Example 16 with JaxbUser
use of org.opencastproject.security.api.JaxbUser in project opencast by opencast.
the class ServiceRegistrationTest method setUp.
@Before
public void setUp() throws Exception {
serviceRegistry = new ServiceRegistryJpaImpl();
serviceRegistry.setEntityManagerFactory(PersistenceUtil.newTestEntityManagerFactory(ServiceRegistryJpaImpl.PERSISTENCE_UNIT));
serviceRegistry.activate(null);
Organization organization = new DefaultOrganization();
OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
expect(organizationDirectoryService.getOrganization((String) anyObject())).andReturn(organization).anyTimes();
EasyMock.replay(organizationDirectoryService);
serviceRegistry.setOrganizationDirectoryService(organizationDirectoryService);
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
User anonymous = new JaxbUser("anonymous", "test", jaxbOrganization, new JaxbRole(jaxbOrganization.getAnonymousRole(), jaxbOrganization));
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
expect(securityService.getUser()).andReturn(anonymous).anyTimes();
expect(securityService.getOrganization()).andReturn(organization).anyTimes();
EasyMock.replay(securityService);
serviceRegistry.setSecurityService(securityService);
// The service registry will automatically register this host with the available number of processors.
// This is potentially ruining our test setup.
serviceRegistry.unregisterHost(LOCALHOST);
// register the hosts
serviceRegistry.registerHost(LOCALHOST, "127.0.0.1", 1024, 1, 1);
serviceRegistry.registerHost(REMOTEHOST_1, "127.0.0.1", 1024, 1, 1);
serviceRegistry.registerHost(REMOTEHOST_2, "127.0.0.1", 1024, 1, 1);
// register some service instances
regType1Localhost = (ServiceRegistrationJpaImpl) serviceRegistry.registerService(JOB_TYPE_1, LOCALHOST, PATH_1);
regType1Remotehost1 = (ServiceRegistrationJpaImpl) serviceRegistry.registerService(JOB_TYPE_1, REMOTEHOST_1, PATH_1);
regType1Remotehost2 = (ServiceRegistrationJpaImpl) serviceRegistry.registerService(JOB_TYPE_1, REMOTEHOST_2, PATH_2);
}
Also used :
Organization(org.opencastproject.security.api.Organization)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
JaxbRole(org.opencastproject.security.api.JaxbRole)
SecurityService(org.opencastproject.security.api.SecurityService)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
JaxbUser(org.opencastproject.security.api.JaxbUser)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService)
Before(org.junit.Before)
Example 17 with JaxbUser
use of org.opencastproject.security.api.JaxbUser in project opencast by opencast.
the class ServiceRegistryJpaImplTest method setUpServiceRegistryJpaImpl.
public void setUpServiceRegistryJpaImpl() throws PropertyVetoException, NotFoundException, TrustedHttpClientException {
serviceRegistryJpaImpl = new ServiceRegistryJpaImpl();
serviceRegistryJpaImpl.setEntityManagerFactory(emf);
Organization organization = new DefaultOrganization();
OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
EasyMock.expect(organizationDirectoryService.getOrganization((String) EasyMock.anyObject())).andReturn(organization).anyTimes();
EasyMock.replay(organizationDirectoryService);
serviceRegistryJpaImpl.setOrganizationDirectoryService(organizationDirectoryService);
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
User anonymous = new JaxbUser("anonymous", "test", jaxbOrganization, new JaxbRole(jaxbOrganization.getAnonymousRole(), jaxbOrganization));
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
EasyMock.expect(securityService.getUser()).andReturn(anonymous).anyTimes();
EasyMock.expect(securityService.getOrganization()).andReturn(organization).anyTimes();
EasyMock.replay(securityService);
serviceRegistryJpaImpl.setSecurityService(securityService);
UserDirectoryService userDirectoryService = EasyMock.createNiceMock(UserDirectoryService.class);
EasyMock.expect(userDirectoryService.loadUser(EasyMock.anyString())).andReturn(anonymous).anyTimes();
EasyMock.replay(userDirectoryService);
serviceRegistryJpaImpl.setUserDirectoryService(userDirectoryService);
final Capture<HttpUriRequest> request = EasyMock.newCapture();
final BasicHttpResponse successRespone = new BasicHttpResponse(new BasicStatusLine(new HttpVersion(1, 1), HttpStatus.SC_NO_CONTENT, "No message"));
final BasicHttpResponse unavailableResponse = new BasicHttpResponse(new BasicStatusLine(new HttpVersion(1, 1), HttpStatus.SC_SERVICE_UNAVAILABLE, "No message"));
TrustedHttpClient trustedHttpClient = EasyMock.createNiceMock(TrustedHttpClient.class);
