@Test
  public void testMondrianOneToOneUserRoleListMapper() throws Exception {
    final IConnectionUserRoleMapper mapper = new MondrianOneToOneUserRoleListMapper();
    try {
      String[] roles =
          SecurityHelper.getInstance()
              .runAsUser(
                  "simplebob",
                  new Callable<String[]>() {
                    @Override
                    public String[] call() throws Exception {
                      return mapper.mapConnectionRoles(
                          PentahoSessionHolder.getSession(), "SteelWheelsRoles");
                    }
                  });

      Assert.assertNotNull(roles);
      Assert.assertEquals(2, roles.length);
      Assert.assertEquals("Role1", roles[0]);
      Assert.assertEquals("Role2", roles[1]);

    } catch (PentahoAccessControlException e) {
      Assert.fail(e.getMessage());
    }
  }
  /**
   * Logs in with given username.
   *
   * @param username username of user
   * @param tenantId tenant to which this user belongs
   * @tenantAdmin true to add the tenant admin authority to the user's roles
   */
  protected void login(final String username, final ITenant tenant, String[] roles) {
    StandaloneSession pentahoSession =
        new StandaloneSession(tenantedUserNameUtils.getPrincipleId(tenant, username));
    pentahoSession.setAuthenticated(
        tenant.getId(), tenantedUserNameUtils.getPrincipleId(tenant, username));
    PentahoSessionHolder.setSession(pentahoSession);
    pentahoSession.setAttribute(IPentahoSession.TENANT_ID_KEY, tenant.getId());
    final String password = "******";

    List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>();

    for (String roleName : roles) {
      authList.add(
          new GrantedAuthorityImpl(tenantedRoleNameUtils.getPrincipleId(tenant, roleName)));
    }
    GrantedAuthority[] authorities = authList.toArray(new GrantedAuthority[0]);
    UserDetails userDetails = new User(username, password, true, true, true, true, authorities);
    Authentication auth =
        new UsernamePasswordAuthenticationToken(userDetails, password, authorities);
    PentahoSessionHolder.setSession(pentahoSession);
    // this line necessary for Spring Security's MethodSecurityInterceptor
    SecurityContextHolder.getContext().setAuthentication(auth);
    SecurityHelper.getInstance().becomeUser(tenantedUserNameUtils.getPrincipleId(tenant, username));
    SecurityContextHolder.getContext().setAuthentication(auth);
  }
  @Test
  public void testLookupMapUserRoleListMapper() throws Exception {
    Map<String, String> lookup = new HashMap<String, String>();
    lookup.put("ceo", "Role1");
    lookup.put("Not Pentaho", "Role2");
    lookup.put("Not Mondrian or Pentaho", "Role3");

    final MondrianLookupMapUserRoleListMapper mapper = new MondrianLookupMapUserRoleListMapper();
    mapper.setLookupMap(lookup);

    try {
      String[] roles =
          SecurityHelper.getInstance()
              .runAsUser(
                  "admin",
                  new Callable<String[]>() {
                    @Override
                    public String[] call() throws Exception {
                      return mapper.mapConnectionRoles(
                          PentahoSessionHolder.getSession(), "SteelWheelsRoles");
                    }
                  });
      Assert.assertNotNull(roles);
      Assert.assertEquals(1, roles.length);
      Assert.assertEquals("Role1", roles[0]);
    } catch (PentahoAccessControlException e) {
      Assert.fail(e.getMessage());
    }
  }
  @Test
  public void testMondrianUserSessionUserRoleListMapper() throws Exception {
    final MondrianUserSessionUserRoleListMapper mapper =
        new MondrianUserSessionUserRoleListMapper();
    mapper.setSessionProperty("rolesAttribute");

    try {
      String[] roles =
          SecurityHelper.getInstance()
              .runAsUser(
                  "admin",
                  new Callable<String[]>() {
                    @Override
                    public String[] call() throws Exception {
                      IPentahoSession session = PentahoSessionHolder.getSession();
                      session.setAttribute(
                          "rolesAttribute",
                          new Object[] {"mondrianRole1", "mondrianRole2", "mondrianRole3"});
                      return mapper.mapConnectionRoles(session, "SteelWheelsRoles");
                    }
                  });

      Assert.assertNotNull(roles);
      Assert.assertEquals(3, roles.length);
      Assert.assertEquals("mondrianRole1", roles[0]);
      Assert.assertEquals("mondrianRole2", roles[1]);
      Assert.assertEquals("mondrianRole3", roles[2]);
    } catch (PentahoAccessControlException e) {
      Assert.fail(e.getMessage());
    }
  }
  @Test
  public void testReadRolesInSchema() throws Exception {
    final MondrianCatalogHelper helper =
        (MondrianCatalogHelper) PentahoSystem.get(IMondrianCatalogService.class);
    Assert.assertNotNull(helper);
    MondrianCatalog mc =
        SecurityHelper.getInstance()
            .runAsUser(
                "admin",
                new Callable<MondrianCatalog>() {
                  @Override
                  public MondrianCatalog call() throws Exception {
                    return helper.getCatalog("SteelWheelsRoles", PentahoSessionHolder.getSession());
                  }
                });

