Search in sources :

Example 1 with SSOToken

use of org.simbasecurity.api.service.thrift.SSOToken in project simba-os by cegeka.

the class AuthenticationFilterServiceImplTest method testGetCurrentSession_TokenMappingProvided.

@Test
public void testGetCurrentSession_TokenMappingProvided() {
    SSOToken ssoToken = mock(SSOToken.class);
    String tokenKey = UUID.randomUUID().toString();
    RequestData requestData = new RequestData(Collections.singletonMap(RequestConstants.SIMBA_SSO_TOKEN, tokenKey), null, null, null, null, null, false, false, true, false, false, null, null, null, null);
    when(ssoTokenMappingService.getSSOToken(tokenKey)).thenReturn(ssoToken);
    serviceImpl.getCurrentSession(requestData);
    verify(sessionServiceMock).getSession(same(ssoToken));
    verify(ssoTokenMappingService).destroyMapping(tokenKey);
}
Also used : SSOToken(org.simbasecurity.api.service.thrift.SSOToken) RequestData(org.simbasecurity.api.service.thrift.RequestData) Test(org.junit.Test)

Example 2 with SSOToken

use of org.simbasecurity.api.service.thrift.SSOToken in project simba-os by cegeka.

the class CheckSessionCommand method execute.

@Override
public State execute(ChainContext context) throws Exception {
    SSOToken ssoToken;
    if (context.isSsoTokenMappingKeyProvided() && context.getCurrentSession() != null) {
        ssoToken = context.getCurrentSession().getSSOToken();
    } else {
        ssoToken = context.getRequestSSOToken();
    }
    if (ssoToken == null) {
        redirectToLogin(context);
        audit.log(auditLogFactory.createEventForAuthentication(context, AuditMessages.NO_SSOTOKEN_FOUND_REDIRECT_LOGIN));
        return State.FINISH;
    }
    Session currentSession = context.getCurrentSession();
    if (currentSession == null || currentSession.isExpired()) {
        redirectToLogin(context);
        sessionService.removeSession(currentSession);
        audit.log(auditLogFactory.createEventForAuthenticationForFailure(context, AuditMessages.SESSION_INVALID));
        return State.FINISH;
    }
    currentSession.updateLastAccesTime();
    context.setUserPrincipal(currentSession.getUser().getUserName());
    audit.log(auditLogFactory.createEventForAuthenticationForSuccess(context, AuditMessages.CHECK_SESSION));
    return State.CONTINUE;
}
Also used : SSOToken(org.simbasecurity.api.service.thrift.SSOToken) Session(org.simbasecurity.core.domain.Session)

Example 3 with SSOToken

use of org.simbasecurity.api.service.thrift.SSOToken in project simba-os by cegeka.

the class CreateCookieForNewSSOTokenCommandTest method testExecute_ActivatesMakeCookieActionWhenNewSSOToken.

@Test
public void testExecute_ActivatesMakeCookieActionWhenNewSSOToken() throws Exception {
    SSOToken ssoToken = new SSOToken();
    when(chainContextMock.isSsoTokenMappingKeyProvided()).thenReturn(true);
    when(chainContextMock.getCurrentSession()).thenReturn(session);
    when(session.getSSOToken()).thenReturn(ssoToken);
    CreateCookieForNewSSOTokenCommand command = new CreateCookieForNewSSOTokenCommand();
    command.execute(chainContextMock);
    verify(chainContextMock).activateAction(ActionType.MAKE_COOKIE);
    verify(chainContextMock).setSSOTokenForActions(ssoToken);
}
Also used : SSOToken(org.simbasecurity.api.service.thrift.SSOToken) Test(org.junit.Test)

Example 4 with SSOToken

use of org.simbasecurity.api.service.thrift.SSOToken in project simba-os by cegeka.

the class LogoutCommandTest method onLogoutRequestRemoveSessionAndRedirectAndDeleteCookie.

