Search in sources :

Example 1 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project molgenis by molgenis.

the class AnnotationJobFactory method createJob.

@RunAsSystem
public AnnotationJob createJob(AnnotationJobExecution metaData) {
    dataService.add(ANNOTATION_JOB_EXECUTION, metaData);
    String annotatorNames = metaData.getAnnotators();
    String targetName = metaData.getTargetName();
    String username = metaData.getUser();
    // create an authentication to run as the user that is listed as the owner of the job
    RunAsUserToken runAsAuthentication = new RunAsUserToken("Job Execution", username, null, userDetailsService.loadUserByUsername(username).getAuthorities(), null);
    Repository<Entity> repository = dataService.getRepository(targetName);
    List<RepositoryAnnotator> availableAnnotators = annotationService.getAllAnnotators().stream().filter(RepositoryAnnotator::annotationDataExists).collect(toList());
    List<RepositoryAnnotator> requestedAnnotators = Arrays.stream(annotatorNames.split(",")).map(annotationService::getAnnotatorByName).collect(toList());
    AnnotatorDependencyOrderResolver resolver = new AnnotatorDependencyOrderResolver();
    List<RepositoryAnnotator> annotators = Lists.newArrayList(resolver.getAnnotatorSelectionDependencyList(availableAnnotators, requestedAnnotators, repository, entityTypeFactory));
    return new AnnotationJob(crudRepositoryAnnotator, username, annotators, repository, new ProgressImpl(metaData, jobExecutionUpdater, mailSender), runAsAuthentication, new TransactionTemplate(transactionManager));
}
Also used : Entity(org.molgenis.data.Entity) ProgressImpl(org.molgenis.jobs.ProgressImpl) RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RepositoryAnnotator(org.molgenis.data.annotation.core.RepositoryAnnotator) CrudRepositoryAnnotator(org.molgenis.data.annotation.web.CrudRepositoryAnnotator) TransactionTemplate(org.springframework.transaction.support.TransactionTemplate) AnnotatorDependencyOrderResolver(org.molgenis.data.annotation.core.utils.AnnotatorDependencyOrderResolver) RunAsSystem(org.molgenis.security.core.runas.RunAsSystem)

Example 2 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project molgenis by molgenis.

the class GavinJobFactory method createJob.

@RunAsSystem
public GavinJob createJob(GavinJobExecution gavinJobExecution) {
    dataService.add(gavinJobExecution.getEntityType().getId(), gavinJobExecution);
    String username = gavinJobExecution.getUser();
    // create an authentication to run as the user that is listed as the owner of the job
    RunAsUserToken runAsAuthentication = new RunAsUserToken("Job Execution", username, null, userDetailsService.loadUserByUsername(username).getAuthorities(), null);
    return new GavinJob(new ProgressImpl(gavinJobExecution, jobExecutionUpdater, mailSender), new TransactionTemplate(transactionManager), runAsAuthentication, gavinJobExecution.getIdentifier(), fileStore, menuReaderService, cadd, exac, snpEff, gavin, parser, annotatorRunner, gavinJobExecution);
}
Also used : ProgressImpl(org.molgenis.jobs.ProgressImpl) RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) TransactionTemplate(org.springframework.transaction.support.TransactionTemplate) RunAsSystem(org.molgenis.security.core.runas.RunAsSystem)

Example 3 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project molgenis by molgenis.

the class AuthenticationAuthoritiesUpdaterImplTest method testUpdateAuthenticationRunAsUserToken.

