Search in sources :

Example 36 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class LiveScheduleServiceImplTest method setUp.

@Before
public void setUp() throws Exception {
    mimeType = MimeTypes.parseMimeType(MIME_TYPE);
    // Osgi Services
    serviceRegistry = EasyMock.createNiceMock(ServiceRegistry.class);
    searchService = EasyMock.createNiceMock(SearchService.class);
    seriesService = EasyMock.createNiceMock(SeriesService.class);
    captureAgentService = EasyMock.createNiceMock(CaptureAgentStateService.class);
    EasyMock.expect(captureAgentService.getAgentCapabilities("demo-capture-agent")).andReturn(new Properties());
    downloadDistributionService = EasyMock.createNiceMock(DownloadDistributionService.class);
    EasyMock.expect(downloadDistributionService.getDistributionType()).andReturn(LiveScheduleServiceImpl.DEFAULT_LIVE_DISTRIBUTION_SERVICE).anyTimes();
    workspace = EasyMock.createNiceMock(Workspace.class);
    EasyMock.expect(workspace.put(EasyMock.anyString(), EasyMock.anyString(), EasyMock.anyString(), EasyMock.anyObject(InputStream.class))).andReturn(new URI("http://someUrl"));
    dublinCoreService = EasyMock.createNiceMock(DublinCoreCatalogService.class);
    assetManager = EasyMock.createNiceMock(AssetManager.class);
    authService = new AuthorizationServiceMock();
    organizationService = EasyMock.createNiceMock(OrganizationDirectoryService.class);
    Organization defOrg = new DefaultOrganization();
    Map<String, String> orgProps = new HashMap<String, String>();
    orgProps.put(LiveScheduleServiceImpl.PLAYER_PROPERTY, PATH_TO_PLAYER);
    orgProps.put(LiveScheduleServiceImpl.ENGAGE_URL_PROPERTY, ENGAGE_URL);
    org = new JaxbOrganization(ORG_ID, "Test Organization", defOrg.getServers(), defOrg.getAdminRole(), defOrg.getAnonymousRole(), orgProps);
    EasyMock.expect(organizationService.getOrganization(ORG_ID)).andReturn(org).anyTimes();
    // Live service configuration
    BundleContext bc = EasyMock.createNiceMock(BundleContext.class);
    Dictionary<String, Object> props = new Hashtable<String, Object>();
    props.put(LiveScheduleServiceImpl.LIVE_STREAMING_URL, STREAMING_SERVER_URL);
    props.put(LiveScheduleServiceImpl.LIVE_STREAM_MIME_TYPE, "video/x-flv");
    props.put(LiveScheduleServiceImpl.LIVE_STREAM_NAME, STREAM_NAME);
    props.put(LiveScheduleServiceImpl.LIVE_STREAM_RESOLUTION, "1920x540,960x270");
    props.put(LiveScheduleServiceImpl.LIVE_TARGET_FLAVORS, "presenter/delivery");
    cc = EasyMock.createNiceMock(ComponentContext.class);
    EasyMock.expect(cc.getBundleContext()).andReturn(bc);
    EasyMock.expect(cc.getProperties()).andReturn(props);
    EasyMock.replay(bc, cc);
    service = new LiveScheduleServiceImpl();
    service.setJobPollingInterval(1L);
    service.setSearchService(searchService);
    service.setSeriesService(seriesService);
    service.setCaptureAgentService(captureAgentService);
    service.setServiceRegistry(serviceRegistry);
    service.setWorkspace(workspace);
    service.setDublinCoreService(dublinCoreService);
    service.setAssetManager(assetManager);
    service.setAuthorizationService(authService);
    service.setOrganizationService(organizationService);
    service.activate(cc);
}
Also used : Organization(org.opencastproject.security.api.Organization) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) HashMap(java.util.HashMap) Properties(java.util.Properties) URI(java.net.URI) DublinCoreCatalogService(org.opencastproject.metadata.dublincore.DublinCoreCatalogService) SearchService(org.opencastproject.search.api.SearchService) CaptureAgentStateService(org.opencastproject.capture.admin.api.CaptureAgentStateService) AssetManager(org.opencastproject.assetmanager.api.AssetManager) ComponentContext(org.osgi.service.component.ComponentContext) InputStream(java.io.InputStream) Hashtable(java.util.Hashtable) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) DownloadDistributionService(org.opencastproject.distribution.api.DownloadDistributionService) SeriesService(org.opencastproject.series.api.SeriesService) ServiceRegistry(org.opencastproject.serviceregistry.api.ServiceRegistry) Workspace(org.opencastproject.workspace.api.Workspace) OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) BundleContext(org.osgi.framework.BundleContext) Before(org.junit.Before)

