Example 6 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.
the class ActionRunnerTest method testCallWithStreamProviderAndVarargsAction.
@Test
public void testCallWithStreamProviderAndVarargsAction() throws Exception {
Map<String, Serializable> paramsMap = createMapWithUserLocale();
TestVarArgsAction testVarArgsAction = new TestVarArgsAction();
IBackgroundExecutionStreamProvider mockStreamProvider = Mockito.mock(IBackgroundExecutionStreamProvider.class);
InputStream mockInputStream = Mockito.mock(InputStream.class);
OutputStream mockOutputStream = Mockito.mock(OutputStream.class);
when(mockStreamProvider.getInputStream()).thenReturn(mockInputStream);
String mockOutputPath = "/someUser/someOutput";
when(mockStreamProvider.getOutputPath()).thenReturn(mockOutputPath);
when(mockStreamProvider.getOutputStream()).thenReturn(mockOutputStream);
ISecurityHelper mockSecurityHelper = Mockito.mock(ISecurityHelper.class);
SecurityHelper.setMockInstance(mockSecurityHelper);
when(mockSecurityHelper.runAsUser(Mockito.anyString(), Mockito.any())).thenReturn(mockOutputPath);
PowerMockito.mockStatic(PentahoSystem.class);
IUnifiedRepository mockRepository = Mockito.mock(IUnifiedRepository.class);
when(PentahoSystem.get(isA(IUnifiedRepository.class.getClass()), Mockito.any())).thenReturn(mockRepository);
IAuthorizationPolicy mockAuthorizationPolicy = Mockito.mock(IAuthorizationPolicy.class);
when(PentahoSystem.get(isA(IAuthorizationPolicy.class.getClass()), Mockito.any())).thenReturn(mockAuthorizationPolicy);
when(mockAuthorizationPolicy.isAllowed(SchedulerOutputPathResolver.SCHEDULER_ACTION_NAME)).thenReturn(true);
String repoId = "SOME_REPO_ID";
Map<String, Serializable> dummyMetaData = new HashMap<>();
dummyMetaData.put(RepositoryFile.SCHEDULABLE_KEY, true);
when(mockRepository.getFileMetadata(repoId)).thenReturn(dummyMetaData);
RepositoryFile mockRepoFile = Mockito.mock(RepositoryFile.class);
when(mockRepoFile.isFolder()).thenReturn(true);
when(mockRepoFile.getId()).thenReturn(repoId);
ActionRunner actionRunner = new ActionRunner(testVarArgsAction, "actionUser", paramsMap, mockStreamProvider);
actionRunner.call();
assertThat(testVarArgsAction.isExecuteWasCalled(), is(true));
}
Also used :
IBackgroundExecutionStreamProvider(org.pentaho.platform.api.scheduler2.IBackgroundExecutionStreamProvider)
Serializable(java.io.Serializable)
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
HashMap(java.util.HashMap)
InputStream(java.io.InputStream)
OutputStream(java.io.OutputStream)
ISecurityHelper(org.pentaho.platform.api.engine.ISecurityHelper)
TestVarArgsAction(org.pentaho.platform.engine.services.actions.TestVarArgsAction)
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
IUnifiedRepository(org.pentaho.platform.api.repository2.unified.IUnifiedRepository)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 7 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.
the class SpringSecurityLoginModuleTest method testExceptions.
