Example 21 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class TrustedApplicationUserBuilderTest method testTrustedUserBuilderNoRoles.
@Test
public void testTrustedUserBuilderNoRoles() throws Exception {
// Create a set of test namespace authorizations.
Set<NamespaceAuthorization> namespaceAuthorizations = new LinkedHashSet<>();
namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE, SUPPORTED_NAMESPACE_PERMISSIONS));
namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE_2, SUPPORTED_NAMESPACE_PERMISSIONS));
// Create and persist the relative database entities.
userNamespaceAuthorizationDaoTestHelper.createUserNamespaceAuthorizationEntity(TrustedApplicationUserBuilder.TRUSTED_USER_ID, namespaceDaoTestHelper.createNamespaceEntity(NAMESPACE), SUPPORTED_NAMESPACE_PERMISSIONS);
userNamespaceAuthorizationDaoTestHelper.createUserNamespaceAuthorizationEntity(TrustedApplicationUserBuilder.TRUSTED_USER_ID, namespaceDaoTestHelper.createNamespaceEntity(NAMESPACE_2), SUPPORTED_NAMESPACE_PERMISSIONS);
// Build the trusted user.
ApplicationUser applicationUser = trustedApplicationUserBuilder.buildNoRoles(new MockHttpServletRequest());
// Validate the trusted user.
assertEquals(TrustedApplicationUserBuilder.TRUSTED_USER_ID, applicationUser.getUserId());
assertEquals(TrustedApplicationUserBuilder.TRUSTED_USER_FIRST_NAME, applicationUser.getFirstName());
assertEquals(TrustedApplicationUserBuilder.TRUSTED_USER_LAST_NAME, applicationUser.getLastName());
assertEquals(TrustedApplicationUserBuilder.TRUSTED_USER_EMAIL, applicationUser.getEmail());
assertEquals(namespaceAuthorizations, applicationUser.getNamespaceAuthorizations());
assertEquals(0, applicationUser.getRoles().size());
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Test(org.junit.Test)
AbstractAppTest(org.finra.herd.app.AbstractAppTest)
Example 22 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class JobServiceTest method testDeleteJobAssertNoErrorWhenUserHasPermissions.
@Test
public void testDeleteJobAssertNoErrorWhenUserHasPermissions() throws Exception {
// Start a job that will wait in a receive task
jobDefinitionServiceTestHelper.createJobDefinition(ACTIVITI_XML_TEST_RECEIVE_TASK_WITH_CLASSPATH);
Job job = jobService.createAndStartJob(jobServiceTestHelper.createJobCreateRequest(TEST_ACTIVITI_NAMESPACE_CD, TEST_ACTIVITI_JOB_NAME));
String username = "username";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(username);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization(TEST_ACTIVITI_NAMESPACE_CD, Arrays.asList(NamespacePermissionEnum.EXECUTE)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
try {
jobService.deleteJob(job.getId(), new JobDeleteRequest("test delete reason"));
} catch (AccessDeniedException e) {
fail();
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
JobDeleteRequest(org.finra.herd.model.api.xml.JobDeleteRequest)
Job(org.finra.herd.model.api.xml.Job)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Test(org.junit.Test)
Example 23 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class CurrentUserServiceTest method testGetCurrentUserNoSecurityRolesAndFunctions.
@Test
public void testGetCurrentUserNoSecurityRolesAndFunctions() throws Exception {
// Create a set of test namespace authorizations.
Set<NamespaceAuthorization> namespaceAuthorizations = new LinkedHashSet<>();
namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE, SUPPORTED_NAMESPACE_PERMISSIONS));
namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE_2, SUPPORTED_NAMESPACE_PERMISSIONS));
// Override the security context to return an application user populated with test values.
Authentication originalAuthentication = SecurityContextHolder.getContext().getAuthentication();
try {
SecurityContextHolder.getContext().setAuthentication(new Authentication() {
@Override
public String getName() {
return null;
}
@Override
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
}
@Override
public boolean isAuthenticated() {
return false;
}
@Override
public Object getPrincipal() {
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
ApplicationUser applicationUser = new ApplicationUser(this.getClass());
applicationUser.setUserId(USER_ID);
applicationUser.setNamespaceAuthorizations(namespaceAuthorizations);
return new SecurityUserWrapper(USER_ID, STRING_VALUE, true, true, true, true, authorities, applicationUser);
}
@Override
public Object getDetails() {
return null;
}
@Override
public Object getCredentials() {
return null;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
});
// Get the current user information.
UserAuthorizations userAuthorizations = currentUserService.getCurrentUser();
// Validate the response object.
assertEquals(new UserAuthorizations(USER_ID, new ArrayList<>(namespaceAuthorizations), NO_SECURITY_ROLES, NO_SECURITY_FUNCTIONS), userAuthorizations);
} finally {
// Restore the original authentication.
SecurityContextHolder.getContext().setAuthentication(originalAuthentication);
}
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Authentication(org.springframework.security.core.Authentication)
Collection(java.util.Collection)
ArrayList(java.util.ArrayList)
List(java.util.List)
UserAuthorizations(org.finra.herd.model.api.xml.UserAuthorizations)
Test(org.junit.Test)
Example 24 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class UserNamespaceAuthorizationHelper method buildNamespaceAuthorizations.