Example 37 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class ServiceRegistrationTest method setUp.

@Before
public void setUp() throws Exception {
    serviceRegistry = new ServiceRegistryJpaImpl();
    serviceRegistry.setEntityManagerFactory(PersistenceUtil.newTestEntityManagerFactory(ServiceRegistryJpaImpl.PERSISTENCE_UNIT));
    serviceRegistry.activate(null);
    Organization organization = new DefaultOrganization();
    OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
    expect(organizationDirectoryService.getOrganization((String) anyObject())).andReturn(organization).anyTimes();
    EasyMock.replay(organizationDirectoryService);
    serviceRegistry.setOrganizationDirectoryService(organizationDirectoryService);
    JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
    User anonymous = new JaxbUser("anonymous", "test", jaxbOrganization, new JaxbRole(jaxbOrganization.getAnonymousRole(), jaxbOrganization));
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    expect(securityService.getUser()).andReturn(anonymous).anyTimes();
    expect(securityService.getOrganization()).andReturn(organization).anyTimes();
    EasyMock.replay(securityService);
    serviceRegistry.setSecurityService(securityService);
    // The service registry will automatically register this host with the available number of processors.
    // This is potentially ruining our test setup.
    serviceRegistry.unregisterHost(LOCALHOST);
    // register the hosts
    serviceRegistry.registerHost(LOCALHOST, "127.0.0.1", 1024, 1, 1);
    serviceRegistry.registerHost(REMOTEHOST_1, "127.0.0.1", 1024, 1, 1);
    serviceRegistry.registerHost(REMOTEHOST_2, "127.0.0.1", 1024, 1, 1);
    // register some service instances
    regType1Localhost = (ServiceRegistrationJpaImpl) serviceRegistry.registerService(JOB_TYPE_1, LOCALHOST, PATH_1);
    regType1Remotehost1 = (ServiceRegistrationJpaImpl) serviceRegistry.registerService(JOB_TYPE_1, REMOTEHOST_1, PATH_1);
    regType1Remotehost2 = (ServiceRegistrationJpaImpl) serviceRegistry.registerService(JOB_TYPE_1, REMOTEHOST_2, PATH_2);
}
Also used : Organization(org.opencastproject.security.api.Organization) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) User(org.opencastproject.security.api.User) JaxbUser(org.opencastproject.security.api.JaxbUser) JaxbRole(org.opencastproject.security.api.JaxbRole) SecurityService(org.opencastproject.security.api.SecurityService) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) JaxbUser(org.opencastproject.security.api.JaxbUser) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService) Before(org.junit.Before)

Example 38 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class ServiceRegistryJpaImplTest method setUpServiceRegistryJpaImpl.

