Search in sources :

Example 66 with Authentication

use of org.springframework.security.core.Authentication in project camel by apache.

the class SpringSecurityAuthorizationPolicy method beforeProcess.

protected void beforeProcess(Exchange exchange) throws Exception {
    List<ConfigAttribute> attributes = accessPolicy.getConfigAttributes();
    try {
        Authentication authToken = getAuthentication(exchange.getIn());
        if (authToken == null) {
            CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot find the Authentication instance.", exchange);
            throw authorizationException;
        }
        Authentication authenticated = authenticateIfRequired(authToken);
        // Attempt authorization with exchange
        try {
            this.accessDecisionManager.decide(authenticated, exchange, attributes);
        } catch (AccessDeniedException accessDeniedException) {
            exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
            AuthorizationFailureEvent event = new AuthorizationFailureEvent(exchange, attributes, authenticated, accessDeniedException);
            publishEvent(event);
            throw accessDeniedException;
        }
        publishEvent(new AuthorizedEvent(exchange, attributes, authenticated));
    } catch (RuntimeException exception) {
        exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
        CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot access the processor which has been protected.", exchange, exception);
        throw authorizationException;
    }
}
Also used : CamelAuthorizationException(org.apache.camel.CamelAuthorizationException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) ConfigAttribute(org.springframework.security.access.ConfigAttribute) Authentication(org.springframework.security.core.Authentication) AuthorizedEvent(org.springframework.security.access.event.AuthorizedEvent) AuthorizationFailureEvent(org.springframework.security.access.event.AuthorizationFailureEvent)

Example 67 with Authentication

use of org.springframework.security.core.Authentication in project spring-security by spring-projects.

the class AclImplTests method updatedAceValuesAreCorrectlyReflectedInAcl.

@Test
public void updatedAceValuesAreCorrectlyReflectedInAcl() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
    MockAclService service = new MockAclService();
    acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    acl.insertAce(2, BasePermission.CREATE, new PrincipalSid("ben"), true);
    service.updateAcl(acl);
    assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(0).getPermission());
    assertThat(BasePermission.WRITE).isEqualTo(acl.getEntries().get(1).getPermission());
    assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(2).getPermission());
    // Change each permission
    acl.updateAce(0, BasePermission.CREATE);
    acl.updateAce(1, BasePermission.DELETE);
    acl.updateAce(2, BasePermission.READ);
    // Check the change was successfully made
    assertThat(BasePermission.CREATE).isEqualTo(acl.getEntries().get(0).getPermission());
    assertThat(BasePermission.DELETE).isEqualTo(acl.getEntries().get(1).getPermission());
    assertThat(BasePermission.READ).isEqualTo(acl.getEntries().get(2).getPermission());
}
Also used : Authentication(org.springframework.security.core.Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Example 68 with Authentication

use of org.springframework.security.core.Authentication in project spring-security by spring-projects.

the class AclImplTests method isGrantingGrantsAccessForAclWithNoParent.

@Test
public void isGrantingGrantsAccessForAclWithNoParent() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL", "ROLE_GUEST");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity rootOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
    // Create an ACL which owner is not the authenticated principal
    MutableAcl rootAcl = new AclImpl(rootOid, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
    // Grant some permissions
    rootAcl.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), false);
    rootAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("scott"), true);
    rootAcl.insertAce(2, BasePermission.WRITE, new PrincipalSid("rod"), false);
    rootAcl.insertAce(3, BasePermission.WRITE, new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), true);
    // Check permissions granting
    List<Permission> permissions = Arrays.asList(BasePermission.READ, BasePermission.CREATE);
    List<Sid> sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST"));
    assertThat(rootAcl.isGranted(permissions, sids, false)).isFalse();
    try {
        rootAcl.isGranted(permissions, SCOTT, false);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    assertThat(rootAcl.isGranted(WRITE, SCOTT, false)).isTrue();
    assertThat(rootAcl.isGranted(WRITE, Arrays.asList(new PrincipalSid("rod"), new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false)).isFalse();
    assertThat(rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false)).isTrue();
    try {
        // Change the type of the Sid and check the granting process
        rootAcl.isGranted(WRITE, Arrays.asList(new GrantedAuthoritySid("rod"), new PrincipalSid("WRITE_ACCESS_ROLE")), false);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
}
Also used : TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Authentication(org.springframework.security.core.Authentication)

Example 69 with Authentication

use of org.springframework.security.core.Authentication in project spring-security by spring-projects.

the class AclImplTests method isGrantingGrantsAccessForInheritableAcls.

