Search in sources :

Example 21 with AuthorizationService

use of org.opencastproject.security.api.AuthorizationService in project opencast by opencast.

the class WorkflowServiceImplAuthzTest method setUp.

@Before
public void setUp() throws Exception {
    Map<String, Integer> servers = new HashMap<String, Integer>();
    servers.put("http://somewhere", 80);
    defaultOrganization = new DefaultOrganization();
    otherOrganization = new JaxbOrganization("other_org", "Another organization", servers, defaultOrganization.getAdminRole(), defaultOrganization.getAnonymousRole(), null);
    JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(defaultOrganization);
    instructor1 = new JaxbUser("instructor1", "test", jaxbOrganization, new JaxbRole("ROLE_INSTRUCTOR", jaxbOrganization));
    instructor2 = new JaxbUser("instructor2", "test", jaxbOrganization, new JaxbRole("ROLE_INSTRUCTOR", jaxbOrganization));
    JaxbOrganization differentOrg = new JaxbOrganization("differentorg");
    instructorFromDifferentOrg = new JaxbUser("instructor3", "test", differentOrg, new JaxbRole("ROLE_INSTRUCTOR", differentOrg));
    JaxbOrganization doesntMatterOrg = new JaxbOrganization("org doesn't matter");
    globalAdmin = new JaxbUser("global_admin", "test", doesntMatterOrg, new JaxbRole(SecurityConstants.GLOBAL_ADMIN_ROLE, doesntMatterOrg));
    users = new HashMap<String, User>();
    users.put(instructor1.getUsername(), instructor1);
    users.put(instructor2.getUsername(), instructor2);
    users.put(instructorFromDifferentOrg.getUsername(), instructorFromDifferentOrg);
    users.put(DEFAULT_ORG_ADMIN.getUsername(), DEFAULT_ORG_ADMIN);
    users.put(globalAdmin.getUsername(), globalAdmin);
    service = new WorkflowServiceImpl() {

        @Override
        public Set<HandlerRegistration> getRegisteredHandlers() {
            return new HashSet<WorkflowServiceImpl.HandlerRegistration>();
        }
    };
    scanner = new WorkflowDefinitionScanner();
    service.addWorkflowDefinitionScanner(scanner);
    // Organization Service
    List<Organization> organizationList = new ArrayList<Organization>();
    organizationList.add(defaultOrganization);
    OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
    EasyMock.expect(organizationDirectoryService.getOrganization((String) EasyMock.anyObject())).andAnswer(new IAnswer<Organization>() {

        @Override
        public Organization answer() throws Throwable {
            String orgId = (String) EasyMock.getCurrentArguments()[0];
            Map<String, Integer> servers = new HashMap<String, Integer>();
            servers.put("http://" + orgId, 80);
            defaultOrganization = new DefaultOrganization();
            return new JaxbOrganization(orgId, orgId, servers, "ROLE_ADMIN", "ROLE_ANONYMOUS", null);
        }
    }).anyTimes();
    EasyMock.expect(organizationDirectoryService.getOrganizations()).andReturn(organizationList).anyTimes();
    EasyMock.replay(organizationDirectoryService);
    service.setOrganizationDirectoryService(organizationDirectoryService);
    // Metadata Service
    MediaPackageMetadataService mds = EasyMock.createNiceMock(MediaPackageMetadataService.class);
    EasyMock.replay(mds);
    service.addMetadataService(mds);
    // Workspace
    workspace = EasyMock.createNiceMock(Workspace.class);
    EasyMock.expect(workspace.getCollectionContents((String) EasyMock.anyObject())).andReturn(new URI[0]);
    EasyMock.replay(workspace);
    // User Directory
    UserDirectoryService userDirectoryService = EasyMock.createMock(UserDirectoryService.class);
    EasyMock.expect(userDirectoryService.loadUser((String) EasyMock.anyObject())).andAnswer(new IAnswer<User>() {

