use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class JobServiceTest method testGetJobAssertNoErrorGivenJobRunningAndUserDoesHasPermissions.
@Test
public void testGetJobAssertNoErrorGivenJobRunningAndUserDoesHasPermissions() throws Exception {
jobDefinitionServiceTestHelper.createJobDefinition(ACTIVITI_XML_TEST_USER_TASK_WITH_CLASSPATH);
Job job = jobService.createAndStartJob(jobServiceTestHelper.createJobCreateRequest(TEST_ACTIVITI_NAMESPACE_CD, TEST_ACTIVITI_JOB_NAME));
String username = "username";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(username);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization(TEST_ACTIVITI_NAMESPACE_CD, Arrays.asList(NamespacePermissionEnum.READ)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
try {
jobService.getJob(job.getId(), false);
} catch (AccessDeniedException e) {
fail();
}
}
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class JobServiceTest method testGetJobAssertNoErrorGivenJobCompletedAndUserDoesHasPermissions.
@Test
public void testGetJobAssertNoErrorGivenJobCompletedAndUserDoesHasPermissions() throws Exception {
jobDefinitionServiceTestHelper.createJobDefinition(null);
Job job = jobService.createAndStartJob(jobServiceTestHelper.createJobCreateRequest(TEST_ACTIVITI_NAMESPACE_CD, TEST_ACTIVITI_JOB_NAME));
String username = "username";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(username);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization(TEST_ACTIVITI_NAMESPACE_CD, Arrays.asList(NamespacePermissionEnum.READ)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(username, "password", false, false, false, false, Collections.emptyList(), applicationUser), null));
try {
jobService.getJob(job.getId(), false);
} catch (AccessDeniedException e) {
fail();
}
}
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class CurrentUserServiceTest method testGetCurrentUser.
@Test
public void testGetCurrentUser() throws Exception {
// Create a set of test namespace authorizations.
Set<NamespaceAuthorization> namespaceAuthorizations = new LinkedHashSet<>();
namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE, SUPPORTED_NAMESPACE_PERMISSIONS));
namespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE_2, SUPPORTED_NAMESPACE_PERMISSIONS));
// Create test roles
List<SecurityRoleEntity> securityRoleEntities = securityRoleDaoTestHelper.createTestSecurityRoles();
// Fetch the security role codes to add to the application user.
Set<String> roles = securityRoleEntities.stream().map(SecurityRoleEntity::getCode).collect(Collectors.toSet());
// Override the security context to return an application user populated with test values.
Authentication originalAuthentication = SecurityContextHolder.getContext().getAuthentication();
try {
SecurityContextHolder.getContext().setAuthentication(new Authentication() {
@Override
public String getName() {
return null;
}
@Override
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
}
@Override
public boolean isAuthenticated() {
return false;
}
@Override
public Object getPrincipal() {
List<SimpleGrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority(SECURITY_FUNCTION), new SimpleGrantedAuthority(SECURITY_FUNCTION_2));
ApplicationUser applicationUser = new ApplicationUser(this.getClass());
applicationUser.setUserId(USER_ID);
applicationUser.setRoles(roles);
applicationUser.setNamespaceAuthorizations(namespaceAuthorizations);
return new SecurityUserWrapper(USER_ID, STRING_VALUE, true, true, true, true, authorities, applicationUser);
}
@Override
public Object getDetails() {
return null;
}
@Override
public Object getCredentials() {
return null;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
});
// Get the current user information.
UserAuthorizations userAuthorizations = currentUserService.getCurrentUser();
// Validate the response object.
assertEquals(new UserAuthorizations(USER_ID, new ArrayList<>(namespaceAuthorizations), new ArrayList<>(roles), Arrays.asList(SECURITY_FUNCTION, SECURITY_FUNCTION_2)), userAuthorizations);
} finally {
// Restore the original authentication.
SecurityContextHolder.getContext().setAuthentication(originalAuthentication);
}
}
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertNoExceptionWhenMultipleAnnotationsAndAllPermissionsValid.
/**
* Test where a method is annotated with multiple NamespacePermission annotations. Asserts that the user will all permissions do not throw an exception.
*/
@Test
public void checkPermissionAssertNoExceptionWhenMultipleAnnotationsAndAllPermissionsValid() throws Exception {
// Mock a join point of the method call
// mockMethodMultipleAnnotations("foo", "bar");
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethodMultipleAnnotations", String.class, String.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "namespace1", "namespace2" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
when(joinPoint.getArgs()).thenReturn(new Object[] { "foo", "bar" });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("foo", Arrays.asList(NamespacePermissionEnum.READ)));
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("bar", Arrays.asList(NamespacePermissionEnum.WRITE)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
} catch (AccessDeniedException e) {
fail();
}
}
use of org.finra.herd.model.dto.SecurityUserWrapper in project herd by FINRAOS.
the class NamespaceSecurityAdviceTest method checkPermissionAssertAccessDeniedWhenComplexCaseAndUserHasWrongPermission.
@Test
public void checkPermissionAssertAccessDeniedWhenComplexCaseAndUserHasWrongPermission() throws Exception {
// Mock a join point of the method call
// mockMethod(request);
JoinPoint joinPoint = mock(JoinPoint.class);
MethodSignature methodSignature = mock(MethodSignature.class);
Method method = NamespaceSecurityAdviceTest.class.getDeclaredMethod("mockMethod", BusinessObjectDataNotificationRegistrationCreateRequest.class);
when(methodSignature.getParameterNames()).thenReturn(new String[] { "request" });
when(methodSignature.getMethod()).thenReturn(method);
when(joinPoint.getSignature()).thenReturn(methodSignature);
BusinessObjectDataNotificationRegistrationCreateRequest request = new BusinessObjectDataNotificationRegistrationCreateRequest();
request.setBusinessObjectDataNotificationRegistrationKey(new NotificationRegistrationKey("ns1", null));
request.setBusinessObjectDataNotificationFilter(new BusinessObjectDataNotificationFilter("ns2", null, null, null, null, null, null, null));
request.setJobActions(Arrays.asList(new JobAction("ns3", null, null), new JobAction("ns4", null, null)));
when(joinPoint.getArgs()).thenReturn(new Object[] { request });
String userId = "userId";
ApplicationUser applicationUser = new ApplicationUser(getClass());
applicationUser.setUserId(userId);
applicationUser.setNamespaceAuthorizations(new HashSet<>());
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns1", Arrays.asList(NamespacePermissionEnum.WRITE)));
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns2", Arrays.asList(NamespacePermissionEnum.READ)));
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns3", Arrays.asList(NamespacePermissionEnum.EXECUTE)));
// User does not have the expected EXECUTE permission on ns4
applicationUser.getNamespaceAuthorizations().add(new NamespaceAuthorization("ns4", Arrays.asList(NamespacePermissionEnum.READ)));
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new SecurityUserWrapper(userId, "", false, false, false, false, Arrays.asList(), applicationUser), null));
try {
namespaceSecurityAdvice.checkPermission(joinPoint);
fail();
} catch (Exception e) {
assertEquals(AccessDeniedException.class, e.getClass());
assertEquals(String.format("User \"%s\" does not have \"[EXECUTE]\" permission(s) to the namespace \"ns4\"", userId), e.getMessage());
}
}
Aggregations