use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class LiveScheduleServiceImplTest method setUp.
@Before
public void setUp() throws Exception {
mimeType = MimeTypes.parseMimeType(MIME_TYPE);
// Osgi Services
serviceRegistry = EasyMock.createNiceMock(ServiceRegistry.class);
searchService = EasyMock.createNiceMock(SearchService.class);
seriesService = EasyMock.createNiceMock(SeriesService.class);
captureAgentService = EasyMock.createNiceMock(CaptureAgentStateService.class);
EasyMock.expect(captureAgentService.getAgentCapabilities("demo-capture-agent")).andReturn(new Properties());
downloadDistributionService = EasyMock.createNiceMock(DownloadDistributionService.class);
EasyMock.expect(downloadDistributionService.getDistributionType()).andReturn(LiveScheduleServiceImpl.DEFAULT_LIVE_DISTRIBUTION_SERVICE).anyTimes();
workspace = EasyMock.createNiceMock(Workspace.class);
EasyMock.expect(workspace.put(EasyMock.anyString(), EasyMock.anyString(), EasyMock.anyString(), EasyMock.anyObject(InputStream.class))).andReturn(new URI("http://someUrl"));
dublinCoreService = EasyMock.createNiceMock(DublinCoreCatalogService.class);
assetManager = EasyMock.createNiceMock(AssetManager.class);
authService = new AuthorizationServiceMock();
organizationService = EasyMock.createNiceMock(OrganizationDirectoryService.class);
Organization defOrg = new DefaultOrganization();
Map<String, String> orgProps = new HashMap<String, String>();
orgProps.put(LiveScheduleServiceImpl.PLAYER_PROPERTY, PATH_TO_PLAYER);
orgProps.put(LiveScheduleServiceImpl.ENGAGE_URL_PROPERTY, ENGAGE_URL);
org = new JaxbOrganization(ORG_ID, "Test Organization", defOrg.getServers(), defOrg.getAdminRole(), defOrg.getAnonymousRole(), orgProps);
EasyMock.expect(organizationService.getOrganization(ORG_ID)).andReturn(org).anyTimes();
// Live service configuration
BundleContext bc = EasyMock.createNiceMock(BundleContext.class);
Dictionary<String, Object> props = new Hashtable<String, Object>();
props.put(LiveScheduleServiceImpl.LIVE_STREAMING_URL, STREAMING_SERVER_URL);
props.put(LiveScheduleServiceImpl.LIVE_STREAM_MIME_TYPE, "video/x-flv");
props.put(LiveScheduleServiceImpl.LIVE_STREAM_NAME, STREAM_NAME);
props.put(LiveScheduleServiceImpl.LIVE_STREAM_RESOLUTION, "1920x540,960x270");
props.put(LiveScheduleServiceImpl.LIVE_TARGET_FLAVORS, "presenter/delivery");
cc = EasyMock.createNiceMock(ComponentContext.class);
EasyMock.expect(cc.getBundleContext()).andReturn(bc);
EasyMock.expect(cc.getProperties()).andReturn(props);
EasyMock.replay(bc, cc);
service = new LiveScheduleServiceImpl();
service.setJobPollingInterval(1L);
service.setSearchService(searchService);
service.setSeriesService(seriesService);
service.setCaptureAgentService(captureAgentService);
service.setServiceRegistry(serviceRegistry);
service.setWorkspace(workspace);
service.setDublinCoreService(dublinCoreService);
service.setAssetManager(assetManager);
service.setAuthorizationService(authService);
service.setOrganizationService(organizationService);
service.activate(cc);
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class ServiceRegistrationTest method setUp.
@Before
public void setUp() throws Exception {
serviceRegistry = new ServiceRegistryJpaImpl();
serviceRegistry.setEntityManagerFactory(PersistenceUtil.newTestEntityManagerFactory(ServiceRegistryJpaImpl.PERSISTENCE_UNIT));
serviceRegistry.activate(null);
Organization organization = new DefaultOrganization();
OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
expect(organizationDirectoryService.getOrganization((String) anyObject())).andReturn(organization).anyTimes();
EasyMock.replay(organizationDirectoryService);
serviceRegistry.setOrganizationDirectoryService(organizationDirectoryService);
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
User anonymous = new JaxbUser("anonymous", "test", jaxbOrganization, new JaxbRole(jaxbOrganization.getAnonymousRole(), jaxbOrganization));
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
expect(securityService.getUser()).andReturn(anonymous).anyTimes();
expect(securityService.getOrganization()).andReturn(organization).anyTimes();
EasyMock.replay(securityService);
serviceRegistry.setSecurityService(securityService);
// The service registry will automatically register this host with the available number of processors.
