Example 21 with ContextPolicy
use of org.codice.ddf.security.policy.context.ContextPolicy in project ddf by codice.
the class SecurityPolicyConfigurator method createChecker.
private Callable<Boolean> createChecker(final Map<String, Object> policyProperties) {
final ContextPolicyManager ctxPolicyMgr = services.getService(ContextPolicyManager.class);
final PolicyManager targetPolicies = new PolicyManager();
targetPolicies.setSecurityLogger(new SecurityLoggerImpl(new SubjectUtils()));
targetPolicies.setPolicies(policyProperties);
return () -> {
for (ContextPolicy policy : ctxPolicyMgr.getAllContextPolicies()) {
ContextPolicy targetPolicy = targetPolicies.getContextPolicy(policy.getContextPath());
if (targetPolicy == null || !targetPolicy.getContextPath().equals(policy.getContextPath()) || !targetPolicy.getAuthenticationMethods().containsAll(policy.getAuthenticationMethods()) || !targetPolicy.getAllowedAttributeNames().containsAll(policy.getAllowedAttributeNames())) {
return false;
}
}
return true;
};
}
Also used :
PolicyManager(org.codice.ddf.security.policy.context.impl.PolicyManager)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
SecurityLoggerImpl(ddf.security.audit.impl.SecurityLoggerImpl)
SubjectUtils(ddf.security.service.impl.SubjectUtils)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
Example 22 with ContextPolicy
use of org.codice.ddf.security.policy.context.ContextPolicy in project ddf by codice.
the class WebSSOFilterTest method testDoFilterWithRedirected.
@Test
public void testDoFilterWithRedirected() throws AuthenticationException, IOException {
ContextPolicy testPolicy = mock(ContextPolicy.class);
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
when(policyManager.getSessionAccess()).thenReturn(false);
WebSSOFilter filter = new WebSSOFilter();
// set handlers
AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
HandlerResult noActionResult = mock(HandlerResult.class);
when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
HandlerResult redirectedResult = mock(HandlerResult.class);
when(redirectedResult.getStatus()).thenReturn(Status.REDIRECTED);
when(redirectedResult.getToken()).thenReturn(null);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(false))).thenReturn(noActionResult);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(true))).thenReturn(redirectedResult);
filter.setContextPolicyManager(policyManager);
filter.setHandlerList(Collections.singletonList(handler1));
SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRequestURI()).thenReturn(MOCK_CONTEXT);
HttpServletResponse response = mock(HttpServletResponse.class);
try {
filter.doFilter(request, response, filterChain);
} catch (AuthenticationException e) {
}
// the next filter should NOT be called
verify(filterChain, never()).doFilter(request, response);
verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain)
AuthenticationException(org.codice.ddf.platform.filter.AuthenticationException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
Test(org.junit.Test)
Example 23 with ContextPolicy
use of org.codice.ddf.security.policy.context.ContextPolicy in project ddf by codice.
the class WebSSOFilterTest method testDoFilterResolvingOnSecondCall.
@Test
public void testDoFilterResolvingOnSecondCall() throws IOException, AuthenticationException {
ContextPolicy testPolicy = mock(ContextPolicy.class);
when(testPolicy.getAuthenticationMethods()).thenReturn(Collections.singletonList("basic"));
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
when(policyManager.getSessionAccess()).thenReturn(false);
WebSSOFilter filter = new WebSSOFilter();
// set handlers
AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
when(handler1.getAuthenticationType()).thenReturn("basic");
HandlerResult noActionResult = mock(HandlerResult.class);
when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
HandlerResult completedResult = mock(HandlerResult.class);
when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
when(completedResult.getToken()).thenReturn(null);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(true))).thenReturn(completedResult);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), eq(false))).thenReturn(noActionResult);
filter.setContextPolicyManager(policyManager);
filter.setHandlerList(Collections.singletonList(handler1));
filter.setSecurityLogger(mock(SecurityLogger.class));
SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getRequestURI()).thenReturn(MOCK_CONTEXT);
HttpServletResponse response = mock(HttpServletResponse.class);
try {
filter.doFilter(request, response, filterChain);
} catch (AuthenticationException e) {
}
verify(handler1, times(2)).getNormalizedToken(any(HttpServletRequest.class), any(HttpServletResponse.class), any(SecurityFilterChain.class), anyBoolean());
// the next filter should NOT be called
verify(filterChain, never()).doFilter(request, response);
verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain)
AuthenticationException(org.codice.ddf.platform.filter.AuthenticationException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
SecurityLogger(ddf.security.audit.SecurityLogger)
Test(org.junit.Test)
Example 24 with ContextPolicy
use of org.codice.ddf.security.policy.context.ContextPolicy in project ddf by codice.
the class WebSSOFilterTest method testDoFilterGetResultFromSession.
