Exemple #1
0
  /**
   * Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user
   * : id + attributes).
   *
   * @param principals the primary identifying principals of the AuthorizationInfo that should be
   *     retrieved.
   * @return the AuthorizationInfo associated with this principals.
   */
  @Override
  @SuppressWarnings("unchecked")
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    // retrieve user information
    SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
    String userName = (String) principalCollection.getPrimaryPrincipal();
    User user = getUserRepository().getByName(userName);
    Set<String> roles = user.getRolesName();
    Set<String> permissions = user.getPermissions();

    List<Object> listPrincipals = principalCollection.asList();
    Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
    // create simple authorization info
    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    // add default roles
    simpleAuthorizationInfo.addRoles(roles);
    // add default permissions
    simpleAuthorizationInfo.addStringPermissions(permissions);
    // get roles from attributes
    List<String> attributeNames = split(roleAttributeNames);
    for (String attributeName : attributeNames) {
      String value = attributes.get(attributeName);
      addRoles(simpleAuthorizationInfo, split(value));
    }
    // get permissions from attributes
    attributeNames = split(permissionAttributeNames);
    for (String attributeName : attributeNames) {
      String value = attributes.get(attributeName);
      addPermissions(simpleAuthorizationInfo, split(value));
    }
    return simpleAuthorizationInfo;
  }
    @Override
    @SuppressWarnings("unchecked")
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
      logger.trace("resolve authorization info");
      // retrieve user information
      SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
      List<Object> listPrincipals = principalCollection.asList();
      Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
      // create simple authorization info
      SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
      // add default roles
      addRoles(simpleAuthorizationInfo, split(getDefaultRoles()));
      // add default permissions
      addPermissions(simpleAuthorizationInfo, split(getDefaultPermissions()));
      // get roles from attributes
      List<String> attributeNames = split(getRoleAttributeNames());
      for (String attributeName : attributeNames) {
        final Object value = attributes.get(attributeName);
        if (value instanceof Collection<?>) {
          for (final Object valueEntry : (Collection<?>) value) {
            addRoles(simpleAuthorizationInfo, split((String) valueEntry));
          }
        } else {
          addRoles(simpleAuthorizationInfo, split((String) value));
        }
      }
      // get permissions from attributes
      attributeNames = split(getPermissionAttributeNames());
      for (String attributeName : attributeNames) {
        final Object value = attributes.get(attributeName);
        if (value instanceof Collection<?>) {
          for (final Object valueEntry : (Collection<?>) value) {
            addPermissions(simpleAuthorizationInfo, split((String) valueEntry));
          }
        } else {
          addPermissions(simpleAuthorizationInfo, split((String) value));
        }
      }

      if (simpleAuthorizationInfo.getRoles() != null
          && simpleAuthorizationInfo.getRoles().contains(configuration.getAdministratorRole())) {
        simpleAuthorizationInfo.addRole(Roles.ADMINISTRATOR);
      }

      return simpleAuthorizationInfo;
    }
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {
    User user = (User) token.getPrincipal();

    if (user == null) {
      throw new UnknownAccountException(
          ConstantsUtility.ERROR_MESSAGES.getString("userDoesNotExist"));
    } else if (!user.isActive()) {
      throw new LockedAccountException(ConstantsUtility.ERROR_MESSAGES.getString("userInactive"));
    } else if (user.isLocked()) {
      throw new LockedAccountException(ConstantsUtility.ERROR_MESSAGES.getString("userLocked"));
    }

    SimplePrincipalCollection principles = new SimplePrincipalCollection();
    principles.add(user, ConstantsUtility.OAUTH_REALM_NAME);
    return new SimpleAuthenticationInfo(principles, token.getCredentials());
  }
  public void testAuthorization() throws Exception {
    SecuritySystem security = lookup(SecuritySystem.class);
    security.start();

    // LDAP user
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());

    Assert.assertTrue(security.hasRole(principals, "developer"));
    Assert.assertFalse(security.hasRole(principals, "JUNK"));

    // xml user
    principals = new SimplePrincipalCollection();
    // users must be from the correct realm now!
    principals.add("deployment", new XmlAuthenticatingRealm().getName());

    Assert.assertTrue(security.hasRole(principals, "deployment"));
    Assert.assertFalse(security.hasRole(principals, "JUNK"));
  }
  public void testAuthorizationPriv() throws Exception {
    SecuritySystem security = lookup(SecuritySystem.class);
    security.start();

    // LDAP
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());

    Assert.assertTrue(security.isPermitted(principals, "security:usersforgotpw:create"));
    Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:delete"));

    // XML
    principals = new SimplePrincipalCollection();
    principals.add("test-user", new XmlAuthenticatingRealm().getName());

    Assert.assertTrue(security.isPermitted(principals, "security:usersforgotpw:create"));
    Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:delete"));

    Assert.assertTrue(security.isPermitted(principals, "nexus:target:1:*:delete"));
  }
Exemple #6
0
  /**
   * Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user
   * : id + attributes).
   *
   * @param principals the primary identifying principals of the AuthorizationInfo that should be
   *     retrieved.
   * @return the AuthorizationInfo associated with this principals.
   */
  @Override
  @SuppressWarnings("unchecked")
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    // retrieve user information
    SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
    List<Object> listPrincipals = principalCollection.asList();
    Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
    // create simple authorization info
    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    // add default roles
    addRoles(simpleAuthorizationInfo, split(defaultRoles));