// This is potentially ruining our test setup.
serviceRegistry.unregisterHost(LOCALHOST);
// register the hosts
serviceRegistry.registerHost(LOCALHOST, "127.0.0.1", 1024, 1, 1);
serviceRegistry.registerHost(REMOTEHOST_1, "127.0.0.1", 1024, 1, 1);
serviceRegistry.registerHost(REMOTEHOST_2, "127.0.0.1", 1024, 1, 1);
// register some service instances
regType1Localhost = (ServiceRegistrationJpaImpl) serviceRegistry.registerService(JOB_TYPE_1, LOCALHOST, PATH_1);
regType1Remotehost1 = (ServiceRegistrationJpaImpl) serviceRegistry.registerService(JOB_TYPE_1, REMOTEHOST_1, PATH_1);
regType1Remotehost2 = (ServiceRegistrationJpaImpl) serviceRegistry.registerService(JOB_TYPE_1, REMOTEHOST_2, PATH_2);
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class ServiceRegistryJpaImplTest method setUpServiceRegistryJpaImpl.
public void setUpServiceRegistryJpaImpl() throws PropertyVetoException, NotFoundException, TrustedHttpClientException {
serviceRegistryJpaImpl = new ServiceRegistryJpaImpl();
serviceRegistryJpaImpl.setEntityManagerFactory(emf);
Organization organization = new DefaultOrganization();
OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
EasyMock.expect(organizationDirectoryService.getOrganization((String) EasyMock.anyObject())).andReturn(organization).anyTimes();
EasyMock.replay(organizationDirectoryService);
serviceRegistryJpaImpl.setOrganizationDirectoryService(organizationDirectoryService);
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
User anonymous = new JaxbUser("anonymous", "test", jaxbOrganization, new JaxbRole(jaxbOrganization.getAnonymousRole(), jaxbOrganization));
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
EasyMock.expect(securityService.getUser()).andReturn(anonymous).anyTimes();
EasyMock.expect(securityService.getOrganization()).andReturn(organization).anyTimes();
EasyMock.replay(securityService);
serviceRegistryJpaImpl.setSecurityService(securityService);
UserDirectoryService userDirectoryService = EasyMock.createNiceMock(UserDirectoryService.class);
EasyMock.expect(userDirectoryService.loadUser(EasyMock.anyString())).andReturn(anonymous).anyTimes();
EasyMock.replay(userDirectoryService);
serviceRegistryJpaImpl.setUserDirectoryService(userDirectoryService);
final Capture<HttpUriRequest> request = EasyMock.newCapture();
final BasicHttpResponse successRespone = new BasicHttpResponse(new BasicStatusLine(new HttpVersion(1, 1), HttpStatus.SC_NO_CONTENT, "No message"));
final BasicHttpResponse unavailableResponse = new BasicHttpResponse(new BasicStatusLine(new HttpVersion(1, 1), HttpStatus.SC_SERVICE_UNAVAILABLE, "No message"));
TrustedHttpClient trustedHttpClient = EasyMock.createNiceMock(TrustedHttpClient.class);
EasyMock.expect(trustedHttpClient.execute(EasyMock.capture(request))).andAnswer(new IAnswer<HttpResponse>() {
@Override
public HttpResponse answer() throws Throwable {
if (!request.hasCaptured())
return unavailableResponse;
if (request.getValue().getURI().toString().contains(TEST_PATH))
return unavailableResponse;
if (request.getValue().getURI().toString().contains(TEST_PATH_3))
return unavailableResponse;
return successRespone;
}
}).anyTimes();
EasyMock.replay(trustedHttpClient);
serviceRegistryJpaImpl.setTrustedHttpClient(trustedHttpClient);
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class TestSeriesEndpoint method createListProviderService.
private ListProvidersService createListProviderService(List<User> users) {
UserDirectoryService userDirectoryService = EasyMock.createMock(UserDirectoryService.class);
EasyMock.expect(userDirectoryService.findUsers("%", 0, 0)).andReturn(users.iterator()).anyTimes();
EasyMock.replay(userDirectoryService);
UsersListProvider userListProvider = new UsersListProvider();
userListProvider.setUserDirectoryService(userDirectoryService);
ListProvidersServiceImpl listProvidersServiceImpl = new ListProvidersServiceImpl();
listProvidersServiceImpl.addProvider(userListProvider);
listProvidersServiceImpl.addProvider(new ResourceListProvider() {
@Override
public String[] getListNames() {
return new String[] { "LANGUAGES" };
}
@Override
public Map<String, String> getList(String listName, ResourceListQuery query, Organization organization) {
return new HashMap<>();
}
@Override
public boolean isTranslatable(String listName) {
return false;
}
@Override
public String getDefault() {
return null;
}
});
return listProvidersServiceImpl;
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class RemoteUserAndOrganizationFilter method doFilter.
