@Test
public void testMondrianOneToOneUserRoleListMapper() throws Exception {
final IConnectionUserRoleMapper mapper = new MondrianOneToOneUserRoleListMapper();
try {
String[] roles =
SecurityHelper.getInstance()
.runAsUser(
"simplebob",
new Callable<String[]>() {
@Override
public String[] call() throws Exception {
return mapper.mapConnectionRoles(
PentahoSessionHolder.getSession(), "SteelWheelsRoles");
}
});
Assert.assertNotNull(roles);
Assert.assertEquals(2, roles.length);
Assert.assertEquals("Role1", roles[0]);
Assert.assertEquals("Role2", roles[1]);
} catch (PentahoAccessControlException e) {
Assert.fail(e.getMessage());
}
}
/**
* Logs in with given username.
*
* @param username username of user
* @param tenantId tenant to which this user belongs
* @tenantAdmin true to add the tenant admin authority to the user's roles
*/
protected void login(final String username, final ITenant tenant, String[] roles) {
StandaloneSession pentahoSession =
new StandaloneSession(tenantedUserNameUtils.getPrincipleId(tenant, username));
pentahoSession.setAuthenticated(
tenant.getId(), tenantedUserNameUtils.getPrincipleId(tenant, username));
PentahoSessionHolder.setSession(pentahoSession);
pentahoSession.setAttribute(IPentahoSession.TENANT_ID_KEY, tenant.getId());
final String password = "******";
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>();
for (String roleName : roles) {
authList.add(
new GrantedAuthorityImpl(tenantedRoleNameUtils.getPrincipleId(tenant, roleName)));
}
GrantedAuthority[] authorities = authList.toArray(new GrantedAuthority[0]);
UserDetails userDetails = new User(username, password, true, true, true, true, authorities);
Authentication auth =
new UsernamePasswordAuthenticationToken(userDetails, password, authorities);
PentahoSessionHolder.setSession(pentahoSession);
// this line necessary for Spring Security's MethodSecurityInterceptor
SecurityContextHolder.getContext().setAuthentication(auth);
SecurityHelper.getInstance().becomeUser(tenantedUserNameUtils.getPrincipleId(tenant, username));
SecurityContextHolder.getContext().setAuthentication(auth);
}
@Test
public void testLookupMapUserRoleListMapper() throws Exception {
Map<String, String> lookup = new HashMap<String, String>();
lookup.put("ceo", "Role1");
lookup.put("Not Pentaho", "Role2");
lookup.put("Not Mondrian or Pentaho", "Role3");
final MondrianLookupMapUserRoleListMapper mapper = new MondrianLookupMapUserRoleListMapper();
mapper.setLookupMap(lookup);
try {
String[] roles =
SecurityHelper.getInstance()
.runAsUser(
"admin",
new Callable<String[]>() {
@Override
public String[] call() throws Exception {
return mapper.mapConnectionRoles(
PentahoSessionHolder.getSession(), "SteelWheelsRoles");
}
});
Assert.assertNotNull(roles);
Assert.assertEquals(1, roles.length);
Assert.assertEquals("Role1", roles[0]);
} catch (PentahoAccessControlException e) {
Assert.fail(e.getMessage());
}
}
@Test
public void testMondrianUserSessionUserRoleListMapper() throws Exception {
final MondrianUserSessionUserRoleListMapper mapper =
new MondrianUserSessionUserRoleListMapper();
mapper.setSessionProperty("rolesAttribute");
try {
String[] roles =
SecurityHelper.getInstance()
.runAsUser(
"admin",
new Callable<String[]>() {
@Override
public String[] call() throws Exception {
IPentahoSession session = PentahoSessionHolder.getSession();
session.setAttribute(
"rolesAttribute",
