コード例 #1
0
 @Before
 public void setUp() throws Exception {
   admin =
       (TestX509CertificateAuthenticationToken)
           simpleAuthenticationProvider.authenticate(new AuthenticationSubject(null, null));
   RoleData role = roleManagementSessionRemote.create(internalAdmin, ROLENAME);
   Collection<AccessUserAspectData> subjects = new LinkedList<AccessUserAspectData>();
   subjects.add(
       new AccessUserAspectData(
           ROLENAME,
           CertTools.getIssuerDN(admin.getCertificate()).hashCode(),
           X500PrincipalAccessMatchValue.WITH_COMMONNAME,
           AccessMatchType.TYPE_EQUALCASEINS,
           CertTools.getPartFromDN(SimpleAuthenticationProviderSessionRemote.DEFAULT_DN, "CN")));
   role = roleManagementSessionRemote.addSubjectsToRole(internalAdmin, role, subjects);
   Collection<AccessRuleData> accessRules = new LinkedList<AccessRuleData>();
   accessRules.add(
       new AccessRuleData(
           ROLENAME, AccessRulesConstants.ROLE_ADMINISTRATOR, AccessRuleState.RULE_ACCEPT, false));
   accessRules.add(
       new AccessRuleData(
           ROLENAME,
           AccessRulesConstants.REGULAR_EDITUSERDATASOURCES,
           AccessRuleState.RULE_ACCEPT,
           false));
   accessRules.add(
       new AccessRuleData(
           ROLENAME,
           AccessRulesConstants.USERDATASOURCEPREFIX
               + Integer.valueOf(
                   userDataSourceSession.getUserDataSourceId(admin, "TESTNEWDUMMYCUSTOM"))
               + AccessRulesConstants.UDS_FETCH_RIGHTS,
           AccessRuleState.RULE_ACCEPT,
           false));
   role = roleManagementSessionRemote.addAccessRulesToRole(internalAdmin, role, accessRules);
 }
コード例 #2
0
  @Test
  public void testIsAuthorizedToUserDataSource() throws Exception {
    final String rolename = "testIsAuthorizedToUserDataSource";
    Set<Principal> principals = new HashSet<Principal>();
    principals.add(new X500Principal("CN=" + rolename));
    TestX509CertificateAuthenticationToken adminNoAuth =
        (TestX509CertificateAuthenticationToken)
            simpleAuthenticationProvider.authenticate(new AuthenticationSubject(principals, null));

    final int caid = CertTools.getIssuerDN(admin.getCertificate()).hashCode();
    final String cN = CertTools.getPartFromDN(CertTools.getIssuerDN(admin.getCertificate()), "CN");
    RoleData role = roleManagementSessionRemote.create(internalAdmin, rolename);
    final String alias = "spacemonkeys";
    try {
      Collection<AccessUserAspectData> subjects = new ArrayList<AccessUserAspectData>();
      subjects.add(
          new AccessUserAspectData(
              rolename,
              caid,
              X500PrincipalAccessMatchValue.WITH_COMMONNAME,
              AccessMatchType.TYPE_EQUALCASE,
              cN));
      role = roleManagementSessionRemote.addSubjectsToRole(internalAdmin, role, subjects);
      Collection<AccessRuleData> accessRules = new ArrayList<AccessRuleData>();
      // Not authorized to user data sources
      accessRules.add(
          new AccessRuleData(
              rolename,
              AccessRulesConstants.REGULAR_EDITENDENTITYPROFILES,
              AccessRuleState.RULE_ACCEPT,
              true));
      role = roleManagementSessionRemote.addAccessRulesToRole(internalAdmin, role, accessRules);

      CustomUserDataSourceContainer userdatasource = new CustomUserDataSourceContainer();
      userdatasource.setClassPath(
          "org.ejbca.core.model.ra.userdatasource.DummyCustomUserDataSource");
      userdatasource.setDescription("Used in Junit Test, Remove this one");

      // Test authorization to edit with an unauthorized admin
      try {
        userDataSourceSession.addUserDataSource(adminNoAuth, alias, userdatasource);
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
      }
      try {
        userDataSourceSession.changeUserDataSource(adminNoAuth, alias, userdatasource);
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
      }
      // Add so we can try to clone, remove and rename
      userDataSourceSession.addUserDataSource(internalAdmin, alias, userdatasource);
      try {
        userDataSourceSession.cloneUserDataSource(adminNoAuth, alias, "newmonkeys");
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source newmonkeys.", e.getMessage());
      }
      try {
        userDataSourceSession.removeUserDataSource(adminNoAuth, alias);
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
      }
      try {
        userDataSourceSession.renameUserDataSource(adminNoAuth, alias, "renamedmonkey");
        fail("admin should not have been authorized to edit user data source");
      } catch (AuthorizationDeniedException e) {
        assertEquals("Error, not authorized to user data source spacemonkeys.", e.getMessage());
      }

    } finally {
      userDataSourceSession.removeUserDataSource(internalAdmin, alias);
      roleManagementSessionRemote.remove(internalAdmin, rolename);
    }
  }