/**
* Builds a set of namespace authorizations per specified user and adds them to the application user.
*
* @param applicationUser the application user
*/
public void buildNamespaceAuthorizations(ApplicationUser applicationUser) {
// Get the user id from the application user.
String userId = applicationUser.getUserId();
// Check if user namespace authorization is not enabled or this user is a namespace authorization administrator.
if (BooleanUtils.isNotTrue(configurationHelper.getBooleanProperty(ConfigurationValue.USER_NAMESPACE_AUTHORIZATION_ENABLED)) || isNamespaceAuthorizationAdmin(userId)) {
// Assign all permissions for all namespaces configured in the system.
applicationUser.setNamespaceAuthorizations(getAllNamespaceAuthorizations());
} else {
// Assign a set of namespace authorizations per specified user.
Set<NamespaceAuthorization> namespaceAuthorizations = new HashSet<>();
applicationUser.setNamespaceAuthorizations(namespaceAuthorizations);
for (UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity : userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserId(userId)) {
namespaceAuthorizations.add(toNamespaceAuthorization(userNamespaceAuthorizationEntity));
}
// Search authorizations by wildcard token
for (UserNamespaceAuthorizationEntity wildcardEntity : userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserIdStartsWith(WildcardHelper.WILDCARD_TOKEN)) {
if (wildcardHelper.matches(userId.toUpperCase(), wildcardEntity.getUserId().toUpperCase())) {
namespaceAuthorizations.add(toNamespaceAuthorization(wildcardEntity));
}
}
}
}
Also used :
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
UserNamespaceAuthorizationEntity(org.finra.herd.model.jpa.UserNamespaceAuthorizationEntity)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Example 25 with NamespaceAuthorization
use of org.finra.herd.model.api.xml.NamespaceAuthorization in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertNoExceptionWhenComplexCaseAndUserHasAllPermissions.
@Test
public void checkPermissionAssertNoExceptionWhenComplexCaseAndUserHasAllPermissions() throws Exception {
// Mock a join point of the method call
// mockMethod(request);
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", BusinessObjectDataNotificationRegistrationCreateRequest.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "request" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
BusinessObjectDataNotificationRegistrationCreateRequest request = new BusinessObjectDataNotificationRegistrationCreateRequest();
request.setBusinessObjectDataNotificationRegistrationKey(new NotificationRegistrationKey("ns1", null));
request.setBusinessObjectDataNotificationFilter(new BusinessObjectDataNotificationFilter("ns2", null, null, null, null, null, null, null));
request.setJobActions(Arrays.asList(new JobAction("ns3", null, null), new JobAction("ns4", null, null)));
when(joinPoint.getArgs()).thenReturn(new Object[] { request });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns1", Arrays.asList(NamespacePermissionEnum.WRITE)));
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns2", Arrays.asList(NamespacePermissionEnum.READ)));
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns3", Arrays.asList(NamespacePermissionEnum.EXECUTE)));
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns4", Arrays.asList(NamespacePermissionEnum.EXECUTE)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
} catch (AccessDeniedException e) {
fail();
}
}
Also used :
ApplicationUser(org.finra.herd.model.dto.ApplicationUser)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
MethodSignature(org.aspectj.lang.reflect.MethodSignature)
BusinessObjectDataNotificationRegistrationCreateRequest(org.finra.herd.model.api.xml.BusinessObjectDataNotificationRegistrationCreateRequest)
BusinessObjectDataNotificationFilter(org.finra.herd.model.api.xml.BusinessObjectDataNotificationFilter)
SecurityUserWrapper(org.finra.herd.model.dto.SecurityUserWrapper)
NamespaceAuthorization(org.finra.herd.model.api.xml.NamespaceAuthorization)
Method(java.lang.reflect.Method)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
JoinPoint(org.aspectj.lang.JoinPoint)
JobAction(org.finra.herd.model.api.xml.JobAction)
NotificationRegistrationKey(org.finra.herd.model.api.xml.NotificationRegistrationKey)
AbstractServiceTest(org.finra.herd.service.AbstractServiceTest)
Test(org.junit.Test)
Aggregations
NamespaceAuthorization (org.finra.herd.model.api.xml.NamespaceAuthorization)33
Test (org.junit.Test)29
ApplicationUser (org.finra.herd.model.dto.ApplicationUser)25
SecurityUserWrapper (org.finra.herd.model.dto.SecurityUserWrapper)22
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)20
AccessDeniedException (org.springframework.security.access.AccessDeniedException)17
Method (java.lang.reflect.Method)14
JoinPoint (org.aspectj.lang.JoinPoint)14
MethodSignature (org.aspectj.lang.reflect.MethodSignature)14
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)14
LinkedHashSet (java.util.LinkedHashSet)7
ArrayList (java.util.ArrayList)5
HashSet (java.util.HashSet)5
AbstractAppTest (org.finra.herd.app.AbstractAppTest)5
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5
MockFilterChain (org.springframework.mock.web.MockFilterChain)4
MockFilterConfig (org.springframework.mock.web.MockFilterConfig)4
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)4
Job (org.finra.herd.model.api.xml.Job)3
UserAuthorizations (org.finra.herd.model.api.xml.UserAuthorizations)3