@Test
public void testExceptions() throws Exception {
// clear any authentication
SecurityContextHolder.getContext().setAuthentication(null);
Subject subject = new Subject();
TestCallbackHandler testCallbackHandler = new TestCallbackHandler("joe");
SpringSecurityLoginModule loginModule = new SpringSecurityLoginModule();
AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
IUserRoleListService userRoleListService = mock(IUserRoleListService.class);
IAuthorizationPolicy authorizationPolicy = mock(IAuthorizationPolicy.class);
Authentication authentication = mock(Authentication.class);
Collection authorities = Arrays.asList(new GrantedAuthority[] { new SimpleGrantedAuthority("Authenticated"), new SimpleGrantedAuthority("Administrator") });
Authentication authentication2 = mock(Authentication.class);
Collection authorities2 = Arrays.asList(new GrantedAuthority[] { new SimpleGrantedAuthority("Authenticated"), new SimpleGrantedAuthority("ceo") });
PentahoSystem.registerObject(userRoleListService, IUserRoleListService.class);
when(authorizationPolicy.isAllowed(AdministerSecurityAction.NAME)).thenReturn(true).thenReturn(true).thenReturn(false);
when(authentication.getAuthorities()).thenReturn(authorities);
when(authentication.getName()).thenReturn("joe");
when(authentication.isAuthenticated()).thenReturn(true);
when(authentication2.getAuthorities()).thenReturn(authorities2);
when(authentication2.getName()).thenReturn("pat");
when(authentication2.isAuthenticated()).thenReturn(true);
when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("joe")))).thenReturn(authentication);
when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("pat")))).thenReturn(authentication);
when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("suzy")))).thenThrow(new UsernameNotFoundException("Error"));
when(userRoleListService.getRolesForUser(null, "joe")).thenReturn(Arrays.<String>asList("Authenticated", "Administrator"));
when(userRoleListService.getRolesForUser(null, "pat")).thenReturn(Arrays.<String>asList("Authenticated", "ceo"));
loginModule.setAuthenticationManager(authenticationManager);
loginModule.setAuthorizationPolicy(authorizationPolicy);
// test a successful run
loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
loginModule.login();
loginModule.commit();
verify(authenticationManager).authenticate(argThat(new AuthenticationManagerMatcher("joe")));
assertEquals(4, subject.getPrincipals().size());
subject.getPrincipals().toArray()[3].equals("karaf_admin");
// now test exceptions
// Test with Authentication bound to thread
testCallbackHandler = new TestCallbackHandler("ioe");
loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
try {
loginModule.login();
fail("Should have thrown IOException");
} catch (LoginException ioe) {
/* No-op */
}
// UnsupportedCallbackException thrown by underlying system
testCallbackHandler = new TestCallbackHandler("unsupported");
loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
try {
loginModule.login();
fail("Should have thrown UnsupportedCallbackException");
} catch (LoginException ioe) {
/* No-op */
}
SecurityContextHolder.getContext().setAuthentication(null);
// IOException thrown by underlying system
testCallbackHandler = new TestCallbackHandler("ioe");
loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
try {
loginModule.login();
fail("Should have thrown IOException");
} catch (LoginException ioe) {
/* No-op */
}
testCallbackHandler = new TestCallbackHandler("unsupported");
loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
try {
loginModule.login();
fail("Should have thrown UnsupportedCallbackException");
} catch (LoginException ioe) {
/* No-op */
}
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
Authentication(org.springframework.security.core.Authentication)
Collection(java.util.Collection)
LoginException(javax.security.auth.login.LoginException)
IUserRoleListService(org.pentaho.platform.api.engine.IUserRoleListService)
Subject(javax.security.auth.Subject)
Test(org.junit.Test)
Example 8 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.
the class SpringSecurityLoginModuleTest method testLogin.
@Test
public void testLogin() throws Exception {
// instances and mocks
Subject subject = new Subject();
TestCallbackHandler testCallbackHandler = new TestCallbackHandler("joe");
SpringSecurityLoginModule loginModule = new SpringSecurityLoginModule();
AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
IUserRoleListService userRoleListService = mock(IUserRoleListService.class);
IAuthorizationPolicy authorizationPolicy = mock(IAuthorizationPolicy.class);
Authentication authentication = mock(Authentication.class);
Collection authorities = Arrays.asList(new GrantedAuthority[] { new SimpleGrantedAuthority("Authenticated"), new SimpleGrantedAuthority("Administrator") });
Authentication authentication2 = mock(Authentication.class);
Collection authorities2 = Arrays.asList(new GrantedAuthority[] { new SimpleGrantedAuthority("Authenticated"), new SimpleGrantedAuthority("ceo") });
//
PentahoSystem.registerObject(userRoleListService, IUserRoleListService.class);
when(authorizationPolicy.isAllowed(AdministerSecurityAction.NAME)).thenReturn(true).thenReturn(true).thenReturn(false);
when(authentication.getAuthorities()).thenReturn(authorities);
