public void testAuthorization() throws Exception {
SecuritySystem security = lookup(SecuritySystem.class);
security.start();
// LDAP user
SimplePrincipalCollection principals = new SimplePrincipalCollection();
principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());
Assert.assertTrue(security.hasRole(principals, "developer"));
Assert.assertFalse(security.hasRole(principals, "JUNK"));
// xml user
principals = new SimplePrincipalCollection();
// users must be from the correct realm now!
principals.add("deployment", new XmlAuthenticatingRealm().getName());
Assert.assertTrue(security.hasRole(principals, "deployment"));
Assert.assertFalse(security.hasRole(principals, "JUNK"));
}
public void testAuthorizationPriv() throws Exception {
SecuritySystem security = lookup(SecuritySystem.class);
security.start();
// LDAP
SimplePrincipalCollection principals = new SimplePrincipalCollection();
principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());
Assert.assertTrue(security.isPermitted(principals, "security:usersforgotpw:create"));
Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:delete"));
// XML
principals = new SimplePrincipalCollection();
principals.add("test-user", new XmlAuthenticatingRealm().getName());
Assert.assertTrue(security.isPermitted(principals, "security:usersforgotpw:create"));
Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:delete"));
Assert.assertTrue(security.isPermitted(principals, "nexus:target:1:*:delete"));
}
@Test
public void testAuthorizationPriv() throws Exception {
SecuritySystem security = lookup(SecuritySystem.class);
security.start();
// LDAP
SimplePrincipalCollection principals = new SimplePrincipalCollection();
principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());
// if realm is not configured, the user should not be able to be authorized
Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:create"));
// XML
principals = new SimplePrincipalCollection();
// TODO: bdemers or dbradicich, this "fix" is wrong, it relies on imple details!
// was: principals.add( "test-user", new XmlAuthenticatingRealm().getName() );
principals.add("test-user", XmlAuthenticatingRealm.ROLE);
Assert.assertTrue(security.isPermitted(principals, "security:usersforgotpw:create"));
Assert.assertFalse(security.isPermitted(principals, "security:usersforgotpw:delete"));
Assert.assertTrue(security.isPermitted(principals, "nexus:target:1:*:delete"));
}
@Test
public void testAuthorization() throws Exception {
SecuritySystem security = lookup(SecuritySystem.class);
security.start();
// LDAP should fail
SimplePrincipalCollection principals = new SimplePrincipalCollection();
principals.add("cstamas", new NexusLdapAuthenticationRealm().getName());
// if realm is not configured, the user should not be able to be authorized
Assert.assertFalse(security.hasRole(principals, "nx-developer"));
Assert.assertFalse(security.hasRole(principals, "JUNK"));
// xml user
principals = new SimplePrincipalCollection();
// TODO: bdemers or dbradicich, this "fix" is wrong, it relies on imple details!
// was: principals.add( "deployment", new XmlAuthenticatingRealm().getName() );
principals.add("deployment", XmlAuthenticatingRealm.ROLE);
Assert.assertTrue(security.hasRole(principals, "nx-deployment"));
Assert.assertFalse(security.hasRole(principals, "JUNK"));
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
User user = (User) token.getPrincipal();
if (user == null) {
throw new UnknownAccountException(
ConstantsUtility.ERROR_MESSAGES.getString("userDoesNotExist"));
} else if (!user.isActive()) {
throw new LockedAccountException(ConstantsUtility.ERROR_MESSAGES.getString("userInactive"));
} else if (user.isLocked()) {
throw new LockedAccountException(ConstantsUtility.ERROR_MESSAGES.getString("userLocked"));
}
SimplePrincipalCollection principles = new SimplePrincipalCollection();
principles.add(user, ConstantsUtility.OAUTH_REALM_NAME);
return new SimpleAuthenticationInfo(principles, token.getCredentials());
}
public IkanowV1AuthenticationInfo(AuthenticationBean ab) {
this.authenticationBean = ab;
String realmName = IkanowV1Realm.class.getSimpleName();
this.principalCollection = new SimplePrincipalCollection(ab.getProfileId(), realmName);
principalCollection.add(ab.get_id(), realmName);
}
public void removeUserAuthorizationInfoCache(String username) {
SimplePrincipalCollection pc = new SimplePrincipalCollection();
pc.add(username, super.getName());
super.clearCachedAuthorizationInfo(pc);
}
private boolean doesUserHaveAllRoles(String username, String... roles) {
SimplePrincipalCollection principals = new SimplePrincipalCollection();
principals.add(username, this.realm.getName());
return this.realm.hasAllRoles(principals, Arrays.asList(roles));
}
