Search in sources :

Example 1 with UnassertedRole

use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.

the class UserResource method getUserAttributes.

@GET
@ApiOperation(value = "Provide information about the current user.", notes = "An introspection endpoint to allow the client to discover " + "information about the current user.")
@Produces(MediaType.APPLICATION_JSON)
public UserAttributes getUserAttributes(@Context HttpServletRequest request) {
    UserAttributes user = new UserAttributes();
    Subject subject = RequestUser.getSubject();
    if (Subjects.isNobody(subject)) {
        user.setStatus(UserAttributes.AuthenticationStatus.ANONYMOUS);
        user.setUid(null);
        user.setGids(null);
        user.setRoles(null);
    } else {
        user.setStatus(UserAttributes.AuthenticationStatus.AUTHENTICATED);
        user.setUid(Subjects.getUid(subject));
        user.setUsername(Subjects.getUserName(subject));
        List<Long> gids = Arrays.stream(Subjects.getGids(subject)).boxed().collect(Collectors.toList());
        user.setGids(gids);
        List<String> emails = Subjects.getEmailAddresses(subject);
        user.setEmail(emails.isEmpty() ? null : emails);
        for (LoginAttribute attribute : getLoginAttributes(request)) {
            if (attribute instanceof HomeDirectory) {
                user.setHomeDirectory(((HomeDirectory) attribute).getHome());
            } else if (attribute instanceof RootDirectory) {
                user.setRootDirectory(((RootDirectory) attribute).getRoot());
            } else if (attribute instanceof Role) {
                if (user.getRoles() == null) {
                    user.setRoles(new ArrayList<>());
                }
                user.getRoles().add(((Role) attribute).getRole());
            } else if (attribute instanceof UnassertedRole) {
                if (user.getUnassertedRoles() == null) {
                    user.setUnassertedRoles(new ArrayList<>());
                }
                user.getUnassertedRoles().add(((UnassertedRole) attribute).getRole());
            }
        }
    }
    return user;
}
Also used : UnassertedRole(org.dcache.auth.attributes.UnassertedRole) HomeDirectory(org.dcache.auth.attributes.HomeDirectory) LoginAttribute(org.dcache.auth.attributes.LoginAttribute) ArrayList(java.util.ArrayList) RootDirectory(org.dcache.auth.attributes.RootDirectory) Subject(javax.security.auth.Subject) UserAttributes(org.dcache.restful.providers.UserAttributes) Role(org.dcache.auth.attributes.Role) UnassertedRole(org.dcache.auth.attributes.UnassertedRole) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Example 2 with UnassertedRole

use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.

the class RolesPluginTest method testDesiredObserverWithAdminRolesWithSameGid.

@Test
public void testDesiredObserverWithAdminRolesWithSameGid() throws Exception {
    given(rolesPlugin().withAdminGid(0).withObserverGid(0));
    whenInvokingSessionWith(aSetOfPrincipals().withPrimaryGid(1000).withGid(0).withDesiredRole("observer"));
    assertThat(attributes, not(hasItem(new UnassertedRole("observer"))));
    assertThat(attributes, hasItem(new UnassertedRole("admin")));
    assertThat(attributes, hasItem(new Role("observer")));
    assertThat(attributes, not(hasItem(new Role("admin"))));
}
Also used : UnassertedRole(org.dcache.auth.attributes.UnassertedRole) Role(org.dcache.auth.attributes.Role) UnassertedRole(org.dcache.auth.attributes.UnassertedRole) Test(org.junit.Test)

Example 3 with UnassertedRole

use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.

the class RolesPluginTest method testAdminAndObserverRolesWithSameGid.

@Test
public void testAdminAndObserverRolesWithSameGid() throws Exception {
    given(rolesPlugin().withAdminGid(0).withObserverGid(0));
    whenInvokingSessionWith(aSetOfPrincipals().withPrimaryGid(1000).withGid(0));
    assertThat(attributes, hasItem(new UnassertedRole("admin")));
    assertThat(attributes, hasItem(new UnassertedRole("observer")));
    assertThat(attributes, not(hasItem(new Role("admin"))));
    assertThat(attributes, not(hasItem(new Role("observer"))));
}
Also used : UnassertedRole(org.dcache.auth.attributes.UnassertedRole) Role(org.dcache.auth.attributes.Role) UnassertedRole(org.dcache.auth.attributes.UnassertedRole) Test(org.junit.Test)

Example 4 with UnassertedRole

use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.

the class RolesPluginTest method testDesiredAdminWithObserverRolesWithSameGid.

@Test
public void testDesiredAdminWithObserverRolesWithSameGid() throws Exception {
    given(rolesPlugin().withAdminGid(0).withObserverGid(0));
    whenInvokingSessionWith(aSetOfPrincipals().withPrimaryGid(1000).withGid(0).withDesiredRole("admin"));
    assertThat(attributes, not(hasItem(new UnassertedRole("admin"))));
    assertThat(attributes, hasItem(new UnassertedRole("observer")));
    assertThat(attributes, hasItem(new Role("admin")));
    assertThat(attributes, not(hasItem(new Role("observer"))));
}
Also used : UnassertedRole(org.dcache.auth.attributes.UnassertedRole) Role(org.dcache.auth.attributes.Role) UnassertedRole(org.dcache.auth.attributes.UnassertedRole) Test(org.junit.Test)

Example 5 with UnassertedRole

use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.

the class RolesPluginTest method testNonAdminNoDesiredRoleLogin.

@Test
public void testNonAdminNoDesiredRoleLogin() throws Exception {
    given(rolesPlugin().withAdminGid(10));
    whenInvokingSessionWith(aSetOfPrincipals().withPrimaryGid(1000));
    assertThat(attributes, not(hasItem(new Role("admin"))));
    assertThat(attributes, not(hasItem(new UnassertedRole("admin"))));
}
Also used : Role(org.dcache.auth.attributes.Role) UnassertedRole(org.dcache.auth.attributes.UnassertedRole) UnassertedRole(org.dcache.auth.attributes.UnassertedRole) Test(org.junit.Test)

Aggregations

Role (org.dcache.auth.attributes.Role)15 UnassertedRole (org.dcache.auth.attributes.UnassertedRole)15 Test (org.junit.Test)14 ApiOperation (io.swagger.annotations.ApiOperation)1 ArrayList (java.util.ArrayList)1 Subject (javax.security.auth.Subject)1 GET (javax.ws.rs.GET)1 Produces (javax.ws.rs.Produces)1 HomeDirectory (org.dcache.auth.attributes.HomeDirectory)1 LoginAttribute (org.dcache.auth.attributes.LoginAttribute)1 RootDirectory (org.dcache.auth.attributes.RootDirectory)1 UserAttributes (org.dcache.restful.providers.UserAttributes)1