    /* // add default permissions
    addPermissions(simpleAuthorizationInfo, split(defaultPermissions));
    // get roles from attributes
    List<String> attributeNames = split(roleAttributeNames);
    for (String attributeName : attributeNames) {
        String value = attributes.get(attributeName);
        addRoles(simpleAuthorizationInfo, split(value));
    }
    // get permissions from attributes
    attributeNames = split(permissionAttributeNames);
    for (String attributeName : attributeNames) {
        String value = attributes.get(attributeName);
        addPermissions(simpleAuthorizationInfo, split(value));
    }*/

    User user = User.findUserByUsername(attributes.get("username"));
    if (user == null) {
      throw new UnknownAccountException("没有该用户");
    }
    Set<Role> roleSet = user.getRoles();
    List<String> roleList = new ArrayList<String>();
    for (Role role : roleSet) {
      log.info("role:" + role.getName());
      roleList.add(role.getName());
    }
    addRoles(simpleAuthorizationInfo, roleList);
    return simpleAuthorizationInfo;
  }
  /**
   * Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user
   * : id + attributes).
   *
   * @param principals the primary identifying principals of the AuthorizationInfo that should be
   *     retrieved.
   * @return the AuthorizationInfo associated with this principals.
   */
  @Override
  @SuppressWarnings("unchecked")
  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
    // retrieve user information
    SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
    List<Object> listPrincipals = principalCollection.asList();
    Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
    String authorityStr = attributes.get("authority");
    SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
    try {
      String username = URLDecoder.decode(attributes.get("username"), "UTF-8");
      if ("admin".equals(username)) {
        simpleAuthorizationInfo.addRole("admin");
      }
      if (authorityStr != null) {
        ObjectMapper objectMapper = new ObjectMapper();
        authorityStr = java.net.URLDecoder.decode(authorityStr, "UTF-8").replace("&#034;", "\"");
        List<Map<String, Object>> authorityList = objectMapper.readValue(authorityStr, List.class);
        for (Map<String, Object> auth : authorityList) {
          String appCode = auth.get("appCode").toString();
          if (simpleAuthorizationInfo.getRoles() == null) {
            simpleAuthorizationInfo.addRole(appCode);
          } else if (!simpleAuthorizationInfo.getRoles().contains(appCode)) {
            simpleAuthorizationInfo.addRole(appCode);
          }

          simpleAuthorizationInfo.addStringPermission(appCode + ":" + auth.get("url").toString());
          //						simpleAuthorizationInfo.addRole(auth.get("role").toString());
        }
      }
    } catch (JsonParseException e) {
      e.printStackTrace();
    } catch (JsonMappingException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    }
    return simpleAuthorizationInfo;
  }
  @Test
  public void testAuthorizationPriv() throws Exception {
    SecuritySystem security = lookup(SecuritySystem.class);
    security.start();

    // LDAP
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());

    // if realm is not configured, the user should not be able to be authorized
    Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:create"));

    // XML
    principals = new SimplePrincipalCollection();
    // TODO: bdemers or dbradicich, this "fix" is wrong, it relies on imple details!
    // was: principals.add( "test-user", new XmlAuthenticatingRealm().getName() );
    principals.add("test-user", XmlAuthenticatingRealm.ROLE);

    Assert.assertTrue(security.isPermitted(principals, "security:usersforgotpw:create"));
    Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:delete"));

    Assert.assertTrue(security.isPermitted(principals, "nexus:target:1:*:delete"));
  }
  @Test
  public void testAuthorization() throws Exception {

    SecuritySystem security = lookup(SecuritySystem.class);
    security.start();

    // LDAP should fail
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());

    // if realm is not configured, the user should not be able to be authorized
    Assert.assertFalse(security.hasRole(principals, "nx-developer"));
    Assert.assertFalse(security.hasRole(principals, "JUNK"));

    // xml user
    principals = new SimplePrincipalCollection();
    // TODO: bdemers or dbradicich, this "fix" is wrong, it relies on imple details!
    // was: principals.add( "deployment", new XmlAuthenticatingRealm().getName() );
    principals.add("deployment", XmlAuthenticatingRealm.ROLE);

    Assert.assertTrue(security.hasRole(principals, "nx-deployment"));
    Assert.assertFalse(security.hasRole(principals, "JUNK"));
  }
 public IkanowV1AuthenticationInfo(AuthenticationBean ab) {
   this.authenticationBean = ab;
   String realmName = IkanowV1Realm.class.getSimpleName();
   this.principalCollection = new SimplePrincipalCollection(ab.getProfileId(), realmName);
   principalCollection.add(ab.get_id(), realmName);
 }
 public void removeUserAuthorizationInfoCache(String username) {
   SimplePrincipalCollection pc = new SimplePrincipalCollection();
   pc.add(username, super.getName());
   super.clearCachedAuthorizationInfo(pc);
 }
  private boolean doesUserHaveAllRoles(String username, String... roles) {
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    principals.add(username, this.realm.getName());

    return this.realm.hasAllRoles(principals, Arrays.asList(roles));
  }