@Test
public void testDoFilterGetResultFromSession() throws Exception {
PrincipalCollection principalCollectionMock = mock(PrincipalCollection.class);
when(principalCollectionMock.byType(any())).thenReturn(Collections.singletonList("principal"));
PrincipalHolder principalHolderMock = mock(PrincipalHolder.class);
when(principalHolderMock.getPrincipals()).thenReturn(principalCollectionMock);
HttpSession sessionMock = mock(HttpSession.class);
when(sessionMock.getAttribute(SECURITY_TOKEN_KEY)).thenReturn(principalHolderMock);
HttpServletRequest requestMock = mock(HttpServletRequest.class);
when(requestMock.getSession(any(Boolean.class))).thenReturn(sessionMock);
when(requestMock.getRequestURI()).thenReturn(MOCK_CONTEXT);
when(requestMock.getRequestedSessionId()).thenReturn("JSESSIONID");
HttpServletResponse responseMock = mock(HttpServletResponse.class);
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.getSessionAccess()).thenReturn(true);
when(policyManager.isWhiteListed(MOCK_CONTEXT)).thenReturn(false);
ContextPolicy testPolicy = mock(ContextPolicy.class);
when(testPolicy.getAuthenticationMethods()).thenReturn(Collections.singletonList("basic"));
when(policyManager.getContextPolicy(MOCK_CONTEXT)).thenReturn(testPolicy);
AuthenticationHandler handlerMock = mock(AuthenticationHandler.class);
when(handlerMock.getAuthenticationType()).thenReturn("basic");
HandlerResult completedResult = mock(HandlerResult.class);
when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
when(completedResult.getToken()).thenReturn(mock(BaseAuthenticationToken.class));
when(handlerMock.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(SecurityFilterChain.class), anyBoolean())).thenReturn(completedResult);
SecurityFilterChain filterChain = mock(SecurityFilterChain.class);
WebSSOFilter filter = new WebSSOFilter();
filter.setContextPolicyManager(policyManager);
filter.setHandlerList(Collections.singletonList(handlerMock));
filter.doFilter(requestMock, responseMock, filterChain);
verify(sessionMock, times(1)).getAttribute(SECURITY_TOKEN_KEY);
verify(handlerMock, times(0)).getNormalizedToken(any(), any(), any(), anyBoolean());
verify(requestMock, times(1)).setAttribute(eq(AUTHENTICATION_TOKEN_KEY), any());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
HttpSession(javax.servlet.http.HttpSession)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityFilterChain(org.codice.ddf.platform.filter.SecurityFilterChain)
BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken)
AuthenticationHandler(org.codice.ddf.security.handler.api.AuthenticationHandler)
Mockito.anyBoolean(org.mockito.Mockito.anyBoolean)
PrincipalHolder(ddf.security.common.PrincipalHolder)
Test(org.junit.Test)
Example 25 with ContextPolicy
use of org.codice.ddf.security.policy.context.ContextPolicy in project ddf by codice.
the class AuthorizationFilterTest method getMockContextPolicy.
private ContextPolicy getMockContextPolicy() {
ContextPolicy contextPolicy = mock(ContextPolicy.class);
when(contextPolicy.getAuthenticationMethods()).thenReturn(Collections.singletonList("BASIC"));
when(contextPolicy.getAllowedAttributePermissions()).thenReturn(new CollectionPermissionImpl(PATH, new KeyValuePermissionImpl(PATH, Collections.singleton("permission"))));
when(contextPolicy.getContextPath()).thenReturn(PATH);
return contextPolicy;
}
Also used :
KeyValuePermissionImpl(ddf.security.permission.impl.KeyValuePermissionImpl)
CollectionPermissionImpl(ddf.security.permission.impl.CollectionPermissionImpl)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
Aggregations
ContextPolicy (org.codice.ddf.security.policy.context.ContextPolicy)29
Test (org.junit.Test)12
HttpServletRequest (javax.servlet.http.HttpServletRequest)11
ContextPolicyManager (org.codice.ddf.security.policy.context.ContextPolicyManager)10
ArrayList (java.util.ArrayList)8
HttpServletResponse (javax.servlet.http.HttpServletResponse)8
AuthenticationHandler (org.codice.ddf.security.handler.api.AuthenticationHandler)6
ServletRequest (javax.servlet.ServletRequest)5
ServletResponse (javax.servlet.ServletResponse)5
SecurityFilterChain (org.codice.ddf.platform.filter.SecurityFilterChain)5
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)5
CollectionPermission (ddf.security.permission.CollectionPermission)4
HashMap (java.util.HashMap)4
List (java.util.List)4
ContextAttributeMapping (org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping)4
DefaultContextAttributeMapping (org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)4
Map (java.util.Map)3
HttpSession (javax.servlet.http.HttpSession)3
AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)3
ImmutableMap (com.google.common.collect.ImmutableMap)2