EasyMock.expect(trustedHttpClient.execute(EasyMock.capture(request))).andAnswer(new IAnswer<HttpResponse>() {
@Override
public HttpResponse answer() throws Throwable {
if (!request.hasCaptured())
return unavailableResponse;
if (request.getValue().getURI().toString().contains(TEST_PATH))
return unavailableResponse;
if (request.getValue().getURI().toString().contains(TEST_PATH_3))
return unavailableResponse;
return successRespone;
}
}).anyTimes();
EasyMock.replay(trustedHttpClient);
serviceRegistryJpaImpl.setTrustedHttpClient(trustedHttpClient);
}
Also used :
HttpUriRequest(org.apache.http.client.methods.HttpUriRequest)
TrustedHttpClient(org.opencastproject.security.api.TrustedHttpClient)
Organization(org.opencastproject.security.api.Organization)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
JaxbUser(org.opencastproject.security.api.JaxbUser)
UserDirectoryService(org.opencastproject.security.api.UserDirectoryService)
BasicStatusLine(org.apache.http.message.BasicStatusLine)
IAnswer(org.easymock.IAnswer)
BasicHttpResponse(org.apache.http.message.BasicHttpResponse)
JaxbRole(org.opencastproject.security.api.JaxbRole)
SecurityService(org.opencastproject.security.api.SecurityService)
HttpVersion(org.apache.http.HttpVersion)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService)
Example 18 with JaxbUser
use of org.opencastproject.security.api.JaxbUser in project opencast by opencast.
the class SoxServiceTest method setUp.
@Before
public void setUp() throws Exception {
if (!soxInstalled)
return;
// Copy an existing media file to a temp file
File f = new File("src/test/resources/audio-test.flac");
source = File.createTempFile(FilenameUtils.getBaseName(f.getName()), ".flac");
FileUtils.copyFile(f, source);
f = null;
JaxbOrganization org = new DefaultOrganization();
User user = new JaxbUser("admin", "test", org, new JaxbRole(DefaultOrganization.DEFAULT_ORGANIZATION_ADMIN, org));
OrganizationDirectoryService orgDirectory = EasyMock.createNiceMock(OrganizationDirectoryService.class);
EasyMock.expect(orgDirectory.getOrganization((String) EasyMock.anyObject())).andReturn(org).anyTimes();
UserDirectoryService userDirectory = EasyMock.createNiceMock(UserDirectoryService.class);
EasyMock.expect(userDirectory.loadUser("admin")).andReturn(user).anyTimes();
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
EasyMock.expect(securityService.getOrganization()).andReturn(org).anyTimes();
EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
Workspace workspace = EasyMock.createNiceMock(Workspace.class);
EasyMock.expect(workspace.get((URI) EasyMock.anyObject())).andReturn(source).anyTimes();
BundleContext bc = EasyMock.createNiceMock(BundleContext.class);
EasyMock.expect(bc.getProperty(SoxServiceImpl.CONFIG_SOX_PATH)).andReturn(SOX_BINARY).anyTimes();
ComponentContext cc = EasyMock.createNiceMock(ComponentContext.class);
EasyMock.expect(cc.getBundleContext()).andReturn(bc).anyTimes();
IncidentService incidentService = EasyMock.createNiceMock(IncidentService.class);
// Finish setting up the mocks
EasyMock.replay(bc, cc, orgDirectory, userDirectory, securityService, workspace, incidentService);
// Create and populate the composer service
soxService = new SoxServiceImpl();
serviceRegistry = new ServiceRegistryInMemoryImpl(soxService, securityService, userDirectory, orgDirectory, incidentService);
soxService.setOrganizationDirectoryService(orgDirectory);
soxService.setSecurityService(securityService);
soxService.setServiceRegistry(serviceRegistry);
soxService.setUserDirectoryService(userDirectory);
soxService.setWorkspace(workspace);
soxService.activate(cc);
}
Also used :
IncidentService(org.opencastproject.serviceregistry.api.IncidentService)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
ComponentContext(org.osgi.service.component.ComponentContext)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
JaxbUser(org.opencastproject.security.api.JaxbUser)
URI(java.net.URI)
UserDirectoryService(org.opencastproject.security.api.UserDirectoryService)
JaxbRole(org.opencastproject.security.api.JaxbRole)
SecurityService(org.opencastproject.security.api.SecurityService)
File(java.io.File)
ServiceRegistryInMemoryImpl(org.opencastproject.serviceregistry.api.ServiceRegistryInMemoryImpl)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService)
Workspace(org.opencastproject.workspace.api.Workspace)
BundleContext(org.osgi.framework.BundleContext)
Before(org.junit.Before)
Example 19 with JaxbUser
use of org.opencastproject.security.api.JaxbUser in project opencast by opencast.