public void setUpServiceRegistryJpaImpl() throws PropertyVetoException, NotFoundException, TrustedHttpClientException {
    serviceRegistryJpaImpl = new ServiceRegistryJpaImpl();
    serviceRegistryJpaImpl.setEntityManagerFactory(emf);
    Organization organization = new DefaultOrganization();
    OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
    EasyMock.expect(organizationDirectoryService.getOrganization((String) EasyMock.anyObject())).andReturn(organization).anyTimes();
    EasyMock.replay(organizationDirectoryService);
    serviceRegistryJpaImpl.setOrganizationDirectoryService(organizationDirectoryService);
    JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
    User anonymous = new JaxbUser("anonymous", "test", jaxbOrganization, new JaxbRole(jaxbOrganization.getAnonymousRole(), jaxbOrganization));
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getUser()).andReturn(anonymous).anyTimes();
    EasyMock.expect(securityService.getOrganization()).andReturn(organization).anyTimes();
    EasyMock.replay(securityService);
    serviceRegistryJpaImpl.setSecurityService(securityService);
    UserDirectoryService userDirectoryService = EasyMock.createNiceMock(UserDirectoryService.class);
    EasyMock.expect(userDirectoryService.loadUser(EasyMock.anyString())).andReturn(anonymous).anyTimes();
    EasyMock.replay(userDirectoryService);
    serviceRegistryJpaImpl.setUserDirectoryService(userDirectoryService);
    final Capture<HttpUriRequest> request = EasyMock.newCapture();
    final BasicHttpResponse successRespone = new BasicHttpResponse(new BasicStatusLine(new HttpVersion(1, 1), HttpStatus.SC_NO_CONTENT, "No message"));
    final BasicHttpResponse unavailableResponse = new BasicHttpResponse(new BasicStatusLine(new HttpVersion(1, 1), HttpStatus.SC_SERVICE_UNAVAILABLE, "No message"));
    TrustedHttpClient trustedHttpClient = EasyMock.createNiceMock(TrustedHttpClient.class);
    EasyMock.expect(trustedHttpClient.execute(EasyMock.capture(request))).andAnswer(new IAnswer<HttpResponse>() {

        @Override
        public HttpResponse answer() throws Throwable {
            if (!request.hasCaptured())
                return unavailableResponse;
            if (request.getValue().getURI().toString().contains(TEST_PATH))
                return unavailableResponse;
            if (request.getValue().getURI().toString().contains(TEST_PATH_3))
                return unavailableResponse;
            return successRespone;
        }
    }).anyTimes();
    EasyMock.replay(trustedHttpClient);
    serviceRegistryJpaImpl.setTrustedHttpClient(trustedHttpClient);
}
Also used : HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) TrustedHttpClient(org.opencastproject.security.api.TrustedHttpClient) Organization(org.opencastproject.security.api.Organization) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) User(org.opencastproject.security.api.User) JaxbUser(org.opencastproject.security.api.JaxbUser) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) JaxbUser(org.opencastproject.security.api.JaxbUser) UserDirectoryService(org.opencastproject.security.api.UserDirectoryService) BasicStatusLine(org.apache.http.message.BasicStatusLine) IAnswer(org.easymock.IAnswer) BasicHttpResponse(org.apache.http.message.BasicHttpResponse) JaxbRole(org.opencastproject.security.api.JaxbRole) SecurityService(org.opencastproject.security.api.SecurityService) HttpVersion(org.apache.http.HttpVersion) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService)

Example 39 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class TestSeriesEndpoint method createListProviderService.

private ListProvidersService createListProviderService(List<User> users) {
    UserDirectoryService userDirectoryService = EasyMock.createMock(UserDirectoryService.class);
    EasyMock.expect(userDirectoryService.findUsers("%", 0, 0)).andReturn(users.iterator()).anyTimes();
    EasyMock.replay(userDirectoryService);
    UsersListProvider userListProvider = new UsersListProvider();
    userListProvider.setUserDirectoryService(userDirectoryService);
    ListProvidersServiceImpl listProvidersServiceImpl = new ListProvidersServiceImpl();
    listProvidersServiceImpl.addProvider(userListProvider);
    listProvidersServiceImpl.addProvider(new ResourceListProvider() {

        @Override
        public String[] getListNames() {
            return new String[] { "LANGUAGES" };
        }

        @Override
        public Map<String, String> getList(String listName, ResourceListQuery query, Organization organization) {
            return new HashMap<>();
        }

        @Override
        public boolean isTranslatable(String listName) {
            return false;
        }