    Assert.assertNotNull(mc);
    MondrianSchema ms = mc.getSchema();
    Assert.assertNotNull(ms);
    String[] roleNames = ms.getRoleNames();
    Assert.assertNotNull(roleNames);
    Assert.assertEquals(2, roleNames.length);
    Assert.assertEquals("Role1", roleNames[0]);
    Assert.assertEquals("Role2", roleNames[1]);
  }
 /**
  * Returns whether the current user is an administrator
  *
  * @return "true" or "false"
  */
 @GET
 @Path("/isAdministrator")
 public Response isAdministrator() {
   return Response.ok(
           "" + (SecurityHelper.getInstance().isPentahoAdministrator(getPentahoSession())))
       .build();
 }
  @Test
  public void testNoMatchLookupMapUserRoleListMapper() throws Exception {
    Map<String, String> lookup = new HashMap<String, String>();
    lookup.put("No Match", "Role1");
    lookup.put("No Match Here Either", "Role2");

    final MondrianLookupMapUserRoleListMapper mapper = new MondrianLookupMapUserRoleListMapper();
    mapper.setLookupMap(lookup);

    mapper.setFailOnEmptyRoleList(true);
    try {
      SecurityHelper.getInstance()
          .runAsUser(
              "admin",
              new Callable<String[]>() {
                @Override
                public String[] call() throws Exception {
                  return mapper.mapConnectionRoles(
                      PentahoSessionHolder.getSession(), "SteelWheelsRoles");
                }
              });
      Assert.fail();
    } catch (PentahoAccessControlException e) {
      // no op.
    }

    mapper.setFailOnEmptyRoleList(false);

    try {
      String[] roles =
          SecurityHelper.getInstance()
              .runAsUser(
                  "admin",
                  new Callable<String[]>() {
                    @Override
                    public String[] call() throws Exception {
                      return mapper.mapConnectionRoles(
                          PentahoSessionHolder.getSession(), "SteelWheelsRoles");
                    }
                  });
      Assert.assertNull(roles);
    } catch (PentahoAccessControlException e) {
      Assert.fail(e.getMessage());
    }
  }
 private String generateInMemoryDatasourcesXml() {
   try {
     return SecurityHelper.getInstance()
         .runAsSystem(
             new Callable<String>() {
               public String call() throws Exception {
                 return mondrianCatalogService.generateInMemoryDatasourcesXml(repo);
               }
             });
   } catch (Exception e) {
     PentahoXmlaServlet.logger.error(e);
     throw new RuntimeException(e);
   }
 }
 @Test
 public void testNoMatchMondrianOneToOneUserRoleListMapper() throws Exception {
   final MondrianOneToOneUserRoleListMapper mapper = new MondrianOneToOneUserRoleListMapper();
   mapper.setFailOnEmptyRoleList(true);
   try {
     SecurityHelper.getInstance()
         .runAsUser(
             "admin",
             new Callable<String[]>() {
               @Override
               public String[] call() throws Exception {
                 return mapper.mapConnectionRoles(
                     PentahoSessionHolder.getSession(), "SteelWheelsRoles");
               }
             });
     Assert.fail();
   } catch (PentahoAccessControlException e) {
     // No op.
   }
   mapper.setFailOnEmptyRoleList(false);
   try {
     String[] roles =
         SecurityHelper.getInstance()
             .runAsUser(
                 "simplebob",
                 new Callable<String[]>() {
                   @Override
                   public String[] call() throws Exception {
                     return mapper.mapConnectionRoles(
                         PentahoSessionHolder.getSession(), "SteelWheelsRoles");
                   }
                 });
     Assert.assertArrayEquals(new String[] {"Role1", "Role2"}, roles);
   } catch (PentahoAccessControlException e) {
     Assert.fail(e.getMessage());
   }
 }
Ejemplo n.º 10
0
  @SuppressWarnings("deprecation")
  public void testVoter() throws Exception {
    SecurityHelper.getInstance()
        .runAsUser(
            "suzy",
            new Callable<Void>() {

