Example 31 with JaxbRole
use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.
the class RemoteUserAndOrganizationFilterTest method setUp.
/**
* @throws java.lang.Exception
*/
@Before
public void setUp() throws Exception {
defaultUser = new JaxbUser("admin", "test", new DefaultOrganization(), new JaxbRole(SecurityConstants.GLOBAL_ADMIN_ROLE, new DefaultOrganization()));
switchingUser = new JaxbUser("switch", "test", new DefaultOrganization(), new JaxbRole("ROLE_USER", new DefaultOrganization()));
userResponder = new Responder<User>(defaultUser);
chain = EasyMock.createNiceMock(FilterChain.class);
EasyMock.replay(chain);
UserDirectoryService userDirectoryService = EasyMock.createNiceMock(UserDirectoryService.class);
switchingUserResponder = new Responder<User>(switchingUser);
EasyMock.expect(userDirectoryService.loadUser(EasyMock.anyObject(String.class))).andAnswer(switchingUserResponder).anyTimes();
EasyMock.replay(userDirectoryService);
OrganizationDirectoryService organizationDirectoryService = EasyMock.createNiceMock(OrganizationDirectoryService.class);
EasyMock.expect(organizationDirectoryService.getOrganization(EasyMock.anyObject(String.class))).andReturn(new DefaultOrganization()).anyTimes();
EasyMock.replay(organizationDirectoryService);
filter = new RemoteUserAndOrganizationFilter();
filter.setOrganizationDirectoryService(organizationDirectoryService);
filter.setUserDirectoryService(userDirectoryService);
}
Also used :
JaxbRole(org.opencastproject.security.api.JaxbRole)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
FilterChain(javax.servlet.FilterChain)
JaxbUser(org.opencastproject.security.api.JaxbUser)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
UserDirectoryService(org.opencastproject.security.api.UserDirectoryService)
OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService)
Before(org.junit.Before)
Example 32 with JaxbRole
use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.
the class RemoteUserAndOrganizationFilterTest method testRolesSwitchingForbiddenAdmin.
@Test
public void testRolesSwitchingForbiddenAdmin() throws IOException {
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
filter.setSecurityService(securityService);
EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
EasyMock.replay(securityService);
User defaultUser = new JaxbUser("admin", "test", new DefaultOrganization(), new JaxbRole(SecurityConstants.GLOBAL_SUDO_ROLE, new DefaultOrganization()));
userResponder.setResponse(defaultUser);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
EasyMock.expect(request.getHeader(SecurityConstants.ROLES_HEADER)).andReturn("ROLE_TEST,ROLE_ADMIN").anyTimes();
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
response.sendError(EasyMock.anyInt());
EasyMock.expectLastCall().times(1);
EasyMock.replay(response);
try {
filter.doFilter(request, response, chain);
} catch (Exception e) {
Assert.fail(e.getMessage());
}
EasyMock.verify(response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
JaxbRole(org.opencastproject.security.api.JaxbRole)
SecurityService(org.opencastproject.security.api.SecurityService)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
JaxbUser(org.opencastproject.security.api.JaxbUser)
IOException(java.io.IOException)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
Test(org.junit.Test)
Example 33 with JaxbRole
use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.
the class OrganizationPersistenceTest method setUp.
/**
* @throws java.lang.Exception
*/
@Before
public void setUp() throws Exception {
securityService = EasyMock.createNiceMock(SecurityService.class);
User user = new JaxbUser("admin", "test", new DefaultOrganization(), new JaxbRole(SecurityConstants.GLOBAL_ADMIN_ROLE, new DefaultOrganization()));
EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
EasyMock.replay(securityService);
organizationDatabase = new OrganizationDatabaseImpl();
organizationDatabase.setEntityManagerFactory(newTestEntityManagerFactory(PERSISTENCE_UNIT));
organizationDatabase.setSecurityService(securityService);
organizationDatabase.activate(null);
}
Also used :
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
JaxbRole(org.opencastproject.security.api.JaxbRole)
SecurityService(org.opencastproject.security.api.SecurityService)
JaxbUser(org.opencastproject.security.api.JaxbUser)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
Before(org.junit.Before)
Example 34 with JaxbRole
use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.
the class SecurityServiceSpringImpl method getUser.