when(authentication.getName()).thenReturn("joe");
when(authentication.isAuthenticated()).thenReturn(true);
when(authentication2.getAuthorities()).thenReturn(authorities2);
when(authentication2.getName()).thenReturn("pat");
when(authentication2.isAuthenticated()).thenReturn(true);
when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("joe")))).thenReturn(authentication);
when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("pat")))).thenReturn(authentication);
when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("suzy")))).thenThrow(new UsernameNotFoundException("Error"));
when(userRoleListService.getRolesForUser(null, "joe")).thenReturn(Arrays.<String>asList("Authenticated", "Administrator"));
when(userRoleListService.getRolesForUser(null, "pat")).thenReturn(Arrays.<String>asList("Authenticated", "ceo"));
loginModule.setAuthenticationManager(authenticationManager);
loginModule.setAuthorizationPolicy(authorizationPolicy);
// start tests
loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
loginModule.login();
loginModule.commit();
// joe should get the extra karaf_admin role
verify(authenticationManager).authenticate(argThat(new AuthenticationManagerMatcher("joe")));
assertEquals(4, subject.getPrincipals().size());
subject.getPrincipals().toArray()[3].equals("karaf_admin");
loginModule.logout();
assertEquals(0, subject.getPrincipals().size());
loginModule.login();
loginModule.commit();
assertEquals(4, subject.getPrincipals().size());
// Suzy is not found
testCallbackHandler = new TestCallbackHandler("suzy");
loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
try {
loginModule.login();
fail("Should have thrown a UsernameNotFoundException exception");
} catch (LoginException ex) {
/* No-op */
}
// pat is found, but not an admin
testCallbackHandler = new TestCallbackHandler("pat");
loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
loginModule.logout();
loginModule.login();
loginModule.commit();
assertEquals(3, subject.getPrincipals().size());
assertTrue(loginModule.abort());
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
Authentication(org.springframework.security.core.Authentication)
Collection(java.util.Collection)
LoginException(javax.security.auth.login.LoginException)
IUserRoleListService(org.pentaho.platform.api.engine.IUserRoleListService)
Subject(javax.security.auth.Subject)
Test(org.junit.Test)
Example 9 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.
the class UploadFileServlet method hasManageDataAccessPermission.
/**
* Returns true if the current user has Manage Data Source Security. Otherwise returns false.
* @param session
* @return
*/
protected boolean hasManageDataAccessPermission(IPentahoSession session) {
// If this breaks an OEM's plugin, provide a get-out-of-jail card with an entry in the pentaho.xml.
String override = PentahoSystem.getSystemSetting("data-access-override", "false");
Boolean rtnOverride = Boolean.valueOf(override);
if (!rtnOverride) {
IAuthorizationPolicy policy = PentahoSystem.get(IAuthorizationPolicy.class);
if (policy != null) {
return policy.isAllowed("org.pentaho.platform.dataaccess.datasource.security.manage");
} else {
return false;
}
} else {
// Override the security policy with the entry in the pentaho.xml.
return true;
}
}
Also used :
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
Example 10 with IAuthorizationPolicy
use of org.pentaho.platform.api.engine.IAuthorizationPolicy in project pentaho-platform by pentaho.
the class AuthorizationActionService method validateAuth.
public boolean validateAuth(String authAction) {
boolean isAllowed = false;
boolean validInput = false;
for (IAuthorizationAction a : getActionList()) {
if (a.getName().equals(authAction)) {
validInput = true;
break;
}
}
if (validInput) {
IAuthorizationPolicy policy = getPolicy();
isAllowed = policy.isAllowed(authAction);
}
return isAllowed;
}
Also used :
IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy)
IAuthorizationAction(org.pentaho.platform.api.engine.IAuthorizationAction)
Aggregations
IAuthorizationPolicy (org.pentaho.platform.api.engine.IAuthorizationPolicy)40
Test (org.junit.Test)18
RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)11
MicroPlatform (org.pentaho.test.platform.engine.core.MicroPlatform)7
Serializable (java.io.Serializable)6
IUserRoleListService (org.pentaho.platform.api.engine.IUserRoleListService)6
File (java.io.File)5
Before (org.junit.Before)5
PentahoAccessControlException (org.pentaho.platform.api.engine.PentahoAccessControlException)5
FileNotFoundException (java.io.FileNotFoundException)4
HashMap (java.util.HashMap)4
IPluginResourceLoader (org.pentaho.platform.api.engine.IPluginResourceLoader)4
IUnifiedRepository (org.pentaho.platform.api.repository2.unified.IUnifiedRepository)4
PluginClassLoader (org.pentaho.platform.plugin.services.pluginmgr.PluginClassLoader)4
PluginResourceLoader (org.pentaho.platform.plugin.services.pluginmgr.PluginResourceLoader)4
InputStream (java.io.InputStream)3
Matchers.anyString (org.mockito.Matchers.anyString)3
SystemSettings (org.pentaho.platform.engine.core.system.SystemSettings)3
MockSecurityHelper (org.pentaho.test.platform.engine.security.MockSecurityHelper)3
OutputStream (java.io.OutputStream)2
