Search in sources :

Example 11 with JoinPoint

use of org.aspectj.lang.JoinPoint in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenComplexCaseAndUserHasWrongPermission.

@Test
public void checkPermissionAssertAccessDeniedWhenComplexCaseAndUserHasWrongPermission() throws Exception {
    // Mock a join point of the method call
    // mockMethod(request);
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", BusinessObjectDataNotificationRegistrationCreateRequest.class);
    when(methodSignature.getParameterNames()).thenReturn(new String[] { "request" });
    when(methodSignature.getMethod()).thenReturn(method);
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    BusinessObjectDataNotificationRegistrationCreateRequest request = new BusinessObjectDataNotificationRegistrationCreateRequest();
    request.setBusinessObjectDataNotificationRegistrationKey(new NotificationRegistrationKey("ns1", null));
    request.setBusinessObjectDataNotificationFilter(new BusinessObjectDataNotificationFilter("ns2", null, null, null, null, null, null, null));
    request.setJobActions(Arrays.asList(new JobAction("ns3", null, null), new JobAction("ns4", null, null)));
    when(joinPoint.getArgs()).thenReturn(new Object[] { request });
    String userId = "userId";
    ApplicationUser applicationUser = new ApplicationUser(getClass());
    applicationUser.setUserId(userId);
    applicationUser.setNamespaceAuthorizations(new HashSet<>());
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns1", Arrays.asList(NamespacePermissionEnum.WRITE)));
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns2", Arrays.asList(NamespacePermissionEnum.READ)));
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns3", Arrays.asList(NamespacePermissionEnum.EXECUTE)));
    // User does not have the expected EXECUTE permission on ns4
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns4", Arrays.asList(NamespacePermissionEnum.READ)));
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
        fail();
    } catch (Exception e) {
        assertEquals(AccessDeniedException.class, e.getClass());
        assertEquals(String.format("User \"%s\" does not have \"[EXECUTE]\" permission(s) to the namespace \"ns4\"", userId), e.getMessage());
    }
}
Also used : ApplicationUser(org.finra.herd.model.dto.ApplicationUser) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) BusinessObjectDataNotificationRegistrationCreateRequest(org.finra.herd.model.api.xml.BusinessObjectDataNotificationRegistrationCreateRequest) BusinessObjectDataNotificationFilter(org.finra.herd.model.api.xml.BusinessObjectDataNotificationFilter) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization) Method(java.lang.reflect.Method) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AccessDeniedException(org.springframework.security.access.AccessDeniedException) JoinPoint(org.aspectj.lang.JoinPoint) JobAction(org.finra.herd.model.api.xml.JobAction) NotificationRegistrationKey(org.finra.herd.model.api.xml.NotificationRegistrationKey) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Example 12 with JoinPoint

use of org.aspectj.lang.JoinPoint in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertNoExceptionWhenNoSecurityContext.

@Test
public void checkPermissionAssertNoExceptionWhenNoSecurityContext() throws Exception {
    // Mock a join point of the method call
    // mockMethod("foo");
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
    when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
    when(methodSignature.getMethod()).thenReturn(method);
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
    } catch (AccessDeniedException e) {
        fail();
    }
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) Method(java.lang.reflect.Method) JoinPoint(org.aspectj.lang.JoinPoint) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Example 13 with JoinPoint

use of org.aspectj.lang.JoinPoint in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessApprovedWhenUserRequiresMultiplePermissionsButIsMissingOne.