/**
* {@inheritDoc}
*
* @see org.opencastproject.security.api.SecurityService#getUser()
*/
@Override
public User getUser() throws IllegalStateException {
Organization org = getOrganization();
if (org == null)
throw new IllegalStateException("No organization is set in security context");
User delegatedUser = delegatedUserHolder.get();
if (delegatedUser != null) {
return delegatedUser;
}
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(org);
if (auth != null) {
Object principal = auth.getPrincipal();
if ((principal != null) && (principal instanceof UserDetails)) {
UserDetails userDetails = (UserDetails) principal;
User user = null;
// If user exists, fetch it from the userDirectory
if (userDirectory != null) {
user = userDirectory.loadUser(userDetails.getUsername());
if (user == null) {
logger.debug("Authenticated user '{}' could not be found in any of the current UserProviders. Continuing anyway...", userDetails.getUsername());
}
} else {
logger.debug("No UserDirectory was found when trying to search for user '{}'", userDetails.getUsername());
}
// Add the roles (authorities) in the security context
Set<JaxbRole> roles = new HashSet<JaxbRole>();
Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
if (authorities != null) {
for (GrantedAuthority ga : authorities) {
roles.add(new JaxbRole(ga.getAuthority(), jaxbOrganization));
}
}
if (user == null) {
// No user was found. Create one to hold the auth information from the security context
user = new JaxbUser(userDetails.getUsername(), null, jaxbOrganization, roles);
} else {
// Combine the existing user with the roles in the security context
user = JaxbUser.fromUser(user, roles);
}
// Save the user to retrieve it quicker the next time(s) this method is called (by this thread)
delegatedUserHolder.set(user);
return user;
}
}
// Return the anonymous user by default
return SecurityUtil.createAnonymousUser(jaxbOrganization);
}
Also used :
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
Organization(org.opencastproject.security.api.Organization)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
JaxbUser(org.opencastproject.security.api.JaxbUser)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
JaxbRole(org.opencastproject.security.api.JaxbRole)
Authentication(org.springframework.security.core.Authentication)
HashSet(java.util.HashSet)
Example 35 with JaxbRole
use of org.opencastproject.security.api.JaxbRole in project opencast by opencast.
the class XACMLSecurityTest method testSecurity.
@Test
public void testSecurity() throws Exception {
// Create a mediapackage and some role/action tuples
MediaPackage mediapackage = MediaPackageBuilderFactory.newInstance().newMediaPackageBuilder().createNew();
// Get default ACL
AccessControlList defaultAcl = authzService.getActiveAcl(mediapackage).getA();
Assert.assertEquals(0, defaultAcl.getEntries().size());
// Default with series
mediapackage.setSeries("123");
defaultAcl = authzService.getActiveAcl(mediapackage).getA();
Assert.assertEquals(0, defaultAcl.getEntries().size());
AccessControlList aclSeries1 = new AccessControlList();
List<AccessControlEntry> entriesSeries1 = aclSeries1.getEntries();
entriesSeries1.add(new AccessControlEntry("admin", "delete", true));
entriesSeries1.add(new AccessControlEntry("admin", "read", true));
entriesSeries1.add(new AccessControlEntry("student", "read", true));
entriesSeries1.add(new AccessControlEntry("student", "comment", true));
entriesSeries1.add(new AccessControlEntry(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, "read", true));
entriesSeries1.add(new AccessControlEntry(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, "comment", false));
AccessControlList aclSeries2 = new AccessControlList();
List<AccessControlEntry> entriesSeries2 = aclSeries2.getEntries();
entriesSeries2.add(new AccessControlEntry("admin", "delete", true));
entriesSeries2.add(new AccessControlEntry("admin", "read", true));
entriesSeries2.add(new AccessControlEntry("student", "read", false));