new Object[] {"mondrianRole1", "mondrianRole2", "mondrianRole3"});
return mapper.mapConnectionRoles(session, "SteelWheelsRoles");
}
});
Assert.assertNotNull(roles);
Assert.assertEquals(3, roles.length);
Assert.assertEquals("mondrianRole1", roles[0]);
Assert.assertEquals("mondrianRole2", roles[1]);
Assert.assertEquals("mondrianRole3", roles[2]);
} catch (PentahoAccessControlException e) {
Assert.fail(e.getMessage());
}
}
@Test
public void testReadRolesInSchema() throws Exception {
final MondrianCatalogHelper helper =
(MondrianCatalogHelper) PentahoSystem.get(IMondrianCatalogService.class);
Assert.assertNotNull(helper);
MondrianCatalog mc =
SecurityHelper.getInstance()
.runAsUser(
"admin",
new Callable<MondrianCatalog>() {
@Override
public MondrianCatalog call() throws Exception {
return helper.getCatalog("SteelWheelsRoles", PentahoSessionHolder.getSession());
}
});
Assert.assertNotNull(mc);
MondrianSchema ms = mc.getSchema();
Assert.assertNotNull(ms);
String[] roleNames = ms.getRoleNames();
Assert.assertNotNull(roleNames);
Assert.assertEquals(2, roleNames.length);
Assert.assertEquals("Role1", roleNames[0]);
Assert.assertEquals("Role2", roleNames[1]);
}
/**
* Returns whether the current user is an administrator
*
* @return "true" or "false"
*/
@GET
@Path("/isAdministrator")
public Response isAdministrator() {
return Response.ok(
"" + (SecurityHelper.getInstance().isPentahoAdministrator(getPentahoSession())))
.build();
}
@Test
public void testNoMatchLookupMapUserRoleListMapper() throws Exception {
Map<String, String> lookup = new HashMap<String, String>();
lookup.put("No Match", "Role1");
lookup.put("No Match Here Either", "Role2");
final MondrianLookupMapUserRoleListMapper mapper = new MondrianLookupMapUserRoleListMapper();
mapper.setLookupMap(lookup);
mapper.setFailOnEmptyRoleList(true);
try {
SecurityHelper.getInstance()
.runAsUser(
"admin",
new Callable<String[]>() {
@Override
public String[] call() throws Exception {
return mapper.mapConnectionRoles(
PentahoSessionHolder.getSession(), "SteelWheelsRoles");
}
});
Assert.fail();
} catch (PentahoAccessControlException e) {
// no op.
}
mapper.setFailOnEmptyRoleList(false);
try {
String[] roles =
SecurityHelper.getInstance()
.runAsUser(
"admin",
new Callable<String[]>() {
@Override
public String[] call() throws Exception {
return mapper.mapConnectionRoles(
PentahoSessionHolder.getSession(), "SteelWheelsRoles");
}
});
Assert.assertNull(roles);
} catch (PentahoAccessControlException e) {
Assert.fail(e.getMessage());
}
}
private String generateInMemoryDatasourcesXml() {
try {
return SecurityHelper.getInstance()
.runAsSystem(
new Callable<String>() {
public String call() throws Exception {
return mondrianCatalogService.generateInMemoryDatasourcesXml(repo);
}
});
} catch (Exception e) {
PentahoXmlaServlet.logger.error(e);
throw new RuntimeException(e);
}
}
@Test
public void testNoMatchMondrianOneToOneUserRoleListMapper() throws Exception {
final MondrianOneToOneUserRoleListMapper mapper = new MondrianOneToOneUserRoleListMapper();
mapper.setFailOnEmptyRoleList(true);
try {
SecurityHelper.getInstance()
.runAsUser(
"admin",
new Callable<String[]>() {
@Override
public String[] call() throws Exception {
return mapper.mapConnectionRoles(
PentahoSessionHolder.getSession(), "SteelWheelsRoles");
}
});
Assert.fail();
} catch (PentahoAccessControlException e) {
// No op.
