Search in sources :

Example 96 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.

the class DefaultGrantedAuthoritiesFactoryTest method testGroupAdmin.

/**
 * Group admin has all group authorities
 */
@Test
public void testGroupAdmin() {
    IdmRoleDto role = new IdmRoleDto();
    role.setName("role");
    role.setId(UUID.randomUUID());
    IdmIdentityDto identity = new IdmIdentityDto();
    identity.setId(UUID.randomUUID());
    identity.setUsername("identityAdmin");
    IdmIdentityContractDto contract = new IdmIdentityContractDto();
    contract.setId(UUID.randomUUID());
    contract.setIdentity(identity.getId());
    IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
    identityRole.setIdentityContractDto(contract);
    identityRole.setRole(role.getId());
    List<IdmIdentityRoleDto> roles = Lists.newArrayList(identityRole);
    when(moduleService.getAvailablePermissions()).thenReturn(groupPermissions);
    when(identityService.getByUsername(identity.getUsername())).thenReturn(identity);
    when(roleService.get(role.getId())).thenReturn(role);
    when(identityRoleService.findValidRole(identity.getId(), null)).thenReturn(new PageImpl<>(new ArrayList<>(roles)));
    when(roleService.getSubroles(any(UUID.class))).thenReturn(Lists.newArrayList());
    when(authorizationPolicyService.getDefaultAuthorities(any())).thenReturn(Sets.newHashSet(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.READ), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.DELETE)));
    // returns trimmed authorities
    List<GrantedAuthority> grantedAuthorities = defaultGrantedAuthoritiesFactory.getGrantedAuthorities(identity.getUsername());
    // 
    assertEquals(1, grantedAuthorities.size());
    assertEquals(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), grantedAuthorities.iterator().next());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) UUID(java.util.UUID) DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) Test(org.junit.Test) AbstractUnitTest(eu.bcvsolutions.idm.test.api.AbstractUnitTest)

Example 97 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleRequestServiceIntegrationTest method notRightForExecuteImmediatelyExceptionTest.

@Test(expected = RoleRequestException.class)
@Transactional()
public void notRightForExecuteImmediatelyExceptionTest() {
    this.logout();
    // Log as user without right for immediately execute role request (without approval)
    Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
        return !CoreGroupPermission.ROLE_REQUEST_EXECUTE.equals(authority.getAuthority()) && !CoreGroupPermission.ROLE_REQUEST_ADMIN.equals(authority.getAuthority()) && !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
    }).collect(Collectors.toList());
    SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(new IdmIdentityDto(USER_TEST_A), null, authorities, "test"));
    IdmIdentityDto testA = identityService.getByUsername(USER_TEST_A);
    IdmIdentityContractDto contractA = identityContractService.getPrimeContract(testA.getId());
    IdmRoleRequestDto request = new IdmRoleRequestDto();
    request.setApplicant(testA.getId());
    request.setExecuteImmediately(true);
    request.setRequestedByType(RoleRequestedByType.MANUALLY);
    request = roleRequestService.save(request);
    Assert.assertEquals(RoleRequestState.CONCEPT, request.getState());
    IdmConceptRoleRequestDto conceptA = new IdmConceptRoleRequestDto();
    conceptA.setRoleRequest(request.getId());
    conceptA.setOperation(ConceptRoleRequestOperation.ADD);
    conceptA.setRole(roleA.getId());
    conceptA.setIdentityContract(contractA.getId());
    conceptA = conceptRoleRequestService.save(conceptA);
    Assert.assertEquals(RoleRequestState.CONCEPT, conceptA.getState());
    // We expect exception state (we don`t have right for execute without approval)
    roleRequestService.startRequestInternal(request.getId(), true);
}
Also used : MethodSorters(org.junit.runners.MethodSorters) IdmConceptRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmConceptRoleRequestService) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) RoleRequestException(eu.bcvsolutions.idm.core.api.exception.RoleRequestException) Autowired(org.springframework.beans.factory.annotation.Autowired) RoleRequestedByType(eu.bcvsolutions.idm.core.api.domain.RoleRequestedByType) IdmConfigurationService(eu.bcvsolutions.idm.core.api.service.IdmConfigurationService) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) IdmRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmRoleRequestService) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) IdmAuthorityUtils(eu.bcvsolutions.idm.core.security.api.utils.IdmAuthorityUtils) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) After(org.junit.After) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) TestHelper(eu.bcvsolutions.idm.test.api.TestHelper) ModuleService(eu.bcvsolutions.idm.core.api.service.ModuleService) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) Before(org.junit.Before) InitTestData(eu.bcvsolutions.idm.InitTestData) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) IdmIdentityContractService(eu.bcvsolutions.idm.core.api.service.IdmIdentityContractService) Collection(java.util.Collection) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Test(org.junit.Test) RoleRequestState(eu.bcvsolutions.idm.core.api.domain.RoleRequestState) Collectors(java.util.stream.Collectors) GrantedAuthority(org.springframework.security.core.GrantedAuthority) LocalDate(org.joda.time.LocalDate) List(java.util.List) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) IdmGroupPermission(eu.bcvsolutions.idm.core.security.api.domain.IdmGroupPermission) Assert(org.junit.Assert) FixMethodOrder(org.junit.FixMethodOrder) ConceptRoleRequestOperation(eu.bcvsolutions.idm.core.api.domain.ConceptRoleRequestOperation) Transactional(org.springframework.transaction.annotation.Transactional) GrantedAuthority(org.springframework.security.core.GrantedAuthority) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) IdmConceptRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmConceptRoleRequestDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) IdmRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 98 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.