        @Override
        public User answer() throws Throwable {
            String userName = (String) EasyMock.getCurrentArguments()[0];
            return users.get(userName);
        }
    }).anyTimes();
    EasyMock.replay(userDirectoryService);
    service.setUserDirectoryService(userDirectoryService);
    // security service
    userResponder = new Responder<User>(DEFAULT_ORG_ADMIN);
    organizationResponder = new Responder<Organization>(defaultOrganization);
    securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
    EasyMock.expect(securityService.getOrganization()).andAnswer(organizationResponder).anyTimes();
    EasyMock.replay(securityService);
    service.setSecurityService(securityService);
    // Authorization Service
    AuthorizationService authzService = EasyMock.createNiceMock(AuthorizationService.class);
    EasyMock.replay(authzService);
    service.setAuthorizationService(authzService);
    MessageSender messageSender = EasyMock.createNiceMock(MessageSender.class);
    EasyMock.replay(messageSender);
    // Service Registry
    serviceRegistry = new ServiceRegistryInMemoryImpl(service, securityService, userDirectoryService, organizationDirectoryService, EasyMock.createNiceMock(IncidentService.class));
    service.setServiceRegistry(serviceRegistry);
    // Search Index
    sRoot = new File(getStorageRoot());
    FileUtils.forceMkdir(sRoot);
    dao = new WorkflowServiceSolrIndex();
    dao.setServiceRegistry(serviceRegistry);
    dao.setAuthorizationService(authzService);
    dao.setSecurityService(securityService);
    dao.setOrgDirectory(organizationDirectoryService);
    dao.solrRoot = sRoot + File.separator + "solr." + System.currentTimeMillis();
    dao.activate("System Admin");
    service.setDao(dao);
    service.setMessageSender(messageSender);
    // Activate
    service.activate(null);
}
Also used : User(org.opencastproject.security.api.User) JaxbUser(org.opencastproject.security.api.JaxbUser) HashSet(java.util.HashSet) Set(java.util.Set) Organization(org.opencastproject.security.api.Organization) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) HashMap(java.util.HashMap) MessageSender(org.opencastproject.message.broker.api.MessageSender) ArrayList(java.util.ArrayList) MediaPackageMetadataService(org.opencastproject.metadata.api.MediaPackageMetadataService) JaxbUser(org.opencastproject.security.api.JaxbUser) SecurityService(org.opencastproject.security.api.SecurityService) ServiceRegistryInMemoryImpl(org.opencastproject.serviceregistry.api.ServiceRegistryInMemoryImpl) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) UserDirectoryService(org.opencastproject.security.api.UserDirectoryService) IAnswer(org.easymock.IAnswer) JaxbRole(org.opencastproject.security.api.JaxbRole) AuthorizationService(org.opencastproject.security.api.AuthorizationService) File(java.io.File) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService) Workspace(org.opencastproject.workspace.api.Workspace) Before(org.junit.Before)

Example 22 with AuthorizationService

use of org.opencastproject.security.api.AuthorizationService in project opencast by opencast.

the class WorkflowServiceImplAuthzTest method testWorkflowWithSecurityPolicy.