@Test
public void testUpdateAuthenticationRunAsUserToken() {
    String key = "key";
    Object principal = mock(Object.class);
    Object credentials = mock(Object.class);
    Class<? extends Authentication> originalAuthentication = Authentication.class;
    RunAsUserToken runAsUserToken = new RunAsUserToken(key, principal, credentials, emptyList(), originalAuthentication);
    Authentication updatedAuthentication = authenticationAuthoritiesUpdaterImpl.updateAuthentication(runAsUserToken, updatedAuthorities);
    assertEquals(updatedAuthentication, new RunAsUserToken(key, principal, credentials, updatedAuthorities, originalAuthentication));
}
Also used : RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) Authentication(org.springframework.security.core.Authentication) Test(org.testng.annotations.Test)

Example 4 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project spring-security by spring-projects.

the class AspectJMethodSecurityInterceptorTests method invokeWithAspectJCallbackRunAsReplacementCleansAfterException.

// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void invokeWithAspectJCallbackRunAsReplacementCleansAfterException() {
    SecurityContext ctx = SecurityContextHolder.getContext();
    ctx.setAuthentication(this.token);
    this.token.setAuthenticated(true);
    final RunAsManager runAs = mock(RunAsManager.class);
    final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(), TestingAuthenticationToken.class);
    this.interceptor.setRunAsManager(runAs);
    given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
    given(this.aspectJCallback.proceedWithObject()).willThrow(new RuntimeException());
    assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.interceptor.invoke(this.joinPoint, this.aspectJCallback));
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
}
Also used : RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) SecurityContext(org.springframework.security.core.context.SecurityContext) MethodInvocation(org.aopalliance.intercept.MethodInvocation) List(java.util.List) Test(org.junit.jupiter.api.Test)

Example 5 with RunAsUserToken

use of org.springframework.security.access.intercept.RunAsUserToken in project spring-security by spring-projects.

the class AspectJMethodSecurityInterceptorTests method invokeRunAsReplacementCleansAfterException.

// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void invokeRunAsReplacementCleansAfterException() throws Throwable {
    SecurityContext ctx = SecurityContextHolder.getContext();
    ctx.setAuthentication(this.token);
    this.token.setAuthenticated(true);
    final RunAsManager runAs = mock(RunAsManager.class);
    final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", this.token.getAuthorities(), TestingAuthenticationToken.class);
    this.interceptor.setRunAsManager(runAs);
    given(runAs.buildRunAs(eq(this.token), any(MethodInvocation.class), any(List.class))).willReturn(runAsToken);
    given(this.joinPoint.proceed()).willThrow(new RuntimeException());
    assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> this.interceptor.invoke(this.joinPoint));
    // Check we've changed back
    assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(this.token);
}
Also used : RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken) RunAsManager(org.springframework.security.access.intercept.RunAsManager) SecurityContext(org.springframework.security.core.context.SecurityContext) MethodInvocation(org.aopalliance.intercept.MethodInvocation) List(java.util.List) Test(org.junit.jupiter.api.Test)

Aggregations

RunAsUserToken (org.springframework.security.access.intercept.RunAsUserToken)10 Test (org.junit.jupiter.api.Test)5 RunAsManager (org.springframework.security.access.intercept.RunAsManager)5 SecurityContext (org.springframework.security.core.context.SecurityContext)5 List (java.util.List)4 MethodInvocation (org.aopalliance.intercept.MethodInvocation)4 ProgressImpl (org.molgenis.jobs.ProgressImpl)3 RunAsSystem (org.molgenis.security.core.runas.RunAsSystem)3 Authentication (org.springframework.security.core.Authentication)3 TransactionTemplate (org.springframework.transaction.support.TransactionTemplate)3 FilterChain (jakarta.servlet.FilterChain)1 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1 Entity (org.molgenis.data.Entity)1 RepositoryAnnotator (org.molgenis.data.annotation.core.RepositoryAnnotator)1 AnnotatorDependencyOrderResolver (org.molgenis.data.annotation.core.utils.AnnotatorDependencyOrderResolver)1 CrudRepositoryAnnotator (org.molgenis.data.annotation.web.CrudRepositoryAnnotator)1 SystemSecurityToken (org.molgenis.security.core.runas.SystemSecurityToken)1 RestAuthenticationToken (org.molgenis.security.token.RestAuthenticationToken)1