use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.
the class AuthorizationFilterTest method testAuthorizedSubject.
@Test
public void testAuthorizedSubject() {
FilterConfig filterConfig = mock(FilterConfig.class);
ContextPolicyManager contextPolicyManager = new TestPolicyManager();
contextPolicyManager.setContextPolicy(PATH, getMockContextPolicy());
AuthorizationFilter loginFilter = new AuthorizationFilter(contextPolicyManager);
try {
loginFilter.init(filterConfig);
} catch (ServletException e) {
fail(e.getMessage());
}
Subject subject = mock(Subject.class);
when(subject.isPermitted(any(CollectionPermission.class))).thenReturn(true);
ThreadContext.bind(subject);
HttpServletRequest servletRequest = getMockServletRequest();
HttpServletResponse servletResponse = mock(HttpServletResponse.class);
FilterChain filterChain = (request, response) -> sucess = true;
try {
loginFilter.doFilter(servletRequest, servletResponse, filterChain);
if (!sucess) {
fail("Should have called doFilter with a valid Subject");
}
} catch (IOException | ServletException e) {
fail(e.getMessage());
}
ThreadContext.unbindSubject();
}
use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.
the class AuthorizationFilterTest method testBadSubject.
@Test
public void testBadSubject() {
FilterConfig filterConfig = mock(FilterConfig.class);
ContextPolicyManager contextPolicyManager = new TestPolicyManager();
contextPolicyManager.setContextPolicy(PATH, getMockContextPolicy());
AuthorizationFilter loginFilter = new AuthorizationFilter(contextPolicyManager);
try {
loginFilter.init(filterConfig);
} catch (ServletException e) {
fail(e.getMessage());
}
HttpServletRequest servletRequest = getMockServletRequest();
servletRequest.setAttribute(SecurityConstants.SECURITY_SUBJECT, mock(Subject.class));
HttpServletResponse servletResponse = mock(HttpServletResponse.class);
FilterChain filterChain = (request, response) -> fail("Should not have called doFilter without a valid Subject");
try {
loginFilter.doFilter(servletRequest, servletResponse, filterChain);
} catch (IOException | ServletException e) {
fail(e.getMessage());
}
}
use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.
the class WebSSOFilterTest method testDoFilterWithRedirected.
@Test
public void testDoFilterWithRedirected() throws ServletException, IOException {
ContextPolicy testPolicy = mock(ContextPolicy.class);
when(testPolicy.getRealm()).thenReturn("TestRealm");
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.getContextPolicy(anyString())).thenReturn(testPolicy);
when(policyManager.isWhiteListed(anyString())).thenReturn(false);
WebSSOFilter filter = new WebSSOFilter();
// set handlers
AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
HandlerResult noActionResult = mock(HandlerResult.class);
when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
HandlerResult redirectedResult = mock(HandlerResult.class);
when(redirectedResult.getStatus()).thenReturn(Status.REDIRECTED);
when(redirectedResult.getToken()).thenReturn(null);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class), eq(false))).thenReturn(noActionResult);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class), eq(true))).thenReturn(redirectedResult);
filter.setHandlerList(Collections.singletonList(handler1));
FilterChain filterChain = mock(FilterChain.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getContextPath()).thenReturn(MOCK_CONTEXT);
HttpServletResponse response = mock(HttpServletResponse.class);
filter.doFilter(request, response, filterChain);
// the next filter should NOT be called
verify(filterChain, never()).doFilter(request, response);
verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}
use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.
the class WebSSOFilterTest method testDoFilterResolvingOnSecondCall.
@Test
public void testDoFilterResolvingOnSecondCall() throws IOException, ServletException {
ContextPolicy testPolicy = mock(ContextPolicy.class);
when(testPolicy.getRealm()).thenReturn("TestRealm");
ContextPolicyManager policyManager = mock(ContextPolicyManager.class);
when(policyManager.getContextPolicy(anyString())).thenReturn(testPolicy);
when(policyManager.isWhiteListed(anyString())).thenReturn(false);
WebSSOFilter filter = new WebSSOFilter();
// set handlers
AuthenticationHandler handler1 = mock(AuthenticationHandler.class);
HandlerResult noActionResult = mock(HandlerResult.class);
when(noActionResult.getStatus()).thenReturn(Status.NO_ACTION);
HandlerResult completedResult = mock(HandlerResult.class);
when(completedResult.getStatus()).thenReturn(Status.COMPLETED);
when(completedResult.getToken()).thenReturn(null);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class), eq(true))).thenReturn(completedResult);
when(handler1.getNormalizedToken(any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class), eq(false))).thenReturn(noActionResult);
filter.setHandlerList(Collections.singletonList(handler1));
FilterChain filterChain = mock(FilterChain.class);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getContextPath()).thenReturn(MOCK_CONTEXT);
HttpServletResponse response = mock(HttpServletResponse.class);
filter.doFilter(request, response, filterChain);
verify(handler1, times(2)).getNormalizedToken(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class), anyBoolean());
// the next filter should NOT be called
verify(filterChain, never()).doFilter(request, response);
verify(request, never()).setAttribute(eq(DDF_AUTHENTICATION_TOKEN), any(HandlerResult.class));
}
use of org.codice.ddf.security.policy.context.ContextPolicyManager in project ddf by codice.
the class SecurityPolicyConfigurator method createChecker.
private Callable<Boolean> createChecker(final Map<String, Object> policyProperties) {
final ContextPolicyManager ctxPolicyMgr = services.getService(ContextPolicyManager.class);
final PolicyManager targetPolicies = new PolicyManager();
targetPolicies.setPolicies(policyProperties);
return new Callable<Boolean>() {
@Override
public Boolean call() throws Exception {
for (ContextPolicy policy : ctxPolicyMgr.getAllContextPolicies()) {
ContextPolicy targetPolicy = targetPolicies.getContextPolicy(policy.getContextPath());
if (targetPolicy == null || !targetPolicy.getContextPath().equals(policy.getContextPath()) || (targetPolicy.getRealm() != null && !targetPolicy.getRealm().equals(policy.getRealm())) || !targetPolicy.getAuthenticationMethods().containsAll(policy.getAuthenticationMethods()) || !targetPolicy.getAllowedAttributeNames().containsAll(policy.getAllowedAttributeNames())) {
return false;
}
}
return true;
}
};
}
Aggregations