              @Override
              public Void call() throws Exception {
                RepositoryFile testFile =
                    new RepositoryFile("Test Folder", null, null); // $NON-NLS-1$
                Map<IPermissionRecipient, IPermissionMask> perms =
                    new LinkedHashMap<IPermissionRecipient, IPermissionMask>();
                perms.put(
                    new SimpleUser("suzy"),
                    new SimplePermissionMask(IPentahoAclEntry.PERM_EXECUTE));
                perms.put(
                    new SimpleRole("ROLE_CTO"),
                    new SimplePermissionMask(IPentahoAclEntry.PERM_SUBSCRIBE));
                perms.put(
                    new SimpleRole("ROLE_IS"),
                    new SimplePermissionMask(IPentahoAclEntry.PERM_ADMINISTRATION));
                SpringSecurityPermissionMgr.instance().setPermissions(perms, testFile);
                PentahoBasicAclVoter voter = new PentahoBasicAclVoter();
                assertTrue(
                    voter.hasAccess(
                        PentahoSessionHolder.getSession(),
                        testFile,
                        IPentahoAclEntry.PERM_EXECUTE));
                assertTrue(
                    voter.hasAccess(
                        PentahoSessionHolder.getSession(),
                        testFile,
                        IPentahoAclEntry.PERM_SUBSCRIBE));
                assertTrue(
                    voter.hasAccess(
                        PentahoSessionHolder.getSession(),
                        testFile,
                        IPentahoAclEntry.PERM_ADMINISTRATION));
                PentahoAclEntry entry =
                    voter.getEffectiveAcl(PentahoSessionHolder.getSession(), testFile);
                assertNotNull(entry);
                assertEquals(entry.printPermissionsBlock(), "XSCUDP"); // $NON-NLS-1$
                return null;
              }
            });
  }
Ejemplo n.º 11
0
 private String getDatasourcesXml() {
   final Callable<String> call =
       new Callable<String>() {
         public String call() throws Exception {
           return generateInMemoryDatasourcesXml();
         }
       };
   try {
     if (isSecurityEnabled()) {
       return SecurityHelper.getInstance().runAsSystem(call);
     } else {
       return call.call();
     }
   } catch (Exception e) {
     throw new IOlapServiceException(e);
   }
 }
 @Test
 public void testReadRolesInPlatform() throws Exception {
   SecurityHelper.getInstance()
       .runAsUser(
           "admin",
           new Callable<Void>() {
             @Override
             public Void call() throws Exception {
               Authentication auth = SecurityHelper.getInstance().getAuthentication();
               Assert.assertNotNull(auth);
               GrantedAuthority[] gAuths = auth.getAuthorities();
               Assert.assertNotNull(gAuths);
               Assert.assertEquals(3, gAuths.length);
               Assert.assertEquals("ceo", gAuths[0].getAuthority());
               Assert.assertEquals("Admin", gAuths[1].getAuthority());
               Assert.assertEquals("Authenticated", gAuths[2].getAuthority());
               return null;
             }
           });
 }
  @Test
  public void testNoMatchMondrianUserSessionUserRoleListMapper() throws Exception {
    final MondrianUserSessionUserRoleListMapper mapper =
        new MondrianUserSessionUserRoleListMapper();
    mapper.setSessionProperty("rolesAttribute");

    try {
      String[] roles =
          SecurityHelper.getInstance()
              .runAsUser(
                  "admin",
                  new Callable<String[]>() {
                    @Override
                    public String[] call() throws Exception {
                      return mapper.mapConnectionRoles(
                          PentahoSessionHolder.getSession(), "SteelWheelsRoles");
                    }
                  });

      Assert.assertNull(roles);
    } catch (PentahoAccessControlException e) {
      Assert.fail(e.getMessage());
    }
  }
Ejemplo n.º 14
0
  /** Initializes the cache. Only the cache specific to the sesison's locale will be populated. */
  protected void initCache(IPentahoSession session) {

    final List<Catalog> cache = getCache(session);

    final boolean needUpdate;
    final Lock readLock = cacheLock.readLock();

    try {
      readLock.lock();
      // Check if the cache is empty.
      if (cache.size() == 0) {
        needUpdate = true;
      } else {
        needUpdate = false;
      }
    } finally {
      readLock.unlock();
    }

    if (needUpdate) {
      final Lock writeLock = cacheLock.writeLock();
      try {
        writeLock.lock();

        // First clear the cache
        cache.clear();

        final Callable<Void> call =
            new Callable<Void>() {
              public Void call() throws Exception {
                // Now build the cache. Use the system session in the holder.
                for (String name : getHelper().getHostedCatalogs()) {
                  try {
                    addCatalogToCache(PentahoSessionHolder.getSession(), name);
                  } catch (Throwable t) {
                    LOG.error("Failed to initialize the cache for OLAP connection " + name, t);
                  }
                }
                for (String name : getHelper().getOlap4jServers()) {
                  try {
                    addCatalogToCache(PentahoSessionHolder.getSession(), name);
                  } catch (Throwable t) {
                    LOG.error("Failed to initialize the cache for OLAP connection " + name, t);
                  }
                }
                return null;
              }
            };

        if (isSecurityEnabled()) {
          SecurityHelper.getInstance().runAsSystem(call);
        } else {
          call.call();
        }

        // Sort it all.
        Collections.sort(
            cache,
            new Comparator<IOlapService.Catalog>() {
              public int compare(Catalog o1, Catalog o2) {
                return o1.name.compareTo(o2.name);
              }
            });

      } catch (Throwable t) {

        LOG.error("Failed to initialize the connection cache", t);

        throw new IOlapServiceException(t);

      } finally {
        writeLock.unlock();
      }
    }
  }