}
mapper.setFailOnEmptyRoleList(false);
try {
String[] roles =
SecurityHelper.getInstance()
.runAsUser(
"simplebob",
new Callable<String[]>() {
@Override
public String[] call() throws Exception {
return mapper.mapConnectionRoles(
PentahoSessionHolder.getSession(), "SteelWheelsRoles");
}
});
Assert.assertArrayEquals(new String[] {"Role1", "Role2"}, roles);
} catch (PentahoAccessControlException e) {
Assert.fail(e.getMessage());
}
}
@SuppressWarnings("deprecation")
public void testVoter() throws Exception {
SecurityHelper.getInstance()
.runAsUser(
"suzy",
new Callable<Void>() {
@Override
public Void call() throws Exception {
RepositoryFile testFile =
new RepositoryFile("Test Folder", null, null); // $NON-NLS-1$
Map<IPermissionRecipient, IPermissionMask> perms =
new LinkedHashMap<IPermissionRecipient, IPermissionMask>();
perms.put(
new SimpleUser("suzy"),
new SimplePermissionMask(IPentahoAclEntry.PERM_EXECUTE));
perms.put(
new SimpleRole("ROLE_CTO"),
new SimplePermissionMask(IPentahoAclEntry.PERM_SUBSCRIBE));
perms.put(
new SimpleRole("ROLE_IS"),
new SimplePermissionMask(IPentahoAclEntry.PERM_ADMINISTRATION));
SpringSecurityPermissionMgr.instance().setPermissions(perms, testFile);
PentahoBasicAclVoter voter = new PentahoBasicAclVoter();
assertTrue(
voter.hasAccess(
PentahoSessionHolder.getSession(),
testFile,
IPentahoAclEntry.PERM_EXECUTE));
assertTrue(
voter.hasAccess(
PentahoSessionHolder.getSession(),
testFile,
IPentahoAclEntry.PERM_SUBSCRIBE));
assertTrue(
voter.hasAccess(
PentahoSessionHolder.getSession(),
testFile,
IPentahoAclEntry.PERM_ADMINISTRATION));
PentahoAclEntry entry =
voter.getEffectiveAcl(PentahoSessionHolder.getSession(), testFile);
assertNotNull(entry);
assertEquals(entry.printPermissionsBlock(), "XSCUDP"); // $NON-NLS-1$
return null;
}
});
}
private String getDatasourcesXml() {
final Callable<String> call =
new Callable<String>() {
public String call() throws Exception {
return generateInMemoryDatasourcesXml();
}
};
try {
if (isSecurityEnabled()) {
return SecurityHelper.getInstance().runAsSystem(call);
} else {
return call.call();
}
} catch (Exception e) {
throw new IOlapServiceException(e);
}
}
@Test
public void testReadRolesInPlatform() throws Exception {
SecurityHelper.getInstance()
.runAsUser(
"admin",
new Callable<Void>() {
@Override
public Void call() throws Exception {
Authentication auth = SecurityHelper.getInstance().getAuthentication();
Assert.assertNotNull(auth);
GrantedAuthority[] gAuths = auth.getAuthorities();
Assert.assertNotNull(gAuths);
Assert.assertEquals(3, gAuths.length);
Assert.assertEquals("ceo", gAuths[0].getAuthority());
Assert.assertEquals("Admin", gAuths[1].getAuthority());
Assert.assertEquals("Authenticated", gAuths[2].getAuthority());
return null;
}
});
}
@Test
public void testNoMatchMondrianUserSessionUserRoleListMapper() throws Exception {
final MondrianUserSessionUserRoleListMapper mapper =
new MondrianUserSessionUserRoleListMapper();
mapper.setSessionProperty("rolesAttribute");
try {
String[] roles =
SecurityHelper.getInstance()
.runAsUser(
"admin",
new Callable<String[]>() {
@Override
public String[] call() throws Exception {
return mapper.mapConnectionRoles(
PentahoSessionHolder.getSession(), "SteelWheelsRoles");
}
});
Assert.assertNull(roles);
} catch (PentahoAccessControlException e) {
Assert.fail(e.getMessage());
}
}
/** Initializes the cache. Only the cache specific to the sesison's locale will be populated. */
protected void initCache(IPentahoSession session) {
final List<Catalog> cache = getCache(session);
final boolean needUpdate;
final Lock readLock = cacheLock.readLock();
try {
readLock.lock();
// Check if the cache is empty.
if (cache.size() == 0) {
needUpdate = true;
} else {
needUpdate = false;
}
} finally {
readLock.unlock();
}
if (needUpdate) {
final Lock writeLock = cacheLock.writeLock();
try {
writeLock.lock();
// First clear the cache
cache.clear();
final Callable<Void> call =
new Callable<Void>() {
public Void call() throws Exception {
// Now build the cache. Use the system session in the holder.
for (String name : getHelper().getHostedCatalogs()) {
try {
addCatalogToCache(PentahoSessionHolder.getSession(), name);
} catch (Throwable t) {
LOG.error("Failed to initialize the cache for OLAP connection " + name, t);
}
}
for (String name : getHelper().getOlap4jServers()) {
try {
addCatalogToCache(PentahoSessionHolder.getSession(), name);
} catch (Throwable t) {
LOG.error("Failed to initialize the cache for OLAP connection " + name, t);
}
}
return null;
}
};
if (isSecurityEnabled()) {
SecurityHelper.getInstance().runAsSystem(call);
} else {
call.call();
}
// Sort it all.
Collections.sort(
cache,
new Comparator<IOlapService.Catalog>() {
public int compare(Catalog o1, Catalog o2) {
return o1.name.compareTo(o2.name);
}
});
} catch (Throwable t) {
LOG.error("Failed to initialize the connection cache", t);
throw new IOlapServiceException(t);
} finally {
writeLock.unlock();
}
}
}