@Test
public void checkPermissionAssertAccessApprovedWhenUserRequiresMultiplePermissionsButIsMissingOne() throws Exception {
    // Mock a join point of the method call
    // mockMethodMultiplePermissions("foo");
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethodMultiplePermissions", String.class);
    when(methodSignature.getMethod()).thenReturn(method);
    when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
    String userId = "userId";
    ApplicationUser applicationUser = new ApplicationUser(getClass());
    applicationUser.setUserId(userId);
    applicationUser.setNamespaceAuthorizations(new HashSet<>());
    // User requires both READ and WRITE, but only has READ
    // It works now as the permissions in the same space are treated using OR logic now
    applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.READ)));
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
    } catch (Exception e) {
        fail();
    }
}
Also used : ApplicationUser(org.finra.herd.model.dto.ApplicationUser) MethodSignature(org.aspectj.lang.reflect.MethodSignature) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization) Method(java.lang.reflect.Method) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AccessDeniedException(org.springframework.security.access.AccessDeniedException) JoinPoint(org.aspectj.lang.JoinPoint) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Example 14 with JoinPoint

use of org.aspectj.lang.JoinPoint in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenApplicationUserIsNull.

@Test
public void checkPermissionAssertAccessDeniedWhenApplicationUserIsNull() throws Exception {
    // Mock a join point of the method call
    // mockMethod("foo");
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", String.class);
    when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace" });
    when(methodSignature.getMethod()).thenReturn(method);
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    when(joinPoint.getArgs()).thenReturn(new Object[] { "foo" });
    String userId = "userId";
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), null), null));
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
        fail();
    } catch (Exception e) {
        assertEquals(AccessDeniedException.class, e.getClass());
        assertEquals("Current user does not have \"[READ]\" permission(s) to the namespace \"foo\"", e.getMessage());
    }
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) Method(java.lang.reflect.Method) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AccessDeniedException(org.springframework.security.access.AccessDeniedException) JoinPoint(org.aspectj.lang.JoinPoint) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Example 15 with JoinPoint

use of org.aspectj.lang.JoinPoint in project herd by FINRAOS.

the class NamespaceSecurityAdviceTest method checkPermissionAssertNoErrorWhenMethodDoesNotHaveAnnotations.

@Test
public void checkPermissionAssertNoErrorWhenMethodDoesNotHaveAnnotations() throws Exception {
    // Mock a join point of the method call
    // mockMethod(1);
    JoinPoint joinPoint = mock(JoinPoint.class);
    MethodSignature methodSignature = mock(MethodSignature.class);
    Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod");
    when(methodSignature.getMethod()).thenReturn(method);
    when(joinPoint.getSignature()).thenReturn(methodSignature);
    when(joinPoint.getArgs()).thenReturn(new Object[] {});
    String userId = "userId";
    ApplicationUser applicationUser = new ApplicationUser(getClass());
    applicationUser.setUserId(userId);
    applicationUser.setNamespaceAuthorizations(new HashSet<>());
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
    try {
        namespaceSecurityAdvice.checkPermission(joinPoint);
    } catch (AccessDeniedException e) {
        fail();
    }
}
Also used : ApplicationUser(org.finra.herd.model.dto.ApplicationUser) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MethodSignature(org.aspectj.lang.reflect.MethodSignature) SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper) Method(java.lang.reflect.Method) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) JoinPoint(org.aspectj.lang.JoinPoint) AbstractServiceTest(org.finra.herd.service.AbstractServiceTest) Test(org.junit.Test)

Aggregations

JoinPoint (org.aspectj.lang.JoinPoint)59 MethodSignature (org.aspectj.lang.reflect.MethodSignature)31 Method (java.lang.reflect.Method)30 Test (org.junit.Test)29 AccessDeniedException (org.springframework.security.access.AccessDeniedException)26 AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)25 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)25 SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)22 ApplicationUser (org.finra.herd.model.dto.ApplicationUser)21 NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)14 ProceedingJoinPoint (org.aspectj.lang.ProceedingJoinPoint)11 Before (org.aspectj.lang.annotation.Before)5 CodeSignature (org.aspectj.lang.reflect.CodeSignature)4 Annotation (java.lang.annotation.Annotation)3 ArrayList (java.util.ArrayList)3 IView (com.yydcdut.note.views.IView)2 IOException (java.io.IOException)2 Arrays (java.util.Arrays)2 List (java.util.List)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2