the class AdminUIEventSearchQueryTest method setUp.
@Before
public void setUp() throws Exception {
rightOrg = new JaxbOrganization(RIGHT_ORG);
wrongOrg = new JaxbOrganization(WRONG_ORG);
wrongOrgAdminUser = new JaxbUser("Wrong Org User", "Provider", wrongOrg, new JaxbRole(ORG_OWNER, wrongOrg));
totalAdmin = new JaxbUser("Total Admin User", "Provider", rightOrg, new JaxbRole(TOTAL_ADMIN, rightOrg));
noAccessUser = new JaxbUser("No Access User", "Provider", rightOrg, new JaxbRole(VIEWER, rightOrg));
wrongRolesUser = new JaxbUser("Wrong Role User", "Provider", rightOrg, new JaxbRole("Wrong:Role", rightOrg));
readAccessUser = new JaxbUser("Read Access User", "Provider", rightOrg, new JaxbRole(EDITOR, rightOrg));
writeAccessUser = new JaxbUser("Write Access User", "Provider", rightOrg, new JaxbRole(PRODUCER, rightOrg));
populateIndex();
}
Also used :
JaxbRole(org.opencastproject.security.api.JaxbRole)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
JaxbUser(org.opencastproject.security.api.JaxbUser)
Before(org.junit.Before)
Example 20 with JaxbUser
use of org.opencastproject.security.api.JaxbUser in project opencast by opencast.
the class RemoteUserAndOrganizationFilter method doFilter.
/**
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
* javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
// Keep the original organization and user
final Organization originalOrganization = securityService.getOrganization();
final User originalUser = securityService.getUser();
// Organization and user as specified by the request
Organization requestedOrganization = originalOrganization;
User requestedUser = originalUser;
try {
// See if there is an organization provided in the request
String organizationHeader = httpRequest.getHeader(ORGANIZATION_HEADER);
if (StringUtils.isNotBlank(organizationHeader)) {
// Organization switching is only allowed if the request is coming in with the global admin role enabled
if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) {
logger.warn("An unauthorized request is trying to switch from organization '{}' to '{}'", originalOrganization.getId(), organizationHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
try {
requestedOrganization = organizationDirectory.getOrganization(organizationHeader);
securityService.setOrganization(requestedOrganization);
logger.trace("Switching to organization '{}' from request header {}", requestedOrganization.getId(), ORGANIZATION_HEADER);
} catch (NotFoundException e) {
logger.warn("Non-existing organization '{}' specified in request header {}", organizationHeader, ORGANIZATION_HEADER);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
} else {
logger.trace("Request organization remains '{}'", originalOrganization.getId());
}
// See if there is a user provided in the request
String userHeader = httpRequest.getHeader(USER_HEADER);
if (StringUtils.isBlank(userHeader)) {
userHeader = httpRequest.getHeader(RUN_AS_USER_HEADER);
}
if (StringUtils.isNotBlank(userHeader)) {
// User switching is only allowed if the request is coming in with the global sudo role enabled
if (!originalUser.hasRole(GLOBAL_SUDO_ROLE)) {
logger.warn("An unauthorized request is trying to switch from user '{}' to '{}'", originalUser.getUsername(), userHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
if (SecurityConstants.GLOBAL_ANONYMOUS_USERNAME.equals(userHeader)) {
requestedUser = SecurityUtil.createAnonymousUser(requestedOrganization);
logger.trace("Request user is switched to '{}'", requestedUser.getUsername());
} else {
requestedUser = userDirectory.loadUser(userHeader);
// Does the target user exist?
if (requestedUser == null) {
logger.warn("Unable to switch to non-existing user '{}' as specified in request header {}", userHeader, USER_HEADER);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) {
// if the original user did not have system privileges, the target user must not gain those, either.
