Examples with ContextPolicyManager org.codice.ddf.security.policy.context.ContextPolicyManager used on opensource projects

Example 6 with ContextPolicyManager

use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.

the class AuthorizationFilterTest method testAuthorizedSubject.

@Test
public void testAuthorizedSubject() {
    FilterConfig filterConfig = mock(FilterConfig.class);
    ContextPolicyManager contextPolicyManager = new TestPolicyManager();
    contextPolicyManager.setContextPolicy(PATH, getMockContextPolicy());
    AuthorizationFilter loginFilter = new AuthorizationFilter(contextPolicyManager);
    try {
        loginFilter.init(filterConfig);
    } catch (ServletException e) {
        fail(e.getMessage());
    }
    Subject subject = mock(Subject.class);
    when(subject.isPermitted(any(CollectionPermission.class))).thenReturn(true);
    ThreadContext.bind(subject);
    HttpServletRequest servletRequest = getMockServletRequest();
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = (request, response) -> sucess = true;
    try {
        loginFilter.doFilter(servletRequest, servletResponse, filterChain);
        if (!sucess) {
            fail("Should have called doFilter with a valid Subject");
        }
    } catch (IOException | ServletException e) {
        fail(e.getMessage());
    }
    ThreadContext.unbindSubject();
}

Example 7 with ContextPolicyManager

use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.

the class AuthorizationFilterTest method testBadSubject.

@Test
public void testBadSubject() {
    FilterConfig filterConfig = mock(FilterConfig.class);
    ContextPolicyManager contextPolicyManager = new TestPolicyManager();
    contextPolicyManager.setContextPolicy(PATH, getMockContextPolicy());
    AuthorizationFilter loginFilter = new AuthorizationFilter(contextPolicyManager);
    try {
        loginFilter.init(filterConfig);
    } catch (ServletException e) {
        fail(e.getMessage());
    }
    HttpServletRequest servletRequest = getMockServletRequest();
    servletRequest.setAttribute(SecurityConstants.SECURITY_SUBJECT, mock(Subject.class));
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = (request, response) -> fail("Should not have called doFilter without a valid Subject");
    try {
        loginFilter.doFilter(servletRequest, servletResponse, filterChain);
    } catch (IOException | ServletException e) {
        fail(e.getMessage());
    }
}

Example 8 with ContextPolicyManager

use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.

the class WebSSOFilterTest method testDoFilterWithRedirected.

@Test
public void testDoFilterWithRedirected() throws ServletException, IOException {
    ContextPolicy testPolicy = mock(ContextPolicy.class);
    when(testPolicy.getRealm()).thenReturn("TestRealm");
    ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
    when(policyManager.getContextPolicy(anyString())).thenReturn(testPolicy);
    when(policyManager.isWhiteListed(anyString())).thenReturn(false);
    WebSSOFilter filter = new WebSSOFilter();
    // set handlers
    AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
    HandlerResult noActionResult = mock(HandlerResult.class);
    when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
    HandlerResult redirectedResult = mock(HandlerResult.class);
    when(redirectedResult.getStatus()).thenReturn(Status.REDIRECTED);
    when(redirectedResult.getToken()).thenReturn(null);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class), eq(false))).thenReturn(noActionResult);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class), eq(true))).thenReturn(redirectedResult);
    filter.setHandlerList(Collections.singletonList(handler1));
    FilterChain filterChain = mock(FilterChain.class);
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getContextPath()).thenReturn(MOCK_CONTEXT);
    HttpServletResponse response = mock(HttpServletResponse.class);
    filter.doFilter(request, response, filterChain);
    // the next filter should NOT be called
    verify(filterChain, never()).doFilter(request, response);
    verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}

Example 9 with ContextPolicyManager

use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.

the class WebSSOFilterTest method testDoFilterResolvingOnSecondCall.

@Test
public void testDoFilterResolvingOnSecondCall() throws IOException, ServletException {
    ContextPolicy testPolicy = mock(ContextPolicy.class);
    when(testPolicy.getRealm()).thenReturn("TestRealm");
    ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
    when(policyManager.getContextPolicy(anyString())).thenReturn(testPolicy);
    when(policyManager.isWhiteListed(anyString())).thenReturn(false);
    WebSSOFilter filter = new WebSSOFilter();
    // set handlers
    AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
    HandlerResult noActionResult = mock(HandlerResult.class);
    when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
    HandlerResult completedResult = mock(HandlerResult.class);
    when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
    when(completedResult.getToken()).thenReturn(null);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class), eq(true))).thenReturn(completedResult);
    when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class), eq(false))).thenReturn(noActionResult);
    filter.setHandlerList(Collections.singletonList(handler1));
    FilterChain filterChain = mock(FilterChain.class);
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getContextPath()).thenReturn(MOCK_CONTEXT);
    HttpServletResponse response = mock(HttpServletResponse.class);
    filter.doFilter(request, response, filterChain);
    verify(handler1, times(2)).getNormalizedToken(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class), anyBoolean());
    // the next filter should NOT be called
    verify(filterChain, never()).doFilter(request, response);
    verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}

Example 10 with ContextPolicyManager

use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.

the class SecurityPolicyConfigurator method createChecker.

private Callable<Boolean> createChecker(final Map<String, Object> policyProperties) {
    final ContextPolicyManager ctxPolicyMgr = services.getService(ContextPolicyManager.class);
    final PolicyManager targetPolicies = new PolicyManager();
    targetPolicies.setPolicies(policyProperties);
    return new Callable<Boolean>() {

        @Override
        public Boolean call() throws Exception {
            for (ContextPolicy policy : ctxPolicyMgr.getAllContextPolicies()) {
                ContextPolicy targetPolicy = targetPolicies.getContextPolicy(policy.getContextPath());
                if (targetPolicy == null || !targetPolicy.getContextPath().equals(policy.getContextPath()) || (targetPolicy.getRealm() != null && !targetPolicy.getRealm().equals(policy.getRealm())) || !targetPolicy.getAuthenticationMethods().containsAll(policy.getAuthenticationMethods()) || !targetPolicy.getAllowedAttributeNames().containsAll(policy.getAllowedAttributeNames())) {
                    return false;
                }
            }
            return true;
        }
    };
}