        @Override
        public String getDefault() {
            return null;
        }
    });
    return listProvidersServiceImpl;
}
Also used : UsersListProvider(org.opencastproject.index.service.resources.list.provider.UsersListProvider) ResourceListProvider(org.opencastproject.index.service.resources.list.api.ResourceListProvider) Organization(org.opencastproject.security.api.Organization) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) ListProvidersServiceImpl(org.opencastproject.index.service.resources.list.impl.ListProvidersServiceImpl) ResourceListQuery(org.opencastproject.index.service.resources.list.api.ResourceListQuery) Map(java.util.Map) HashMap(java.util.HashMap) UserDirectoryService(org.opencastproject.security.api.UserDirectoryService)

Example 40 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class RemoteUserAndOrganizationFilter method doFilter.

/**
 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
 *      javax.servlet.FilterChain)
 */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    // Keep the original organization and user
    final Organization originalOrganization = securityService.getOrganization();
    final User originalUser = securityService.getUser();
    // Organization and user as specified by the request
    Organization requestedOrganization = originalOrganization;
    User requestedUser = originalUser;
    try {
        // See if there is an organization provided in the request
        String organizationHeader = httpRequest.getHeader(ORGANIZATION_HEADER);
        if (StringUtils.isNotBlank(organizationHeader)) {
            // Organization switching is only allowed if the request is coming in with the global admin role enabled
            if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) {
                logger.warn("An unauthorized request is trying to switch from organization '{}' to '{}'", originalOrganization.getId(), organizationHeader);
                ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
                return;
            }
            try {
                requestedOrganization = organizationDirectory.getOrganization(organizationHeader);
                securityService.setOrganization(requestedOrganization);
                logger.trace("Switching to organization '{}' from request header {}", requestedOrganization.getId(), ORGANIZATION_HEADER);
            } catch (NotFoundException e) {
                logger.warn("Non-existing organization '{}' specified in request header {}", organizationHeader, ORGANIZATION_HEADER);
                ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
                return;
            }
        } else {
            logger.trace("Request organization remains '{}'", originalOrganization.getId());
        }
        // See if there is a user provided in the request
        String userHeader = httpRequest.getHeader(USER_HEADER);
        if (StringUtils.isBlank(userHeader)) {
            userHeader = httpRequest.getHeader(RUN_AS_USER_HEADER);
        }
        if (StringUtils.isNotBlank(userHeader)) {
            // User switching is only allowed if the request is coming in with the global sudo role enabled
            if (!originalUser.hasRole(GLOBAL_SUDO_ROLE)) {
                logger.warn("An unauthorized request is trying to switch from user '{}' to '{}'", originalUser.getUsername(), userHeader);
                ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
                return;
            }
            if (SecurityConstants.GLOBAL_ANONYMOUS_USERNAME.equals(userHeader)) {
                requestedUser = SecurityUtil.createAnonymousUser(requestedOrganization);
                logger.trace("Request user is switched to '{}'", requestedUser.getUsername());
            } else {
                requestedUser = userDirectory.loadUser(userHeader);
                // Does the target user exist?
                if (requestedUser == null) {
                    logger.warn("Unable to switch to non-existing user '{}' as specified in request header {}", userHeader, USER_HEADER);
                    ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
                    return;
                }
                if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) {
                    // if the original user did not have system privileges, the target user must not gain those, either.
                    for (String systemRole : GLOBAL_SYSTEM_ROLES) {
                        if (requestedUser.hasRole(systemRole)) {
                            logger.warn("An unauthorized request is trying to switch to an admin user, from '{}' to '{}'", originalUser.getUsername(), userHeader);
                            ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
                            return;
                        }
                    }
                    // make sure the user does not gain organization administrator privileges
                    String organizationAdminRole = requestedOrganization.getAdminRole();
                    if (requestedUser.hasRole(organizationAdminRole)) {
