Search in sources :

Example 1 with IUserRoleListService

use of org.pentaho.platform.api.engine.IUserRoleListService in project pentaho-platform by pentaho.

the class SpringSecurityLoginModuleTest method testExceptions.

@Test
public void testExceptions() throws Exception {
    // clear any authentication
    SecurityContextHolder.getContext().setAuthentication(null);
    Subject subject = new Subject();
    TestCallbackHandler testCallbackHandler = new TestCallbackHandler("joe");
    SpringSecurityLoginModule loginModule = new SpringSecurityLoginModule();
    AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
    IUserRoleListService userRoleListService = mock(IUserRoleListService.class);
    IAuthorizationPolicy authorizationPolicy = mock(IAuthorizationPolicy.class);
    Authentication authentication = mock(Authentication.class);
    Collection authorities = Arrays.asList(new GrantedAuthority[] { new SimpleGrantedAuthority("Authenticated"), new SimpleGrantedAuthority("Administrator") });
    Authentication authentication2 = mock(Authentication.class);
    Collection authorities2 = Arrays.asList(new GrantedAuthority[] { new SimpleGrantedAuthority("Authenticated"), new SimpleGrantedAuthority("ceo") });
    PentahoSystem.registerObject(userRoleListService, IUserRoleListService.class);
    when(authorizationPolicy.isAllowed(AdministerSecurityAction.NAME)).thenReturn(true).thenReturn(true).thenReturn(false);
    when(authentication.getAuthorities()).thenReturn(authorities);
    when(authentication.getName()).thenReturn("joe");
    when(authentication.isAuthenticated()).thenReturn(true);
    when(authentication2.getAuthorities()).thenReturn(authorities2);
    when(authentication2.getName()).thenReturn("pat");
    when(authentication2.isAuthenticated()).thenReturn(true);
    when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("joe")))).thenReturn(authentication);
    when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("pat")))).thenReturn(authentication);
    when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("suzy")))).thenThrow(new UsernameNotFoundException("Error"));
    when(userRoleListService.getRolesForUser(null, "joe")).thenReturn(Arrays.<String>asList("Authenticated", "Administrator"));
    when(userRoleListService.getRolesForUser(null, "pat")).thenReturn(Arrays.<String>asList("Authenticated", "ceo"));
    loginModule.setAuthenticationManager(authenticationManager);
    loginModule.setAuthorizationPolicy(authorizationPolicy);
    // test a successful run
    loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
    loginModule.login();
    loginModule.commit();
    verify(authenticationManager).authenticate(argThat(new AuthenticationManagerMatcher("joe")));
    assertEquals(4, subject.getPrincipals().size());
    subject.getPrincipals().toArray()[3].equals("karaf_admin");
    // now test exceptions
    // Test with Authentication bound to thread
    testCallbackHandler = new TestCallbackHandler("ioe");
    loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
    try {
        loginModule.login();
        fail("Should have thrown IOException");
    } catch (LoginException ioe) {
    /* No-op */
    }
    // UnsupportedCallbackException thrown by underlying system
    testCallbackHandler = new TestCallbackHandler("unsupported");
    loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
    try {
        loginModule.login();
        fail("Should have thrown UnsupportedCallbackException");
    } catch (LoginException ioe) {
    /* No-op */
    }
    SecurityContextHolder.getContext().setAuthentication(null);
    // IOException thrown by underlying system
    testCallbackHandler = new TestCallbackHandler("ioe");
    loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
    try {
        loginModule.login();
        fail("Should have thrown IOException");
    } catch (LoginException ioe) {
    /* No-op */
    }
    testCallbackHandler = new TestCallbackHandler("unsupported");
    loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
    try {
        loginModule.login();
        fail("Should have thrown UnsupportedCallbackException");
    } catch (LoginException ioe) {
    /* No-op */
    }
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy) Authentication(org.springframework.security.core.Authentication) Collection(java.util.Collection) LoginException(javax.security.auth.login.LoginException) IUserRoleListService(org.pentaho.platform.api.engine.IUserRoleListService) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 2 with IUserRoleListService

use of org.pentaho.platform.api.engine.IUserRoleListService in project pentaho-platform by pentaho.

the class SpringSecurityLoginModuleTest method testLogin.