entriesSeries2.add(new AccessControlEntry("student", "comment", false));
entriesSeries2.add(new AccessControlEntry(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, "read", true));
entriesSeries2.add(new AccessControlEntry(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, "comment", false));
AccessControlList aclEpisode = new AccessControlList();
// Add the security policy to the mediapackage
authzService.setAcl(mediapackage, AclScope.Series, aclSeries1);
// Ensure that the permissions specified are respected by the security service
currentRoles.clear();
currentRoles.add(new JaxbRole("admin", organization, ""));
Assert.assertTrue(authzService.hasPermission(mediapackage, "delete"));
Assert.assertTrue(authzService.hasPermission(mediapackage, "read"));
Assert.assertFalse(authzService.hasPermission(mediapackage, "comment"));
currentRoles.clear();
currentRoles.add(new JaxbRole("student", organization, ""));
Assert.assertFalse(authzService.hasPermission(mediapackage, "delete"));
Assert.assertTrue(authzService.hasPermission(mediapackage, "read"));
Assert.assertTrue(authzService.hasPermission(mediapackage, "comment"));
currentRoles.clear();
currentRoles.add(new JaxbRole("admin", organization));
mediapackage = authzService.setAcl(mediapackage, AclScope.Episode, aclEpisode).getA();
Assert.assertEquals(AclScope.Episode, authzService.getActiveAcl(mediapackage).getB());
Assert.assertFalse(authzService.hasPermission(mediapackage, "delete"));
Assert.assertFalse(authzService.hasPermission(mediapackage, "read"));
Assert.assertFalse(authzService.hasPermission(mediapackage, "comment"));
mediapackage = authzService.removeAcl(mediapackage, AclScope.Episode);
AccessControlList computedAcl = authzService.getActiveAcl(mediapackage).getA();
Assert.assertEquals("ACLs are the same size?", entriesSeries1.size(), computedAcl.getEntries().size());
Assert.assertTrue("ACLs contain the same ACEs?", computedAcl.getEntries().containsAll(entriesSeries1));
authzService.setAcl(mediapackage, AclScope.Series, aclSeries2);
currentRoles.clear();
currentRoles.add(new JaxbRole("student", organization));
Assert.assertFalse(authzService.hasPermission(mediapackage, "delete"));
Assert.assertFalse(authzService.hasPermission(mediapackage, "read"));
Assert.assertFalse(authzService.hasPermission(mediapackage, "comment"));
currentRoles.clear();
currentRoles.add(new JaxbRole(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, organization, ""));
Assert.assertFalse(authzService.hasPermission(mediapackage, "delete"));
Assert.assertTrue(authzService.hasPermission(mediapackage, "read"));
Assert.assertFalse(authzService.hasPermission(mediapackage, "comment"));
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
JaxbRole(org.opencastproject.security.api.JaxbRole)
MediaPackage(org.opencastproject.mediapackage.MediaPackage)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
Test(org.junit.Test)
Aggregations
JaxbRole (org.opencastproject.security.api.JaxbRole)66
JaxbUser (org.opencastproject.security.api.JaxbUser)53
User (org.opencastproject.security.api.User)45
DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)39
SecurityService (org.opencastproject.security.api.SecurityService)39
Before (org.junit.Before)30
JaxbOrganization (org.opencastproject.security.api.JaxbOrganization)25
HashSet (java.util.HashSet)18
OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)18
Organization (org.opencastproject.security.api.Organization)17
UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)17
Test (org.junit.Test)14
Role (org.opencastproject.security.api.Role)13
Workspace (org.opencastproject.workspace.api.Workspace)13
ServiceRegistryInMemoryImpl (org.opencastproject.serviceregistry.api.ServiceRegistryInMemoryImpl)11
URI (java.net.URI)10
BundleContext (org.osgi.framework.BundleContext)10
ComponentContext (org.osgi.service.component.ComponentContext)10
File (java.io.File)9
ArrayList (java.util.ArrayList)9
