Example 1 with UnassertedRole
use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.
the class UserResource method getUserAttributes.
@GET
@ApiOperation(value = "Provide information about the current user.", notes = "An introspection endpoint to allow the client to discover " + "information about the current user.")
@Produces(MediaType.APPLICATION_JSON)
public UserAttributes getUserAttributes(@Context HttpServletRequest request) {
UserAttributes user = new UserAttributes();
Subject subject = RequestUser.getSubject();
if (Subjects.isNobody(subject)) {
user.setStatus(UserAttributes.AuthenticationStatus.ANONYMOUS);
user.setUid(null);
user.setGids(null);
user.setRoles(null);
} else {
user.setStatus(UserAttributes.AuthenticationStatus.AUTHENTICATED);
user.setUid(Subjects.getUid(subject));
user.setUsername(Subjects.getUserName(subject));
List<Long> gids = Arrays.stream(Subjects.getGids(subject)).boxed().collect(Collectors.toList());
user.setGids(gids);
List<String> emails = Subjects.getEmailAddresses(subject);
user.setEmail(emails.isEmpty() ? null : emails);
for (LoginAttribute attribute : getLoginAttributes(request)) {
if (attribute instanceof HomeDirectory) {
user.setHomeDirectory(((HomeDirectory) attribute).getHome());
} else if (attribute instanceof RootDirectory) {
user.setRootDirectory(((RootDirectory) attribute).getRoot());
} else if (attribute instanceof Role) {
if (user.getRoles() == null) {
user.setRoles(new ArrayList<>());
}
user.getRoles().add(((Role) attribute).getRole());
} else if (attribute instanceof UnassertedRole) {
if (user.getUnassertedRoles() == null) {
user.setUnassertedRoles(new ArrayList<>());
}
user.getUnassertedRoles().add(((UnassertedRole) attribute).getRole());
}
}
}
return user;
}
Also used :
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
HomeDirectory(org.dcache.auth.attributes.HomeDirectory)
LoginAttribute(org.dcache.auth.attributes.LoginAttribute)
ArrayList(java.util.ArrayList)
RootDirectory(org.dcache.auth.attributes.RootDirectory)
Subject(javax.security.auth.Subject)
UserAttributes(org.dcache.restful.providers.UserAttributes)
Role(org.dcache.auth.attributes.Role)
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 2 with UnassertedRole
use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.
the class RolesPluginTest method testDesiredObserverWithAdminRolesWithSameGid.
@Test
public void testDesiredObserverWithAdminRolesWithSameGid() throws Exception {
given(rolesPlugin().withAdminGid(0).withObserverGid(0));
whenInvokingSessionWith(aSetOfPrincipals().withPrimaryGid(1000).withGid(0).withDesiredRole("observer"));
assertThat(attributes, not(hasItem(new UnassertedRole("observer"))));
assertThat(attributes, hasItem(new UnassertedRole("admin")));
assertThat(attributes, hasItem(new Role("observer")));
assertThat(attributes, not(hasItem(new Role("admin"))));
}
Also used :
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
Role(org.dcache.auth.attributes.Role)
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
Test(org.junit.Test)
Example 3 with UnassertedRole
use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.
the class RolesPluginTest method testAdminAndObserverRolesWithSameGid.
@Test
public void testAdminAndObserverRolesWithSameGid() throws Exception {
given(rolesPlugin().withAdminGid(0).withObserverGid(0));
whenInvokingSessionWith(aSetOfPrincipals().withPrimaryGid(1000).withGid(0));
assertThat(attributes, hasItem(new UnassertedRole("admin")));
assertThat(attributes, hasItem(new UnassertedRole("observer")));
assertThat(attributes, not(hasItem(new Role("admin"))));
assertThat(attributes, not(hasItem(new Role("observer"))));
}
Also used :
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
Role(org.dcache.auth.attributes.Role)
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
Test(org.junit.Test)
Example 4 with UnassertedRole
use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.
the class RolesPluginTest method testDesiredAdminWithObserverRolesWithSameGid.
@Test
public void testDesiredAdminWithObserverRolesWithSameGid() throws Exception {
given(rolesPlugin().withAdminGid(0).withObserverGid(0));
whenInvokingSessionWith(aSetOfPrincipals().withPrimaryGid(1000).withGid(0).withDesiredRole("admin"));
assertThat(attributes, not(hasItem(new UnassertedRole("admin"))));
assertThat(attributes, hasItem(new UnassertedRole("observer")));
assertThat(attributes, hasItem(new Role("admin")));
assertThat(attributes, not(hasItem(new Role("observer"))));
}
Also used :
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
Role(org.dcache.auth.attributes.Role)
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
Test(org.junit.Test)
Example 5 with UnassertedRole
use of org.dcache.auth.attributes.UnassertedRole in project dcache by dCache.
the class RolesPluginTest method testNonAdminNoDesiredRoleLogin.
@Test
public void testNonAdminNoDesiredRoleLogin() throws Exception {
given(rolesPlugin().withAdminGid(10));
whenInvokingSessionWith(aSetOfPrincipals().withPrimaryGid(1000));
assertThat(attributes, not(hasItem(new Role("admin"))));
assertThat(attributes, not(hasItem(new UnassertedRole("admin"))));
}
Also used :
Role(org.dcache.auth.attributes.Role)
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
UnassertedRole(org.dcache.auth.attributes.UnassertedRole)
Test(org.junit.Test)
Aggregations
Role (org.dcache.auth.attributes.Role)15
UnassertedRole (org.dcache.auth.attributes.UnassertedRole)15
Test (org.junit.Test)14
ApiOperation (io.swagger.annotations.ApiOperation)1
ArrayList (java.util.ArrayList)1
Subject (javax.security.auth.Subject)1
GET (javax.ws.rs.GET)1
Produces (javax.ws.rs.Produces)1
HomeDirectory (org.dcache.auth.attributes.HomeDirectory)1
LoginAttribute (org.dcache.auth.attributes.LoginAttribute)1
RootDirectory (org.dcache.auth.attributes.RootDirectory)1
UserAttributes (org.dcache.restful.providers.UserAttributes)1