@Test
public void testLogin() throws Exception {
    // instances and mocks
    Subject subject = new Subject();
    TestCallbackHandler testCallbackHandler = new TestCallbackHandler("joe");
    SpringSecurityLoginModule loginModule = new SpringSecurityLoginModule();
    AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
    IUserRoleListService userRoleListService = mock(IUserRoleListService.class);
    IAuthorizationPolicy authorizationPolicy = mock(IAuthorizationPolicy.class);
    Authentication authentication = mock(Authentication.class);
    Collection authorities = Arrays.asList(new GrantedAuthority[] { new SimpleGrantedAuthority("Authenticated"), new SimpleGrantedAuthority("Administrator") });
    Authentication authentication2 = mock(Authentication.class);
    Collection authorities2 = Arrays.asList(new GrantedAuthority[] { new SimpleGrantedAuthority("Authenticated"), new SimpleGrantedAuthority("ceo") });
    // 
    PentahoSystem.registerObject(userRoleListService, IUserRoleListService.class);
    when(authorizationPolicy.isAllowed(AdministerSecurityAction.NAME)).thenReturn(true).thenReturn(true).thenReturn(false);
    when(authentication.getAuthorities()).thenReturn(authorities);
    when(authentication.getName()).thenReturn("joe");
    when(authentication.isAuthenticated()).thenReturn(true);
    when(authentication2.getAuthorities()).thenReturn(authorities2);
    when(authentication2.getName()).thenReturn("pat");
    when(authentication2.isAuthenticated()).thenReturn(true);
    when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("joe")))).thenReturn(authentication);
    when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("pat")))).thenReturn(authentication);
    when(authenticationManager.authenticate(argThat(new AuthenticationManagerMatcher("suzy")))).thenThrow(new UsernameNotFoundException("Error"));
    when(userRoleListService.getRolesForUser(null, "joe")).thenReturn(Arrays.<String>asList("Authenticated", "Administrator"));
    when(userRoleListService.getRolesForUser(null, "pat")).thenReturn(Arrays.<String>asList("Authenticated", "ceo"));
    loginModule.setAuthenticationManager(authenticationManager);
    loginModule.setAuthorizationPolicy(authorizationPolicy);
    // start tests
    loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
    loginModule.login();
    loginModule.commit();
    // joe should get the extra karaf_admin role
    verify(authenticationManager).authenticate(argThat(new AuthenticationManagerMatcher("joe")));
    assertEquals(4, subject.getPrincipals().size());
    subject.getPrincipals().toArray()[3].equals("karaf_admin");
    loginModule.logout();
    assertEquals(0, subject.getPrincipals().size());
    loginModule.login();
    loginModule.commit();
    assertEquals(4, subject.getPrincipals().size());
    // Suzy is not found
    testCallbackHandler = new TestCallbackHandler("suzy");
    loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
    try {
        loginModule.login();
        fail("Should have thrown a UsernameNotFoundException exception");
    } catch (LoginException ex) {
    /* No-op */
    }
    // pat is found, but not an admin
    testCallbackHandler = new TestCallbackHandler("pat");
    loginModule.initialize(subject, testCallbackHandler, Collections.emptyMap(), Collections.emptyMap());
    loginModule.logout();
    loginModule.login();
    loginModule.commit();
    assertEquals(3, subject.getPrincipals().size());
    assertTrue(loginModule.abort());
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy) Authentication(org.springframework.security.core.Authentication) Collection(java.util.Collection) LoginException(javax.security.auth.login.LoginException) IUserRoleListService(org.pentaho.platform.api.engine.IUserRoleListService) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 3 with IUserRoleListService

use of org.pentaho.platform.api.engine.IUserRoleListService in project data-access by pentaho.

the class DatasourceResourceIT method setUp.

@BeforeClass
public static void setUp() throws Exception {
    // $NON-NLS-1$ //$NON-NLS-2$
    System.setProperty("org.osjava.sj.root", "target/test-classes/solution1/system/simple-jndi");
    mp = new MicroPlatform("target/test-classes/solution1");
    IAuthorizationPolicy mockAuthorizationPolicy = mock(IAuthorizationPolicy.class);
    when(mockAuthorizationPolicy.isAllowed(anyString())).thenReturn(true);
    IUserRoleListService mockUserRoleListService = mock(IUserRoleListService.class);
    IDataAccessPermissionHandler mockDataAccessPermHandler = mock(IDataAccessPermissionHandler.class);
    when(mockDataAccessPermHandler.hasDataAccessPermission(any(IPentahoSession.class))).thenReturn(true);
    mp.define(ISolutionEngine.class, SolutionEngine.class, IPentahoDefinableObjectFactory.Scope.GLOBAL);
    mp.define(IUnifiedRepository.class, TestFileSystemBackedUnifiedRepository.class, IPentahoDefinableObjectFactory.Scope.GLOBAL);
    mp.define(IMondrianCatalogService.class, MondrianCatalogHelper.class, IPentahoDefinableObjectFactory.Scope.GLOBAL);
    mp.define("connection-SQL", SQLConnection.class);
    mp.define("connection-MDX", MDXConnection.class);
    mp.define("connection-MDXOlap4j", MDXOlap4jConnection.class);
    mp.define(IDBDatasourceService.class, JndiDatasourceService.class, IPentahoDefinableObjectFactory.Scope.GLOBAL);
    mp.define(MDXConnection.MDX_CONNECTION_MAPPER_KEY, MondrianOneToOneUserRoleListMapper.class, IPentahoDefinableObjectFactory.Scope.GLOBAL);
    mp.define(IDatasourceMgmtService.class, MockDatasourceMgmtService.class);
    mp.define(IClientRepositoryPathsStrategy.class, MockClientRepositoryPathsStrategy.class);
    mp.define(ISecurityHelper.class, MockSecurityHelper.class);
    mp.define(UserDetailsService.class, MockUserDetailService.class);
    mp.define("singleTenantAdminUserName", "admin");
    mp.defineInstance(IMetadataDomainRepository.class, createMetadataDomainRepository());
    mp.defineInstance(IAuthorizationPolicy.class, mockAuthorizationPolicy);
    mp.defineInstance(IPluginResourceLoader.class, new PluginResourceLoader() {