                        logger.warn("An unauthorized request is trying to switch to an admin user, from '{}' to '{}'", originalUser.getUsername(), userHeader);
                        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
                        return;
                    }
                }
            }
            logger.trace("Switching from user '{}' to user '{}' from request header '{}'", originalUser.getUsername(), requestedUser.getUsername(), USER_HEADER);
            securityService.setUser(requestedUser);
        }
        // See if there are roles provided in the request
        String rolesHeader = httpRequest.getHeader(ROLES_HEADER);
        if (StringUtils.isBlank(rolesHeader)) {
            rolesHeader = httpRequest.getHeader(RUN_WITH_ROLES);
        }
        if (StringUtils.isNotBlank(rolesHeader)) {
            // Role switching is only allowed if the request is coming in with the global sudo role enabled
            if (!originalUser.hasRole(GLOBAL_SUDO_ROLE)) {
                logger.warn("An unauthorized request is trying to switch roles from '{}' to '{}'", requestedUser.getRoles(), rolesHeader);
                ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
                return;
            }
            Collection<String> requestedRoles = Arrays.asList(StringUtils.split(rolesHeader, ","));
            if (!originalUser.hasRole(GLOBAL_ADMIN_ROLE)) {
                // Role switching is only allowed to non-system roles
                for (String systemRole : GLOBAL_SYSTEM_ROLES) {
                    if (requestedRoles.contains(systemRole)) {
                        logger.warn("An unauthorized request by user '{}' is trying to gain admin role '{}'", originalUser.getUsername(), systemRole);
                        ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
                        return;
                    }
                }
                // Role switching is only allowed to non-organization administrator roles
                String organizationAdminRole = requestedOrganization.getAdminRole();
                if (requestedRoles.contains(organizationAdminRole)) {
                    logger.warn("An unauthorized request by user '{}' is trying to gain admin role '{}'", originalUser.getUsername(), organizationAdminRole);
                    ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
                    return;
                }
            }
            // If no user has been provider by the request create a virtual user
            if (StringUtils.isBlank(userHeader)) {
                requestedUser = SecurityUtil.createAnonymousUser(requestedOrganization);
            }
            // Set roles to requested user
            requestedUser = new JaxbUser(requestedUser.getUsername(), requestedUser.getPassword(), requestedUser.getName(), requestedUser.getEmail(), requestedUser.getProvider(), requestedUser.canLogin(), JaxbOrganization.fromOrganization(requestedUser.getOrganization()), Stream.$(requestedRoles).map(toJaxbRole._2(requestedOrganization)).toSet());
            logger.trace("Request roles '{}' are amended to user '{}'", rolesHeader, requestedUser.getUsername());
            securityService.setUser(requestedUser);
        }
        // Execute the rest of the filter chain
        logger.trace("Executing the filter chain with user '{}@{}'", requestedUser.getUsername(), requestedOrganization.getId());
        chain.doFilter(httpRequest, response);
    } finally {
        securityService.setOrganization(originalOrganization);
        securityService.setUser(originalUser);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Organization(org.opencastproject.security.api.Organization) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) User(org.opencastproject.security.api.User) JaxbUser(org.opencastproject.security.api.JaxbUser) HttpServletResponse(javax.servlet.http.HttpServletResponse) NotFoundException(org.opencastproject.util.NotFoundException) JaxbUser(org.opencastproject.security.api.JaxbUser)

Aggregations

Organization (org.opencastproject.security.api.Organization)135 User (org.opencastproject.security.api.User)60 DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)46 NotFoundException (org.opencastproject.util.NotFoundException)43 JaxbOrganization (org.opencastproject.security.api.JaxbOrganization)29 SecurityService (org.opencastproject.security.api.SecurityService)29 IOException (java.io.IOException)24 Before (org.junit.Before)24 ArrayList (java.util.ArrayList)23 AccessControlList (org.opencastproject.security.api.AccessControlList)22 OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)22 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)22 JaxbRole (org.opencastproject.security.api.JaxbRole)21 MediaPackage (org.opencastproject.mediapackage.MediaPackage)20 JaxbUser (org.opencastproject.security.api.JaxbUser)20 UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)19 File (java.io.File)18 HashMap (java.util.HashMap)17 WorkflowInstance (org.opencastproject.workflow.api.WorkflowInstance)17 Test (org.junit.Test)15