@Test
public void isGrantingGrantsAccessForInheritableAcls() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    ObjectIdentity grandParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100);
    ObjectIdentity parentOid1 = new ObjectIdentityImpl(TARGET_CLASS, 101);
    ObjectIdentity parentOid2 = new ObjectIdentityImpl(TARGET_CLASS, 102);
    ObjectIdentity childOid1 = new ObjectIdentityImpl(TARGET_CLASS, 103);
    ObjectIdentity childOid2 = new ObjectIdentityImpl(TARGET_CLASS, 104);
    // Create ACLs
    PrincipalSid joe = new PrincipalSid("joe");
    MutableAcl grandParentAcl = new AclImpl(grandParentOid, 1, authzStrategy, pgs, null, null, false, joe);
    MutableAcl parentAcl1 = new AclImpl(parentOid1, 2, authzStrategy, pgs, null, null, true, joe);
    MutableAcl parentAcl2 = new AclImpl(parentOid2, 3, authzStrategy, pgs, null, null, true, joe);
    MutableAcl childAcl1 = new AclImpl(childOid1, 4, authzStrategy, pgs, null, null, true, joe);
    MutableAcl childAcl2 = new AclImpl(childOid2, 4, authzStrategy, pgs, null, null, false, joe);
    // Create hierarchies
    childAcl2.setParent(childAcl1);
    childAcl1.setParent(parentAcl1);
    parentAcl2.setParent(grandParentAcl);
    parentAcl1.setParent(grandParentAcl);
    // Add some permissions
    grandParentAcl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    grandParentAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid("ben"), true);
    grandParentAcl.insertAce(2, BasePermission.DELETE, new PrincipalSid("ben"), false);
    grandParentAcl.insertAce(3, BasePermission.DELETE, new PrincipalSid("scott"), true);
    parentAcl1.insertAce(0, BasePermission.READ, new PrincipalSid("scott"), true);
    parentAcl1.insertAce(1, BasePermission.DELETE, new PrincipalSid("scott"), false);
    parentAcl2.insertAce(0, BasePermission.CREATE, new PrincipalSid("ben"), true);
    childAcl1.insertAce(0, BasePermission.CREATE, new PrincipalSid("scott"), true);
    // Check granting process for parent1
    assertThat(parentAcl1.isGranted(READ, SCOTT, false)).isTrue();
    assertThat(parentAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)).isTrue();
    assertThat(parentAcl1.isGranted(WRITE, BEN, false)).isTrue();
    assertThat(parentAcl1.isGranted(DELETE, BEN, false)).isFalse();
    assertThat(parentAcl1.isGranted(DELETE, SCOTT, false)).isFalse();
    // Check granting process for parent2
    assertThat(parentAcl2.isGranted(CREATE, BEN, false)).isTrue();
    assertThat(parentAcl2.isGranted(WRITE, BEN, false)).isTrue();
    assertThat(parentAcl2.isGranted(DELETE, BEN, false)).isFalse();
    // Check granting process for child1
    assertThat(childAcl1.isGranted(CREATE, SCOTT, false)).isTrue();
    assertThat(childAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false)).isTrue();
    assertThat(childAcl1.isGranted(DELETE, BEN, false)).isFalse();
    // parent)
    try {
        assertThat(childAcl2.isGranted(CREATE, SCOTT, false)).isTrue();
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
    try {
        childAcl2.isGranted(CREATE, Arrays.asList((Sid) new PrincipalSid("joe")), false);
        fail("It should have thrown NotFoundException");
    } catch (NotFoundException expected) {
    }
}
Also used : Authentication(org.springframework.security.core.Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Example 70 with Authentication

use of org.springframework.security.core.Authentication in project spring-security by spring-projects.

the class AclImplTests method auditableEntryFlagsAreUpdatedCorrectly.

@Test
public void auditableEntryFlagsAreUpdatedCorrectly() throws Exception {
    Authentication auth = new TestingAuthenticationToken("ben", "ignored", "ROLE_AUDITING", "ROLE_GENERAL");
    auth.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(auth);
    MutableAcl acl = new AclImpl(objectIdentity, 1, authzStrategy, pgs, null, null, false, new PrincipalSid("joe"));
    MockAclService service = new MockAclService();
    acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    acl.insertAce(1, BasePermission.WRITE, new GrantedAuthoritySid("ROLE_USER_READ"), true);
    service.updateAcl(acl);
    assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditFailure()).isFalse();
    assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditFailure()).isFalse();
    assertThat(((AuditableAccessControlEntry) acl.getEntries().get(0)).isAuditSuccess()).isFalse();
    assertThat(((AuditableAccessControlEntry) acl.getEntries().get(1)).isAuditSuccess()).isFalse();
    // Change each permission
    ((AuditableAcl) acl).updateAuditing(0, true, true);
    ((AuditableAcl) acl).updateAuditing(1, true, true);
    // Check the change was successfuly made
    assertThat(acl.getEntries()).extracting("auditSuccess").containsOnly(true, true);
    assertThat(acl.getEntries()).extracting("auditFailure").containsOnly(true, true);
}
Also used : Authentication(org.springframework.security.core.Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Aggregations

Authentication (org.springframework.security.core.Authentication)498 Test (org.junit.Test)192 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)114 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)98 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)75 SecurityContext (org.springframework.security.core.context.SecurityContext)63 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)57 GrantedAuthority (org.springframework.security.core.GrantedAuthority)50 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)47 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)42 MifosUser (org.mifos.security.MifosUser)38 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)34 HttpServletRequest (javax.servlet.http.HttpServletRequest)32 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)32 AuthenticationException (org.springframework.security.core.AuthenticationException)31 UserDetails (org.springframework.security.core.userdetails.UserDetails)31 MifosUserBuilder (org.mifos.builders.MifosUserBuilder)29 HashMap (java.util.HashMap)27 HttpServletResponse (javax.servlet.http.HttpServletResponse)27 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)25