for (String systemRole : GLOBAL_SYSTEM_ROLES) {
if (requestedUser.hasRole(systemRole)) {
logger.warn("An unauthorized request is trying to switch to an admin user, from '{}' to '{}'", originalUser.getUsername(), userHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
// make sure the user does not gain organization administrator privileges
String organizationAdminRole = requestedOrganization.getAdminRole();
if (requestedUser.hasRole(organizationAdminRole)) {
logger.warn("An unauthorized request is trying to switch to an admin user, from '{}' to '{}'", originalUser.getUsername(), userHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
}
logger.trace("Switching from user '{}' to user '{}' from request header '{}'", originalUser.getUsername(), requestedUser.getUsername(), USER_HEADER);
securityService.setUser(requestedUser);
}
// See if there are roles provided in the request
String rolesHeader = httpRequest.getHeader(ROLES_HEADER);
if (StringUtils.isBlank(rolesHeader)) {
rolesHeader = httpRequest.getHeader(RUN_WITH_ROLES);
}
if (StringUtils.isNotBlank(rolesHeader)) {
// Role switching is only allowed if the request is coming in with the global sudo role enabled
if (!originalUser.hasRole(GLOBAL_SUDO_ROLE)) {
logger.warn("An unauthorized request is trying to switch roles from '{}' to '{}'", requestedUser.getRoles(), rolesHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
Collection<String> requestedRoles = Arrays.asList(StringUtils.split(rolesHeader, ","));
if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) {
// Role switching is only allowed to non-system roles
for (String systemRole : GLOBAL_SYSTEM_ROLES) {
if (requestedRoles.contains(systemRole)) {
logger.warn("An unauthorized request by user '{}' is trying to gain admin role '{}'", originalUser.getUsername(), systemRole);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
// Role switching is only allowed to non-organization administrator roles
String organizationAdminRole = requestedOrganization.getAdminRole();
if (requestedRoles.contains(organizationAdminRole)) {
logger.warn("An unauthorized request by user '{}' is trying to gain admin role '{}'", originalUser.getUsername(), organizationAdminRole);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
// If no user has been provider by the request create a virtual user
if (StringUtils.isBlank(userHeader)) {
requestedUser = SecurityUtil.createAnonymousUser(requestedOrganization);
}
// Set roles to requested user
requestedUser = new JaxbUser(requestedUser.getUsername(), requestedUser.getPassword(), requestedUser.getName(), requestedUser.getEmail(), requestedUser.getProvider(), requestedUser.canLogin(), JaxbOrganization.fromOrganization(requestedUser.getOrganization()), Stream.$(requestedRoles).map(toJaxbRole._2(requestedOrganization)).toSet());
logger.trace("Request roles '{}' are amended to user '{}'", rolesHeader, requestedUser.getUsername());
securityService.setUser(requestedUser);
}
// Execute the rest of the filter chain
logger.trace("Executing the filter chain with user '{}@{}'", requestedUser.getUsername(), requestedOrganization.getId());
chain.doFilter(httpRequest, response);
} finally {
securityService.setOrganization(originalOrganization);
securityService.setUser(originalUser);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Organization(org.opencastproject.security.api.Organization)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
NotFoundException(org.opencastproject.util.NotFoundException)
JaxbUser(org.opencastproject.security.api.JaxbUser)
Aggregations
JaxbUser (org.opencastproject.security.api.JaxbUser)63
JaxbRole (org.opencastproject.security.api.JaxbRole)54
User (org.opencastproject.security.api.User)47
DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)46
SecurityService (org.opencastproject.security.api.SecurityService)44
Before (org.junit.Before)34
JaxbOrganization (org.opencastproject.security.api.JaxbOrganization)21
OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)19
UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)19
Test (org.junit.Test)15
Organization (org.opencastproject.security.api.Organization)15
Workspace (org.opencastproject.workspace.api.Workspace)15
HashSet (java.util.HashSet)14
URI (java.net.URI)12
BundleContext (org.osgi.framework.BundleContext)12
ComponentContext (org.osgi.service.component.ComponentContext)12
ServiceRegistryInMemoryImpl (org.opencastproject.serviceregistry.api.ServiceRegistryInMemoryImpl)11
File (java.io.File)10
Job (org.opencastproject.job.api.Job)8
InputStream (java.io.InputStream)7
