principal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
GuestPrincipal(ddf.security.principal.impl.GuestPrincipal)
Example 28 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class AuthzRealmTest method setup.
@Before
public void setup() throws PdpException {
String ruleClaim = "FineAccessControls";
String countryClaim = "CountryOfAffiliation";
// setup the subject permissions
List<Permission> permissions = new ArrayList<>();
KeyValuePermission rulePermission = new KeyValuePermissionImpl(ruleClaim);
rulePermission.addValue("A");
rulePermission.addValue("B");
permissions.add(rulePermission);
KeyValuePermission countryPermission = new KeyValuePermissionImpl(countryClaim);
countryPermission.addValue("AUS");
permissions.add(countryPermission);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addObjectPermission(rulePermission);
authorizationInfo.addObjectPermission(countryPermission);
authorizationInfo.addObjectPermission(new KeyValuePermissionImpl("role", Arrays.asList("admin")));
authorizationInfo.addRole("admin");
authorizationInfo.addStringPermission("wild");
testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {
@Override
public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
return authorizationInfo;
}
};
testRealm.setSecurityLogger(mock(SecurityLogger.class));
mockSubjectPrincipal = mock(PrincipalCollection.class);
when(mockSubjectPrincipal.getPrimaryPrincipal()).thenReturn("user");
// setup the resource permissions
permissionList = new ArrayList<>();
security = new HashMap<>();
security.put("country", Arrays.asList("AUS", "CAN", "GBR"));
security.put("rule", Arrays.asList("A", "B"));
testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermissionImpl("role", Arrays.asList(roleString))));
}
Also used :
XmlParser(org.codice.ddf.parser.xml.XmlParser)
AuthzRealm(ddf.security.pdp.realm.AuthzRealm)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
ArrayList(java.util.ArrayList)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
KeyValuePermissionImpl(ddf.security.permission.impl.KeyValuePermissionImpl)
CollectionPermission(ddf.security.permission.CollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Permission(org.apache.shiro.authz.Permission)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
SecurityLogger(ddf.security.audit.SecurityLogger)
Before(org.junit.Before)
Example 29 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class SubjectUtilsTest method testGetAttributeNullAssertion.
@Test
public void testGetAttributeNullAssertion() {
ddf.security.Subject s = mock(ddf.security.Subject.class);
PrincipalCollection principals = mock(PrincipalCollection.class);
doReturn(principals).when(s).getPrincipals();
assertThat(subjectUtils.getAttribute(s, "any"), is(Collections.emptyList()));
}
Also used :
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Test(org.junit.Test)
Example 30 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.
the class WebSSOFilterTest method testDoFilterSessionStorageDisabled.
@Test
public void testDoFilterSessionStorageDisabled() throws Exception {
PrincipalCollection principalCollectionMock = mock(PrincipalCollection.class);
PrincipalHolder principalHolderMock = mock(PrincipalHolder.class);
when(principalHolderMock.getPrincipals()).thenReturn(principalCollectionMock);
HttpSession sessionMock = mock(HttpSession.class);
when(sessionMock.getAttribute(SECURITY_TOKEN_KEY)).thenReturn(principalHolderMock);
HttpServletRequest requestMock = mock(HttpServletRequest.class);
when(requestMock.getSession(any(Boolean.class))).thenReturn(sessionMock);
when(requestMock.getRequestURI()).thenReturn(MOCK_CONTEXT);
HttpServletResponse responseMock = mock(HttpServletResponse.class);
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.getSessionAccess()).thenReturn(false);
when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
ContextPolicy testPolicy = mock(ContextPolicy.class);
when(testPolicy.getAuthenticationMethods()).thenReturn(Collections.singletonList("basic"));
when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
AuthenticationHandler handlerMock = mock(AuthenticationHandler.class);
when(handlerMock.getAuthenticationType()).thenReturn("basic");
HandlerResult completedResult = mock(HandlerResult.class);
when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
when(completedResult.getToken()).thenReturn(mock(BaseAuthenticationToken.class));
when(handlerMock.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), anyBoolean())).thenReturn(completedResult);
SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
WebSSOFilter filter = new WebSSOFilter();
filter.setContextPolicyManager(policyManager);
filter.setHandlerList(Collections.singletonList(handlerMock));
filter.doFilter(requestMock, responseMock, filterChain);
verify(sessionMock, times(0)).getAttribute(SECURITY_TOKEN_KEY);
verify(handlerMock, times(1)).getNormalizedToken(any(), any(), any(), anyBoolean());
verify(requestMock, times(1)).setAttribute(eq(AUTHENTICATION_TOKEN_KEY), any());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
HttpSession(javax.servlet.http.HttpSession)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain)
BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken)
AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler)
Mockito.anyBoolean(org.mockito.Mockito.anyBoolean)
PrincipalHolder(ddf.security.common.PrincipalHolder)
Test(org.junit.Test)
Aggregations
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)87
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)40
Test (org.junit.Test)36
SecurityAssertion (ddf.security.assertion.SecurityAssertion)23
Subject (ddf.security.Subject)15
Principal (java.security.Principal)14
Subject (org.apache.shiro.subject.Subject)14
ArrayList (java.util.ArrayList)10
DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)10
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)9
Permission (org.apache.shiro.authz.Permission)8
Session (org.apache.shiro.session.Session)8
SimpleSession (org.apache.shiro.session.mgt.SimpleSession)8
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)7
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)6
Attribute (ddf.security.assertion.Attribute)5
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)5
CollectionPermission (ddf.security.permission.CollectionPermission)4
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)4