the class AbstractWorkflowIntegrationTest method loginAsNoAdmin.

public void loginAsNoAdmin(String user) {
    Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
        return !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
    }).collect(Collectors.toList());
    IdmIdentityDto identity = (IdmIdentityDto) lookupService.getDtoLookup(IdmIdentityDto.class).lookup(user);
    SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(identity, null, authorities, "test"));
}
Also used : SpringProcessEngineConfiguration(org.activiti.spring.SpringProcessEngineConfiguration) AuthenticationTestUtils(eu.bcvsolutions.idm.test.api.utils.AuthenticationTestUtils) ActivitiRule(org.activiti.engine.test.ActivitiRule) Collection(java.util.Collection) ProcessEngineConfigurationImpl(org.activiti.engine.impl.cfg.ProcessEngineConfigurationImpl) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) Autowired(org.springframework.beans.factory.annotation.Autowired) AutowireCapableBeanFactory(org.springframework.beans.factory.config.AutowireCapableBeanFactory) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) Collectors(java.util.stream.Collectors) DefaultActivityBehaviorFactory(org.activiti.engine.impl.bpmn.parser.factory.DefaultActivityBehaviorFactory) GrantedAuthority(org.springframework.security.core.GrantedAuthority) IdentityService(org.activiti.engine.IdentityService) WorkflowDeploymentDto(eu.bcvsolutions.idm.core.workflow.api.dto.WorkflowDeploymentDto) Rule(org.junit.Rule) LookupService(eu.bcvsolutions.idm.core.api.service.LookupService) IdmAuthorityUtils(eu.bcvsolutions.idm.core.security.api.utils.IdmAuthorityUtils) WorkflowDeploymentService(eu.bcvsolutions.idm.core.workflow.api.service.WorkflowDeploymentService) Ignore(org.junit.Ignore) ModuleService(eu.bcvsolutions.idm.core.api.service.ModuleService) IdmGroupPermission(eu.bcvsolutions.idm.core.security.api.domain.IdmGroupPermission) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) InputStream(java.io.InputStream) Before(org.junit.Before) GrantedAuthority(org.springframework.security.core.GrantedAuthority) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 99 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.

the class DefaultIdmAutomaticRoleRequestServiceIntegrationTest method notRightForExecuteImmediatelyExceptionTest.

