Example 1 with GroupNamePrincipal
use of org.dcache.auth.GroupNamePrincipal in project dcache by dCache.
the class StrategyIdMapper method principalToGid.
@Override
public int principalToGid(String name) {
try {
String principal = stripDomain(name);
Principal gidPrincipal = _remoteLoginStrategy.map(new GroupNamePrincipal(principal));
if (gidPrincipal instanceof GidPrincipal) {
return (int) ((GidPrincipal) gidPrincipal).getGid();
}
} catch (CacheException e) {
LOGGER.debug("Failed to map principal {} : {}", name, e);
}
return tryNumericIfAllowed(name);
}
Also used :
CacheException(diskCacheV111.util.CacheException)
GroupNamePrincipal(org.dcache.auth.GroupNamePrincipal)
GroupNamePrincipal(org.dcache.auth.GroupNamePrincipal)
GidPrincipal(org.dcache.auth.GidPrincipal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
UserNamePrincipal(org.dcache.auth.UserNamePrincipal)
Principal(java.security.Principal)
UidPrincipal(org.dcache.auth.UidPrincipal)
GidPrincipal(org.dcache.auth.GidPrincipal)
Example 2 with GroupNamePrincipal
use of org.dcache.auth.GroupNamePrincipal in project dcache by dCache.
the class OidcAuthPluginTest method shouldAcceptWlcgProfileWithAuthzAndNonAuthzPrincipal.
@Test
public void shouldAcceptWlcgProfileWithAuthzAndNonAuthzPrincipal() throws Exception {
Properties properties = new Properties();
properties.setProperty("gplazma.oidc.provider!EXAMPLE", "https://oidc.example.org/ -profile=wlcg -prefix=/target -authz-id=group:authz-group -non-authz-id=group:non-authz-group");
var identityProviders = OidcAuthPlugin.buildProviders(properties, aClient().build(), Duration.ofSeconds(2));
assertThat(identityProviders, hasSize(1));
IdentityProvider provider = identityProviders.iterator().next();
assertThat(provider.getProfile(), is(instanceOf(WlcgProfile.class)));
WlcgProfile authzWGProfile = (WlcgProfile) provider.getProfile();
assertThat(authzWGProfile.getPrefix(), is(equalTo(FsPath.create("/target"))));
assertThat(authzWGProfile.getAuthzIdentity(), contains(new GroupNamePrincipal("authz-group")));
assertThat(authzWGProfile.getNonAuthzIdentity(), contains(new GroupNamePrincipal("non-authz-group")));
}
Also used :
WlcgProfile(org.dcache.gplazma.oidc.profiles.WlcgProfile)
GroupNamePrincipal(org.dcache.auth.GroupNamePrincipal)
Properties(java.util.Properties)
Test(org.junit.Test)
Example 3 with GroupNamePrincipal
use of org.dcache.auth.GroupNamePrincipal in project dcache by dCache.
the class OidcAuthPluginTest method shouldAcceptWlcgProfileWithNonAuthzPrincipal.
@Test
public void shouldAcceptWlcgProfileWithNonAuthzPrincipal() throws Exception {
Properties properties = new Properties();
properties.setProperty("gplazma.oidc.provider!EXAMPLE", "https://oidc.example.org/ -profile=wlcg -prefix=/target -non-authz-id=group:my-group");
var identityProviders = OidcAuthPlugin.buildProviders(properties, aClient().build(), Duration.ofSeconds(2));
assertThat(identityProviders, hasSize(1));
IdentityProvider provider = identityProviders.iterator().next();
assertThat(provider.getProfile(), is(instanceOf(WlcgProfile.class)));
WlcgProfile authzWGProfile = (WlcgProfile) provider.getProfile();
assertThat(authzWGProfile.getPrefix(), is(equalTo(FsPath.create("/target"))));
assertThat(authzWGProfile.getAuthzIdentity(), is(empty()));
assertThat(authzWGProfile.getNonAuthzIdentity(), contains(new GroupNamePrincipal("my-group")));
}
Also used :
WlcgProfile(org.dcache.gplazma.oidc.profiles.WlcgProfile)
GroupNamePrincipal(org.dcache.auth.GroupNamePrincipal)
Properties(java.util.Properties)
Test(org.junit.Test)
Example 4 with GroupNamePrincipal
use of org.dcache.auth.GroupNamePrincipal in project dcache by dCache.
the class GplazmaMultiMapFileTest method shouldMatchNonPrimarySpecificGroupWithNonPrimaryGroup.
@Test
public void shouldMatchNonPrimarySpecificGroupWithNonPrimaryGroup() throws Exception {
givenConfig("group:test gid:1000,false");
whenMapping(new GroupNamePrincipal("test", false));
assertThat(warnings, is(empty()));
assertThat(mappedPrincipals, hasItem(new GidPrincipal(1000, false)));
}
Also used :
GroupNamePrincipal(org.dcache.auth.GroupNamePrincipal)
GidPrincipal(org.dcache.auth.GidPrincipal)
Test(org.junit.Test)
Example 5 with GroupNamePrincipal
use of org.dcache.auth.GroupNamePrincipal in project dcache by dCache.
the class GplazmaMultiMapFileTest method shouldMatchNonPrimarySpecificGroupWithPrimaryGroup.
@Test
public void shouldMatchNonPrimarySpecificGroupWithPrimaryGroup() throws Exception {
givenConfig("group:test gid:1000,false");
whenMapping(new GroupNamePrincipal("test", true));
assertThat(warnings, is(empty()));
assertThat(mappedPrincipals, hasItem(new GidPrincipal(1000, false)));
}
Also used :
GroupNamePrincipal(org.dcache.auth.GroupNamePrincipal)
GidPrincipal(org.dcache.auth.GidPrincipal)
Test(org.junit.Test)
Aggregations
GroupNamePrincipal (org.dcache.auth.GroupNamePrincipal)14
Test (org.junit.Test)8
GidPrincipal (org.dcache.auth.GidPrincipal)7
Principal (java.security.Principal)5
UidPrincipal (org.dcache.auth.UidPrincipal)4
UserNamePrincipal (org.dcache.auth.UserNamePrincipal)4
Properties (java.util.Properties)3
WlcgProfile (org.dcache.gplazma.oidc.profiles.WlcgProfile)3
CacheException (diskCacheV111.util.CacheException)2
FileExistsCacheException (diskCacheV111.util.FileExistsCacheException)1
FileNotFoundCacheException (diskCacheV111.util.FileNotFoundCacheException)1
FsPath (diskCacheV111.util.FsPath)1
MissingResourceCacheException (diskCacheV111.util.MissingResourceCacheException)1
NotDirCacheException (diskCacheV111.util.NotDirCacheException)1
NotFileCacheException (diskCacheV111.util.NotFileCacheException)1
PermissionDeniedCacheException (diskCacheV111.util.PermissionDeniedCacheException)1
TimeoutCacheException (diskCacheV111.util.TimeoutCacheException)1
CellEndpoint (dmg.cells.nucleus.CellEndpoint)1
HashSet (java.util.HashSet)1
OptionalLong (java.util.OptionalLong)1
