Example #1
0
  // test valid User, but invalid ip
  @Test
  public void testAuthenticateValidAuthButInvalidIp() throws Exception {
    UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();

    User dbuser = new User();
    dbuser.setLogin("bob");
    dbuser.setToken("smith");
    dbuser.setPermissions(Permission.LIST_ALL_JOBS);
    ArrayList<String> allowedIps = new ArrayList<String>();
    allowedIps.add("192.168.1.2");
    dbuser.setAllowedIpAddresses(allowedIps);
    dbuser = userDAO.insert(dbuser);

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("192.168.1.1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("bob:smith"));

    User u = auth.authenticate(request);
    assertTrue(u.getLogin() == null);
    assertTrue(u.getToken() == null);
    assertTrue(u.getPermissions() == Permission.NONE);
    assertTrue(u.getIpAddress().equals("192.168.1.1"));

    verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
  }
Example #2
0
  @Test
  public void
      testAuthenticateValidAuthInHeaderAndUserInDataStoreButNotAuthorizedToRunAsAnotherUser()
          throws Exception {
    UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();

    User dbuser = new User();
    dbuser.setLogin("bob");
    dbuser.setToken("smith");
    dbuser.setPermissions(Permission.LIST_ALL_JOBS);
    dbuser = userDAO.insert(dbuser);

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("192.168.1.1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("bob:smith"));
    when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe");

    try {
      auth.authenticate(request);
    } catch (Exception ex) {
      assertTrue(ex.getMessage().equals("User does not have permission to run as another user"));
    }
  }
Example #3
0
  @Test
  public void testAuthenticateValidAuthInHeaderAndUserInDataStore() throws Exception {
    UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();

    User dbuser = new User();
    dbuser.setLogin("bob");
    dbuser.setToken("smith");
    dbuser.setPermissions(Permission.LIST_ALL_JOBS);
    dbuser = userDAO.insert(dbuser);

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("192.168.1.1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("bob:smith"));

    User u = auth.authenticate(request);
    assertTrue(u != null);
    assertTrue(u.getLogin().equals("bob"));
    assertTrue(u.getToken().equals("smith"));
    assertTrue(u.getPermissions() == Permission.LIST_ALL_JOBS);
    assertTrue(u.getIpAddress().equals("192.168.1.1"));
    assertTrue(u.getId() == dbuser.getId().longValue());

    verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
  }
Example #4
0
 @Test
 public void testAuthenticateNullRequest() {
   try {
     AuthenticatorImpl auth = new AuthenticatorImpl();
     auth.authenticate(null);
     fail("Expected Exception cause request is null");
   } catch (Exception ex) {
     assertTrue(ex.getMessage().startsWith("Request is null"));
   }
 }
Example #5
0
  // test Authenticate invalid decode of authString no colon
  @Test
  public void testAuthenticateInvalidAuthNoColon() throws Exception {
    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("192.168.1.1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("ha"));
    User u = auth.authenticate(request);
    assertTrue(u != null);
    assertTrue(u.getPermissions() == Permission.NONE);
    assertTrue(u.getIpAddress().equals("192.168.1.1"));

    verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
  }
Example #6
0
  @Test
  public void testAuthenticateUserFromLocalipv6ip() throws Exception {

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("0:0:0:0:0:0:0:1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("bob:smith"));

    User u = auth.authenticate(request);
    assertTrue(u != null);
    assertTrue(u.getLogin().equals("bob"));
    assertTrue(u.getToken().equals("smith"));
    assertTrue(u.getPermissions() == Permission.ALL);
    assertTrue(u.getIpAddress().equals("0:0:0:0:0:0:0:1"));

    verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
  }
  /**
   * HTTP POST Request Handler
   *
   * @param request HTTP Request
   * @param response HTTP Response
   */
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    // Check CR Monitor
    if (waitUntilFirstRequest) {
      logger.debug("First request triggers CardRangeMonitor initialization.");
      AuthenticatorServlet.waitUntilFirstRequest = false;
      initCRMonitor();
    }

