public void testAuthorization() throws Exception {
    SecuritySystem security = lookup(SecuritySystem.class);
    security.start();

    // LDAP user
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());

    Assert.assertTrue(security.hasRole(principals, "developer"));
    Assert.assertFalse(security.hasRole(principals, "JUNK"));

    // xml user
    principals = new SimplePrincipalCollection();
    // users must be from the correct realm now!
    principals.add("deployment", new XmlAuthenticatingRealm().getName());

    Assert.assertTrue(security.hasRole(principals, "deployment"));
    Assert.assertFalse(security.hasRole(principals, "JUNK"));
  }
  public void testAuthorizationPriv() throws Exception {
    SecuritySystem security = lookup(SecuritySystem.class);
    security.start();

    // LDAP
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());

    Assert.assertTrue(security.isPermitted(principals, "security:usersforgotpw:create"));
    Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:delete"));

    // XML
    principals = new SimplePrincipalCollection();
    principals.add("test-user", new XmlAuthenticatingRealm().getName());

    Assert.assertTrue(security.isPermitted(principals, "security:usersforgotpw:create"));
    Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:delete"));

    Assert.assertTrue(security.isPermitted(principals, "nexus:target:1:*:delete"));
  }
  @Test
  public void testAuthorizationPriv() throws Exception {
    SecuritySystem security = lookup(SecuritySystem.class);
    security.start();

    // LDAP
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());

    // if realm is not configured, the user should not be able to be authorized
    Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:create"));

    // XML
    principals = new SimplePrincipalCollection();
    // TODO: bdemers or dbradicich, this "fix" is wrong, it relies on imple details!
    // was: principals.add( "test-user", new XmlAuthenticatingRealm().getName() );
    principals.add("test-user", XmlAuthenticatingRealm.ROLE);

    Assert.assertTrue(security.isPermitted(principals, "security:usersforgotpw:create"));
    Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:delete"));

    Assert.assertTrue(security.isPermitted(principals, "nexus:target:1:*:delete"));
  }
  @Test
  public void testAuthorization() throws Exception {

    SecuritySystem security = lookup(SecuritySystem.class);
    security.start();

    // LDAP should fail
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());

    // if realm is not configured, the user should not be able to be authorized
    Assert.assertFalse(security.hasRole(principals, "nx-developer"));
    Assert.assertFalse(security.hasRole(principals, "JUNK"));

    // xml user
    principals = new SimplePrincipalCollection();
    // TODO: bdemers or dbradicich, this "fix" is wrong, it relies on imple details!
    // was: principals.add( "deployment", new XmlAuthenticatingRealm().getName() );
    principals.add("deployment", XmlAuthenticatingRealm.ROLE);

    Assert.assertTrue(security.hasRole(principals, "nx-deployment"));
    Assert.assertFalse(security.hasRole(principals, "JUNK"));
  }
Example #5
0
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {
    User user = (User) token.getPrincipal();

    if (user == null) {
      throw new UnknownAccountException(
          ConstantsUtility.ERROR_MESSAGES.getString("userDoesNotExist"));
    } else if (!user.isActive()) {
      throw new LockedAccountException(ConstantsUtility.ERROR_MESSAGES.getString("userInactive"));
    } else if (user.isLocked()) {
      throw new LockedAccountException(ConstantsUtility.ERROR_MESSAGES.getString("userLocked"));
    }

    SimplePrincipalCollection principles = new SimplePrincipalCollection();
    principles.add(user, ConstantsUtility.OAUTH_REALM_NAME);
    return new SimpleAuthenticationInfo(principles, token.getCredentials());
  }
 public IkanowV1AuthenticationInfo(AuthenticationBean ab) {
   this.authenticationBean = ab;
   String realmName = IkanowV1Realm.class.getSimpleName();
   this.principalCollection = new SimplePrincipalCollection(ab.getProfileId(), realmName);
   principalCollection.add(ab.get_id(), realmName);
 }
Example #7
0
 public void removeUserAuthorizationInfoCache(String username) {
   SimplePrincipalCollection pc = new SimplePrincipalCollection();
   pc.add(username, super.getName());
   super.clearCachedAuthorizationInfo(pc);
 }
Example #8
0
  private boolean doesUserHaveAllRoles(String username, String... roles) {
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add(username, this.realm.getName());

    return this.realm.hasAllRoles(principals, Arrays.asList(roles));
  }