@Test
public void testWorkflowWithSecurityPolicy() throws Exception {
    // Create an ACL for the authorization service to return
    AccessControlList acl = new AccessControlList();
    acl.getEntries().add(new AccessControlEntry("ROLE_INSTRUCTOR", Permissions.Action.READ.toString(), true));
    acl.getEntries().add(new AccessControlEntry("ROLE_INSTRUCTOR", Permissions.Action.WRITE.toString(), true));
    // Mock up an authorization service that always returns "true" for hasPermission()
    AuthorizationService authzService = EasyMock.createNiceMock(AuthorizationService.class);
    EasyMock.expect(authzService.getActiveAcl((MediaPackage) EasyMock.anyObject())).andReturn(Tuple.tuple(acl, AclScope.Series)).anyTimes();
    EasyMock.expect(authzService.hasPermission((MediaPackage) EasyMock.anyObject(), (String) EasyMock.anyObject())).andReturn(true).anyTimes();
    EasyMock.replay(authzService);
    service.setAuthorizationService(authzService);
    dao.setAuthorizationService(authzService);
    // Create the workflow and its dependent object graph
    WorkflowDefinitionImpl def = new WorkflowDefinitionImpl();
    def.add(new WorkflowOperationDefinitionImpl("op1", "op1", null, true));
    MediaPackage mp = MediaPackageBuilderFactory.newInstance().newMediaPackageBuilder().createNew();
    // As an instructor, create a workflow. We don't care if it passes or fails. We just care about access to it.
    userResponder.setResponse(instructor1);
    WorkflowInstance workflow = service.start(def, mp);
    service.suspend(workflow.getId());
    // Ensure that this instructor can access the workflow
    try {
        service.getWorkflowById(workflow.getId());
        assertEquals(1, service.countWorkflowInstances());
    } catch (Exception e) {
        fail(e.getMessage());
    }
    // Ensure the organization admin can access that workflow
    userResponder.setResponse(DEFAULT_ORG_ADMIN);
    try {
        service.getWorkflowById(workflow.getId());
        assertEquals(1, service.countWorkflowInstances());
    } catch (Exception e) {
        fail(e.getMessage());
    }
    // Ensure the global admin can access that workflow
    userResponder.setResponse(globalAdmin);
    try {
        service.getWorkflowById(workflow.getId());
        assertEquals(1, service.countWorkflowInstances());
    } catch (Exception e) {
        fail(e.getMessage());
    }
    // Ensure the other instructor from this organization can also see the workflow, since this is specified in the
    // security policy
    userResponder.setResponse(instructor2);
    try {
        service.getWorkflowById(workflow.getId());
        assertEquals(1, service.countWorkflowInstances());
    } catch (Exception e) {
        fail(e.getMessage());
    }
    // TODO change to answer show in episode or series how to do it. Cool stuff
    // Ensure the instructor from a different org can not see the workflow, even though they share the same role
    organizationResponder.setResponse(otherOrganization);
    userResponder.setResponse(instructorFromDifferentOrg);
    try {
        service.getWorkflowById(workflow.getId());
        fail();
    } catch (Exception e) {
    // expected
    }
    assertEquals(0, service.countWorkflowInstances());
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) WorkflowOperationDefinitionImpl(org.opencastproject.workflow.api.WorkflowOperationDefinitionImpl) WorkflowDefinitionImpl(org.opencastproject.workflow.api.WorkflowDefinitionImpl) AuthorizationService(org.opencastproject.security.api.AuthorizationService) MediaPackage(org.opencastproject.mediapackage.MediaPackage) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) WorkflowInstance(org.opencastproject.workflow.api.WorkflowInstance) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) Test(org.junit.Test)

Aggregations

AuthorizationService (org.opencastproject.security.api.AuthorizationService)22 MediaPackage (org.opencastproject.mediapackage.MediaPackage)18 SecurityService (org.opencastproject.security.api.SecurityService)17 DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)13 Workspace (org.opencastproject.workspace.api.Workspace)13 Before (org.junit.Before)12 AccessControlList (org.opencastproject.security.api.AccessControlList)12 OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)12 File (java.io.File)11 InputStream (java.io.InputStream)11 MessageSender (org.opencastproject.message.broker.api.MessageSender)10 Organization (org.opencastproject.security.api.Organization)10 UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)10 ServiceRegistryInMemoryImpl (org.opencastproject.serviceregistry.api.ServiceRegistryInMemoryImpl)10 ArrayList (java.util.ArrayList)8 HashSet (java.util.HashSet)8 Set (java.util.Set)8 MediaPackageBuilder (org.opencastproject.mediapackage.MediaPackageBuilder)8 MediaPackageMetadataService (org.opencastproject.metadata.api.MediaPackageMetadataService)8 IOException (java.io.IOException)7