@Test(expected = RoleRequestException.class)
public void notRightForExecuteImmediatelyExceptionTest() {
    this.logout();
    IdmIdentityDto identity = helper.createIdentity();
    // Log as user without right for immediately execute role request (without
    // approval)
    Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
        return !CoreGroupPermission.AUTOMATIC_ROLE_REQUEST_ADMIN.equals(authority.getAuthority()) && !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
    }).collect(Collectors.toList());
    SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(new IdmIdentityDto(identity.getUsername()), null, authorities, "test"));
    IdmRoleDto role = prepareRole();
    IdmAutomaticRoleRequestDto request = new IdmAutomaticRoleRequestDto();
    request.setState(RequestState.EXECUTED);
    request.setOperation(RequestOperationType.ADD);
    request.setRequestType(AutomaticRoleRequestType.ATTRIBUTE);
    request.setExecuteImmediately(true);
    request.setName(role.getName());
    request.setRole(role.getId());
    request = roleRequestService.save(request);
    Assert.assertEquals(RequestState.CONCEPT, request.getState());
    IdmAutomaticRoleAttributeRuleRequestDto rule = new IdmAutomaticRoleAttributeRuleRequestDto();
    rule.setRequest(request.getId());
    rule.setOperation(RequestOperationType.ADD);
    rule.setAttributeName(IdmIdentity_.username.getName());
    rule.setComparison(AutomaticRoleAttributeRuleComparison.EQUALS);
    rule.setType(AutomaticRoleAttributeRuleType.IDENTITY);
    rule.setValue("test");
    rule = ruleRequestService.save(rule);
    // We expect exception state (we don`t have right for execute without approval)
    roleRequestService.startRequestInternal(request.getId(), true);
}
Also used : RequestState(eu.bcvsolutions.idm.core.api.domain.RequestState) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) RoleRequestException(eu.bcvsolutions.idm.core.api.exception.RoleRequestException) Autowired(org.springframework.beans.factory.annotation.Autowired) IdmAutomaticRoleAttributeRuleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmAutomaticRoleAttributeRuleFilter) WorkflowTaskInstanceDto(eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowTaskInstanceDto) IdmAutomaticRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleRequestDto) AutomaticRoleManager(eu.bcvsolutions.idm.core.api.service.AutomaticRoleManager) AutowireHelper(eu.bcvsolutions.idm.core.api.utils.AutowireHelper) IdmAutomaticRoleAttributeDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeDto) CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission) IdmAutomaticRoleAttributeRuleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeRuleRequestDto) IdmAutomaticRoleAttributeRuleDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeRuleDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) After(org.junit.After) WorkflowTaskInstanceService(eu.bcvsolutions.idm.core.workflow.service.WorkflowTaskInstanceService) Assert.fail(org.junit.Assert.fail) ModuleService(eu.bcvsolutions.idm.core.api.service.ModuleService) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) AutomaticRoleAttributeRuleType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleType) IdmAutomaticRoleAttributeRuleRequestService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeRuleRequestService) Collection(java.util.Collection) AcceptedException(eu.bcvsolutions.idm.core.api.exception.AcceptedException) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) GrantedAuthority(org.springframework.security.core.GrantedAuthority) List(java.util.List) ProcessAutomaticRoleByAttributeTaskExecutor(eu.bcvsolutions.idm.core.scheduler.task.impl.ProcessAutomaticRoleByAttributeTaskExecutor) IdmAutomaticRoleAttributeRuleService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeRuleService) IdmAutomaticRoleAttributeService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleAttributeService) RequestOperationType(eu.bcvsolutions.idm.core.api.domain.RequestOperationType) IdmRoleTreeNodeService(eu.bcvsolutions.idm.core.api.service.IdmRoleTreeNodeService) IdmConfigurationService(eu.bcvsolutions.idm.core.api.service.IdmConfigurationService) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) IdmAutomaticRoleRequestService(eu.bcvsolutions.idm.core.api.service.IdmAutomaticRoleRequestService) IdmAuthorityUtils(eu.bcvsolutions.idm.core.security.api.utils.IdmAuthorityUtils) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) IdmRoleGuaranteeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleGuaranteeDto) TestHelper(eu.bcvsolutions.idm.test.api.TestHelper) WorkflowFilterDto(eu.bcvsolutions.idm.core.workflow.model.dto.WorkflowFilterDto) AutomaticRoleRequestType(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleRequestType) Before(org.junit.Before) InitTestData(eu.bcvsolutions.idm.InitTestData) IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService) LongRunningTaskManager(eu.bcvsolutions.idm.core.scheduler.api.service.LongRunningTaskManager) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService) Test(org.junit.Test) IdmRoleTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleTreeNodeDto) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AutomaticRoleAttributeRuleComparison(eu.bcvsolutions.idm.core.api.domain.AutomaticRoleAttributeRuleComparison) IdmIdentity_(eu.bcvsolutions.idm.core.model.entity.IdmIdentity_) IdmGroupPermission(eu.bcvsolutions.idm.core.security.api.domain.IdmGroupPermission) Assert(org.junit.Assert) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmAutomaticRoleAttributeRuleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleAttributeRuleRequestDto) IdmAutomaticRoleRequestDto(eu.bcvsolutions.idm.core.api.dto.IdmAutomaticRoleRequestDto) GrantedAuthority(org.springframework.security.core.GrantedAuthority) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractCoreWorkflowIntegrationTest(eu.bcvsolutions.idm.core.AbstractCoreWorkflowIntegrationTest) Test(org.junit.Test)

Example 100 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project zhcet-web by zhcet-amu.

the class UserDetailService method cloneWithRoles.

/**
 * Update current authentication by cloning it with new roles
 * Also saves the user with new roles
 *
 * Used when there is a need to dynamically update a user's roles
 * @param authentication {@link Authentication} to be cloned
 * @param user {@link User} containing roles
 */
void cloneWithRoles(Authentication authentication, User user) {
    Collection<GrantedAuthority> authorities = getAuthorities(user);
    Authentication clone = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authorities);
    saveUser(user);
    SecurityContextHolder.getContext().setAuthentication(clone);
}
Also used : Authentication(org.springframework.security.core.Authentication) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Aggregations

GrantedAuthority (org.springframework.security.core.GrantedAuthority)188 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)90 Authentication (org.springframework.security.core.Authentication)55 ArrayList (java.util.ArrayList)43 Test (org.junit.Test)42 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)37 HashSet (java.util.HashSet)27 UserDetails (org.springframework.security.core.userdetails.UserDetails)16 SecurityContextImpl (org.springframework.security.core.context.SecurityContextImpl)15 DirContextAdapter (org.springframework.ldap.core.DirContextAdapter)11 Before (org.junit.Before)10 SecurityContext (org.springframework.security.core.context.SecurityContext)10 User (org.springframework.security.core.userdetails.User)10 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)10 DefaultGrantedAuthority (eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority)9 List (java.util.List)9 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)9 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)8 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)8