    // Initialize XML String
    String reqXmlStr = null;
    String resXmlStr = null;

    // Initialize IO Stream
    BufferedReader requestInputStream = null;
    OutputStreamWriter responseOutputStream = null;

    // Read the serialized XML request string from the input stream
    try {
      // Initial input stream
      requestInputStream = new BufferedReader(new InputStreamReader(request.getInputStream()));
      String reqStr = requestInputStream.readLine();
      String line;
      while ((line = requestInputStream.readLine()) != null) {
        reqStr += line;
      }
      reqXmlStr = URLDecoder.decode(reqStr);

      // Authenticate request
      resXmlStr = AuthenticatorImpl.authenticate(reqXmlStr);

      this.logger.debug("Response message received from Authenticator: " + resXmlStr);

      // Get output stream
      responseOutputStream = new OutputStreamWriter(response.getOutputStream());
      responseOutputStream.write(URLEncoder.encode(resXmlStr));
      responseOutputStream.flush();

    } catch (IOException ioe) {
      this.logger.error("Fail to read/write object from/to InputStream/OutputStream.", ioe);
      respondError(response, AuthenticatorCodes.IO_ERROR, AuthenticatorCodes.IO_ERROR_MSG);
    } catch (Exception e) {
      this.logger.error("Unexpected exception caught.", e);
      respondError(
          response, AuthenticatorCodes.UNEXPECTED_ERROR, AuthenticatorCodes.UNEXPECTED_ERROR_MSG);
    } finally {
      // Clean-up
      try {
        if (requestInputStream != null) requestInputStream.close();

        if (responseOutputStream != null) responseOutputStream.close();
      } catch (Exception e) {
        this.logger.error("Fail to close IO stream.", e);
      }
    }
  }
Example #8
0
  // test Authenticate null getHeader and no such user
  @Test
  public void testAuthenticateWithNullHeaderAndNoQueryParametersAndNullIp() throws Exception {

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getParameter(AuthenticatorImpl.AUTHORIZATION_HEADER)).thenReturn(null);
    when(request.getParameter(Constants.USER_LOGIN_PARAM)).thenReturn(null);
    when(request.getParameter(Constants.USER_TOKEN_PARAM)).thenReturn(null);
    when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn(null);

    User u = auth.authenticate(request);
    assertTrue(u != null);
    assertTrue(u.getPermissions() == Permission.NONE);
    assertTrue(u.getIpAddress() == null);

    verify(request).getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER);
    verify(request).getParameter(Constants.USER_LOGIN_PARAM);
    verify(request).getParameter(Constants.USER_TOKEN_PARAM);
    verify(request).getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM);
  }
Example #9
0
  @Test
  public void testAuthenticateValidAuthInHeaderAndUserInDataStoreWithRunAsPerm() throws Exception {
    UserObjectifyDAOImpl userDAO = new UserObjectifyDAOImpl();

    User dbuser = new User();
    dbuser.setLogin("bob");
    dbuser.setToken("smith");
    dbuser.setPermissions(Permission.LIST_ALL_JOBS | Permission.RUN_AS_ANOTHER_USER);
    dbuser = userDAO.insert(dbuser);

    AuthenticatorImpl auth = new AuthenticatorImpl();
    HttpServletRequest request = mock(HttpServletRequest.class);
    when(request.getRemoteAddr()).thenReturn("192.168.1.1");
    when(request.getHeader(AuthenticatorImpl.AUTHORIZATION_HEADER))
        .thenReturn("Basic " + encodeString("bob:smith"));
    when(request.getParameter(Constants.USER_LOGIN_TO_RUN_AS_PARAM)).thenReturn("joe");

    User u = auth.authenticate(request);
    assertTrue(u.getLogin().equals("bob"));
    assertTrue(u.getLoginToRunJobAs().equals("joe"));
  }