@Test
public void onLogoutRequestRemoveSessionAndRedirectAndDeleteCookie() throws Exception {
    SSOToken sSOToken = new SSOToken("token");
    when(chainContext.getUserName()).thenReturn(USERNAME);
    when(chainContext.getClientIpAddress()).thenReturn(CLIENT_IP);
    when(chainContext.isLogoutRequest()).thenReturn(true);
    Session sessionMock = mock(Session.class);
    when(chainContext.getCurrentSession()).thenReturn(sessionMock);
    when(chainContext.getRequestSSOToken()).thenReturn(sSOToken);
    State state = logoutCommand.execute(chainContext);
    assertEquals(State.FINISH, state);
    verify(sessionService).removeSession(isA(Session.class));
    verify(chainContext).activateAction(ActionType.DELETE_COOKIE);
    verify(chainContext).redirectToLogout();
    verify(auditMock).log(captor.capture());
    AuditLogEvent resultAuditLogEvent = captor.getValue();
    assertEquals(AuditLogEventCategory.SESSION, resultAuditLogEvent.getCategory());
    assertEquals(AuditMessages.SUCCESS + AuditMessages.LOGGED_OUT + ": SSOToken=" + sSOToken, resultAuditLogEvent.getMessage());
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) SSOToken(org.simbasecurity.api.service.thrift.SSOToken) State(org.simbasecurity.core.chain.Command.State) Session(org.simbasecurity.core.domain.Session) Test(org.junit.Test)

Example 5 with SSOToken

use of org.simbasecurity.api.service.thrift.SSOToken in project simba-os by cegeka.

the class SessionDatabaseRepositoryTest method canFindBySSOToken.

@Test
public void canFindBySSOToken() throws Exception {
    User user = new UserEntity("jos");
    SSOToken ssoToken = new SSOToken("eenSsoTokentje");
    SessionEntity session = new SessionEntity(user, ssoToken, "127.0.0.1", "192.168.1.1");
    persistAndRefresh(user, session);
    assertEquals(session, sessionDatabaseRepository.findBySSOToken(ssoToken));
}
Also used : User(org.simbasecurity.core.domain.User) SSOToken(org.simbasecurity.api.service.thrift.SSOToken) SessionEntity(org.simbasecurity.core.domain.SessionEntity) UserEntity(org.simbasecurity.core.domain.UserEntity) Test(org.junit.Test)

Aggregations

SSOToken (org.simbasecurity.api.service.thrift.SSOToken)19 Test (org.junit.Test)14 RequestData (org.simbasecurity.api.service.thrift.RequestData)7 ActionDescriptor (org.simbasecurity.api.service.thrift.ActionDescriptor)5 THttpClient (org.apache.thrift.transport.THttpClient)4 Client (org.simbasecurity.api.service.thrift.AuthenticationFilterService.Client)4 AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)4 Session (org.simbasecurity.core.domain.Session)4 SimbaCredentials (org.simbasecurity.dwclient.dropwizard.credentials.SimbaCredentials)4 ActionDescriptorBuilderForTests (org.simbasecurity.dwclient.test.stub.simba.ActionDescriptorBuilderForTests)4 User (org.simbasecurity.core.domain.User)3 State (org.simbasecurity.core.chain.Command.State)2 SessionEntity (org.simbasecurity.core.domain.SessionEntity)2 SimbaPrincipal (org.simbasecurity.dwclient.dropwizard.credentials.SimbaPrincipal)2 ContainerRequest (com.sun.jersey.spi.container.ContainerRequest)1 Cookie (javax.servlet.http.Cookie)1 ActionType (org.simbasecurity.api.service.thrift.ActionType)1 TSession (org.simbasecurity.api.service.thrift.TSession)1 TUser (org.simbasecurity.api.service.thrift.TUser)1 LoginMapping (org.simbasecurity.core.domain.LoginMapping)1