        protected PluginClassLoader getOverrideClassloader() {
            return new PluginClassLoader(new File(".", "target/test-classes/solution1/system/simple-jndi"), this);
        }
    });
    mp.defineInstance(IUserRoleListService.class, mockUserRoleListService);
    mp.defineInstance(IDataAccessPermissionHandler.class, mockDataAccessPermHandler);
    mp.setSettingsProvider(new SystemSettings());
    mp.start();
    PentahoSessionHolder.setStrategyName(PentahoSessionHolder.MODE_GLOBAL);
    SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL);
}
Also used : PluginResourceLoader(org.pentaho.platform.plugin.services.pluginmgr.PluginResourceLoader) IPluginResourceLoader(org.pentaho.platform.api.engine.IPluginResourceLoader) IAuthorizationPolicy(org.pentaho.platform.api.engine.IAuthorizationPolicy) IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession) MicroPlatform(org.pentaho.test.platform.engine.core.MicroPlatform) IUserRoleListService(org.pentaho.platform.api.engine.IUserRoleListService) SystemSettings(org.pentaho.platform.engine.core.system.SystemSettings) ZipFile(java.util.zip.ZipFile) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) File(java.io.File) PluginClassLoader(org.pentaho.platform.plugin.services.pluginmgr.PluginClassLoader) BeforeClass(org.junit.BeforeClass)

Example 4 with IUserRoleListService

use of org.pentaho.platform.api.engine.IUserRoleListService in project pentaho-platform by pentaho.

the class CachingUserRoleListServiceDecoratorTest method testGetAllRoles1.

@Test
public void testGetAllRoles1() throws Exception {
    IUserRoleListService mockService = mock(IUserRoleListService.class);
    when(mockService.getAllRoles(tenant)).thenReturn(Arrays.asList("foo", "bar"));
    CachingUserRoleListServiceDecorator decorator = new CachingUserRoleListServiceDecorator(mockService);
    List<String> allRoles = decorator.getAllRoles(tenant);
    assertArrayEquals("does not match", new String[] { "foo", "bar" }, allRoles.toArray());
    // second call should be from cache
    allRoles = decorator.getAllRoles(tenant);
    assertArrayEquals("does not match", new String[] { "foo", "bar" }, allRoles.toArray());
    verify(mockService, times(1)).getAllRoles(tenant);
}
Also used : IUserRoleListService(org.pentaho.platform.api.engine.IUserRoleListService) Test(org.junit.Test)

Example 5 with IUserRoleListService

use of org.pentaho.platform.api.engine.IUserRoleListService in project pentaho-platform by pentaho.

the class CachingUserRoleListServiceDecoratorTest method testGetAllUsers.

@Test
public void testGetAllUsers() throws Exception {
    IUserRoleListService mockService = mock(IUserRoleListService.class);
    when(mockService.getAllUsers()).thenReturn(Arrays.asList("foo", "bar"));
    CachingUserRoleListServiceDecorator decorator = new CachingUserRoleListServiceDecorator(mockService);
    List<String> allRoles = decorator.getAllUsers();
    assertArrayEquals("does not match", new String[] { "foo", "bar" }, allRoles.toArray());
    // second call should be from cache
    allRoles = decorator.getAllUsers();
    assertArrayEquals("does not match", new String[] { "foo", "bar" }, allRoles.toArray());
    verify(mockService, times(1)).getAllUsers();
}
Also used : IUserRoleListService(org.pentaho.platform.api.engine.IUserRoleListService) Test(org.junit.Test)

Aggregations

IUserRoleListService (org.pentaho.platform.api.engine.IUserRoleListService)37 Test (org.junit.Test)20 ArrayList (java.util.ArrayList)8 IAuthorizationPolicy (org.pentaho.platform.api.engine.IAuthorizationPolicy)7 ITenant (org.pentaho.platform.api.mt.ITenant)6 List (java.util.List)4 Document (org.dom4j.Document)4 Element (org.dom4j.Element)4 DefaultElement (org.dom4j.tree.DefaultElement)4 Before (org.junit.Before)4 IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)4 RoleListWrapper (org.pentaho.platform.web.http.api.resources.RoleListWrapper)4 MicroPlatform (org.pentaho.test.platform.engine.core.MicroPlatform)4 File (java.io.File)3 IPentahoObjectFactory (org.pentaho.platform.api.engine.IPentahoObjectFactory)3 IPluginResourceLoader (org.pentaho.platform.api.engine.IPluginResourceLoader)3 RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)3 SystemSettings (org.pentaho.platform.engine.core.system.SystemSettings)3 PluginClassLoader (org.pentaho.platform.plugin.services.pluginmgr.PluginClassLoader)3 PluginResourceLoader (org.pentaho.platform.plugin.services.pluginmgr.PluginResourceLoader)3