Examples with JaxbRole org.opencastproject.security.api.JaxbRole used on opensource projects

Example 21 with JaxbRole

use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.

the class AdminUIEventSearchQueryTest method setUp.

@Before
public void setUp() throws Exception {
    rightOrg = new JaxbOrganization(RIGHT_ORG);
    wrongOrg = new JaxbOrganization(WRONG_ORG);
    wrongOrgAdminUser = new JaxbUser("Wrong Org User", "Provider", wrongOrg, new JaxbRole(ORG_OWNER, wrongOrg));
    totalAdmin = new JaxbUser("Total Admin User", "Provider", rightOrg, new JaxbRole(TOTAL_ADMIN, rightOrg));
    noAccessUser = new JaxbUser("No Access User", "Provider", rightOrg, new JaxbRole(VIEWER, rightOrg));
    wrongRolesUser = new JaxbUser("Wrong Role User", "Provider", rightOrg, new JaxbRole("Wrong:Role", rightOrg));
    readAccessUser = new JaxbUser("Read Access User", "Provider", rightOrg, new JaxbRole(EDITOR, rightOrg));
    writeAccessUser = new JaxbUser("Write Access User", "Provider", rightOrg, new JaxbRole(PRODUCER, rightOrg));
    populateIndex();
}

Example 22 with JaxbRole

use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.

the class RemoteUserAndOrganizationFilterTest method testUserSwitchingToAdminForbidden.

@Test
public void testUserSwitchingToAdminForbidden() throws IOException {
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    filter.setSecurityService(securityService);
    EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
    EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
    EasyMock.replay(securityService);
    User defaultUser = new JaxbUser("admin", "test", new DefaultOrganization(), new JaxbRole(SecurityConstants.GLOBAL_SUDO_ROLE, new DefaultOrganization()));
    userResponder.setResponse(defaultUser);
    switchingUserResponder.setResponse(defaultUser);
    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    EasyMock.expect(request.getHeader(SecurityConstants.USER_HEADER)).andReturn("admin").anyTimes();
    EasyMock.replay(request);
    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    response.sendError(EasyMock.anyInt());
    EasyMock.expectLastCall().times(1);
    EasyMock.replay(response);
    try {
        filter.doFilter(request, response, chain);
    } catch (Exception e) {
        Assert.fail(e.getMessage());
    }
    EasyMock.verify(response);
}

Example 23 with JaxbRole

use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.

the class RemoteUserAndOrganizationFilterTest method testUserSwitching.

@Test
public void testUserSwitching() throws IOException {
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    filter.setSecurityService(securityService);
    EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
    EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
    securityService.setUser(EasyMock.anyObject(User.class));
    EasyMock.expectLastCall().times(2);
    EasyMock.replay(securityService);
    User defaultUser = new JaxbUser("admin", "test", new DefaultOrganization(), new JaxbRole(SecurityConstants.GLOBAL_SUDO_ROLE, new DefaultOrganization()));
    userResponder.setResponse(defaultUser);
    HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    EasyMock.expect(request.getHeader(SecurityConstants.USER_HEADER)).andReturn("joe").anyTimes();
    EasyMock.replay(request);
    HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    EasyMock.replay(response);
    try {
        filter.doFilter(request, response, chain);
    } catch (Exception e) {
        Assert.fail(e.getMessage());
    }
    EasyMock.verify(securityService);
}

Example 24 with JaxbRole

use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.

the class ThemesServiceDatabaseTest method setUp.

/**
 * @throws java.lang.Exception
 */
@Before
public void setUp() throws Exception {
    // Mock up a security service
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    User user = new JaxbUser("admin", "test", new DefaultOrganization(), new JaxbRole(SecurityConstants.GLOBAL_ADMIN_ROLE, new DefaultOrganization()));
    EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
    EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
    EasyMock.replay(securityService);
    UserDirectoryService userDirectoryService = EasyMock.createNiceMock(UserDirectoryService.class);
    EasyMock.expect(userDirectoryService.loadUser(EasyMock.anyString())).andReturn(user).anyTimes();
    EasyMock.replay(userDirectoryService);
    MessageSender messageSender = EasyMock.createNiceMock(MessageSender.class);
    messageSender.sendObjectMessage(EasyMock.anyObject(String.class), EasyMock.anyObject(MessageSender.DestinationType.class), EasyMock.anyObject(Serializable.class));
    EasyMock.expectLastCall().anyTimes();
    EasyMock.replay(messageSender);
    themesDatabase = new ThemesServiceDatabaseImpl();
    themesDatabase.setEntityManagerFactory(newTestEntityManagerFactory(ThemesServiceDatabaseImpl.PERSISTENCE_UNIT));
    themesDatabase.setSecurityService(securityService);
    themesDatabase.setUserDirectoryService(userDirectoryService);
    themesDatabase.setMessageSender(messageSender);
    themesDatabase.activate(null);
}

Example 25 with JaxbRole

use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.

the class CaptureAgentStateServiceImplTest method testAgentVisibility.

@Test
public void testAgentVisibility() throws Exception {
    // Create a new capture agent called "visibility"
    String agentName = "visibility";
    service.setAgentState(agentName, IDLE);
    // Ensure we can see it
    assertEquals(1, service.getKnownAgents().size());
    // Set the roles allowed to use this agent
    Set<String> roles = new HashSet<>();
    roles.add("a_role_we_do_not_have");
    AgentImpl agent = (AgentImpl) service.getAgent(agentName);
    agent.setSchedulerRoles(roles);
    service.updateAgentInDatabase(agent);
    // Since we are an organizational admin, we should still see the agent
    assertEquals(1, service.getKnownAgents().size());
    // Use a security service that identifies us as a non-administrative user
    DefaultOrganization organization = new DefaultOrganization();
    HashSet<JaxbRole> roleSet = new HashSet<>();
    roleSet.add(new JaxbRole("ROLE_NOT_ADMIN", organization, ""));
    User user = new JaxbUser("testuser", "test", organization, roleSet);
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
    EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
    EasyMock.replay(securityService);
    service.setSecurityService(securityService);
    // Ensure we can no longer see the agent, since we don't have an administrative role
    assertEquals(0, service.getKnownAgents().size());
// TODO: Do we need to enforce access strictly? If someone asks for an agent by name, but they do not have the
// appropriate scheduler role, should we throw UnauthorizedException?
}