/**
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
* javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
// Keep the original organization and user
final Organization originalOrganization = securityService.getOrganization();
final User originalUser = securityService.getUser();
// Organization and user as specified by the request
Organization requestedOrganization = originalOrganization;
User requestedUser = originalUser;
try {
// See if there is an organization provided in the request
String organizationHeader = httpRequest.getHeader(ORGANIZATION_HEADER);
if (StringUtils.isNotBlank(organizationHeader)) {
// Organization switching is only allowed if the request is coming in with the global admin role enabled
if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) {
logger.warn("An unauthorized request is trying to switch from organization '{}' to '{}'", originalOrganization.getId(), organizationHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
try {
requestedOrganization = organizationDirectory.getOrganization(organizationHeader);
securityService.setOrganization(requestedOrganization);
logger.trace("Switching to organization '{}' from request header {}", requestedOrganization.getId(), ORGANIZATION_HEADER);
} catch (NotFoundException e) {
logger.warn("Non-existing organization '{}' specified in request header {}", organizationHeader, ORGANIZATION_HEADER);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
} else {
logger.trace("Request organization remains '{}'", originalOrganization.getId());
}
// See if there is a user provided in the request
String userHeader = httpRequest.getHeader(USER_HEADER);
if (StringUtils.isBlank(userHeader)) {
userHeader = httpRequest.getHeader(RUN_AS_USER_HEADER);
}
if (StringUtils.isNotBlank(userHeader)) {
// User switching is only allowed if the request is coming in with the global sudo role enabled
if (!originalUser.hasRole(GLOBAL_SUDO_ROLE)) {
logger.warn("An unauthorized request is trying to switch from user '{}' to '{}'", originalUser.getUsername(), userHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
if (SecurityConstants.GLOBAL_ANONYMOUS_USERNAME.equals(userHeader)) {
requestedUser = SecurityUtil.createAnonymousUser(requestedOrganization);
logger.trace("Request user is switched to '{}'", requestedUser.getUsername());
} else {
requestedUser = userDirectory.loadUser(userHeader);
// Does the target user exist?
if (requestedUser == null) {
logger.warn("Unable to switch to non-existing user '{}' as specified in request header {}", userHeader, USER_HEADER);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) {
// if the original user did not have system privileges, the target user must not gain those, either.
for (String systemRole : GLOBAL_SYSTEM_ROLES) {
if (requestedUser.hasRole(systemRole)) {
logger.warn("An unauthorized request is trying to switch to an admin user, from '{}' to '{}'", originalUser.getUsername(), userHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
// make sure the user does not gain organization administrator privileges
String organizationAdminRole = requestedOrganization.getAdminRole();
if (requestedUser.hasRole(organizationAdminRole)) {
logger.warn("An unauthorized request is trying to switch to an admin user, from '{}' to '{}'", originalUser.getUsername(), userHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
}
logger.trace("Switching from user '{}' to user '{}' from request header '{}'", originalUser.getUsername(), requestedUser.getUsername(), USER_HEADER);
securityService.setUser(requestedUser);
}
// See if there are roles provided in the request
String rolesHeader = httpRequest.getHeader(ROLES_HEADER);
if (StringUtils.isBlank(rolesHeader)) {
rolesHeader = httpRequest.getHeader(RUN_WITH_ROLES);
}
if (StringUtils.isNotBlank(rolesHeader)) {
// Role switching is only allowed if the request is coming in with the global sudo role enabled
if (!originalUser.hasRole(GLOBAL_SUDO_ROLE)) {
logger.warn("An unauthorized request is trying to switch roles from '{}' to '{}'", requestedUser.getRoles(), rolesHeader);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
Collection<String> requestedRoles = Arrays.asList(StringUtils.split(rolesHeader, ","));
if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) {
// Role switching is only allowed to non-system roles
for (String systemRole : GLOBAL_SYSTEM_ROLES) {
if (requestedRoles.contains(systemRole)) {
logger.warn("An unauthorized request by user '{}' is trying to gain admin role '{}'", originalUser.getUsername(), systemRole);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
// Role switching is only allowed to non-organization administrator roles
String organizationAdminRole = requestedOrganization.getAdminRole();
if (requestedRoles.contains(organizationAdminRole)) {
logger.warn("An unauthorized request by user '{}' is trying to gain admin role '{}'", originalUser.getUsername(), organizationAdminRole);
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
// If no user has been provider by the request create a virtual user
if (StringUtils.isBlank(userHeader)) {
requestedUser = SecurityUtil.createAnonymousUser(requestedOrganization);
}
// Set roles to requested user
requestedUser = new JaxbUser(requestedUser.getUsername(), requestedUser.getPassword(), requestedUser.getName(), requestedUser.getEmail(), requestedUser.getProvider(), requestedUser.canLogin(), JaxbOrganization.fromOrganization(requestedUser.getOrganization()), Stream.$(requestedRoles).map(toJaxbRole._2(requestedOrganization)).toSet());
logger.trace("Request roles '{}' are amended to user '{}'", rolesHeader, requestedUser.getUsername());
securityService.setUser(requestedUser);
}
// Execute the rest of the filter chain
logger.trace("Executing the filter chain with user '{}@{}'", requestedUser.getUsername(), requestedOrganization.getId());
chain.doFilter(httpRequest, response);
} finally {
securityService.setOrganization(originalOrganization);
securityService.setUser(originalUser);
}
}
Aggregations