@Test public void testMondrianOneToOneUserRoleListMapper() throws Exception { final IConnectionUserRoleMapper mapper = new MondrianOneToOneUserRoleListMapper(); try { String[] roles = SecurityHelper.getInstance() .runAsUser( "simplebob", new Callable<String[]>() { @Override public String[] call() throws Exception { return mapper.mapConnectionRoles( PentahoSessionHolder.getSession(), "SteelWheelsRoles"); } }); Assert.assertNotNull(roles); Assert.assertEquals(2, roles.length); Assert.assertEquals("Role1", roles[0]); Assert.assertEquals("Role2", roles[1]); } catch (PentahoAccessControlException e) { Assert.fail(e.getMessage()); } }
/** * Logs in with given username. * * @param username username of user * @param tenantId tenant to which this user belongs * @tenantAdmin true to add the tenant admin authority to the user's roles */ protected void login(final String username, final ITenant tenant, String[] roles) { StandaloneSession pentahoSession = new StandaloneSession(tenantedUserNameUtils.getPrincipleId(tenant, username)); pentahoSession.setAuthenticated( tenant.getId(), tenantedUserNameUtils.getPrincipleId(tenant, username)); PentahoSessionHolder.setSession(pentahoSession); pentahoSession.setAttribute(IPentahoSession.TENANT_ID_KEY, tenant.getId()); final String password = "******"; List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>(); for (String roleName : roles) { authList.add( new GrantedAuthorityImpl(tenantedRoleNameUtils.getPrincipleId(tenant, roleName))); } GrantedAuthority[] authorities = authList.toArray(new GrantedAuthority[0]); UserDetails userDetails = new User(username, password, true, true, true, true, authorities); Authentication auth = new UsernamePasswordAuthenticationToken(userDetails, password, authorities); PentahoSessionHolder.setSession(pentahoSession); // this line necessary for Spring Security's MethodSecurityInterceptor SecurityContextHolder.getContext().setAuthentication(auth); SecurityHelper.getInstance().becomeUser(tenantedUserNameUtils.getPrincipleId(tenant, username)); SecurityContextHolder.getContext().setAuthentication(auth); }
@Test public void testLookupMapUserRoleListMapper() throws Exception { Map<String, String> lookup = new HashMap<String, String>(); lookup.put("ceo", "Role1"); lookup.put("Not Pentaho", "Role2"); lookup.put("Not Mondrian or Pentaho", "Role3"); final MondrianLookupMapUserRoleListMapper mapper = new MondrianLookupMapUserRoleListMapper(); mapper.setLookupMap(lookup); try { String[] roles = SecurityHelper.getInstance() .runAsUser( "admin", new Callable<String[]>() { @Override public String[] call() throws Exception { return mapper.mapConnectionRoles( PentahoSessionHolder.getSession(), "SteelWheelsRoles"); } }); Assert.assertNotNull(roles); Assert.assertEquals(1, roles.length); Assert.assertEquals("Role1", roles[0]); } catch (PentahoAccessControlException e) { Assert.fail(e.getMessage()); } }
@Test public void testMondrianUserSessionUserRoleListMapper() throws Exception { final MondrianUserSessionUserRoleListMapper mapper = new MondrianUserSessionUserRoleListMapper(); mapper.setSessionProperty("rolesAttribute"); try { String[] roles = SecurityHelper.getInstance() .runAsUser( "admin", new Callable<String[]>() { @Override public String[] call() throws Exception { IPentahoSession session = PentahoSessionHolder.getSession(); session.setAttribute( "rolesAttribute", new Object[] {"mondrianRole1", "mondrianRole2", "mondrianRole3"}); return mapper.mapConnectionRoles(session, "SteelWheelsRoles"); } }); Assert.assertNotNull(roles); Assert.assertEquals(3, roles.length); Assert.assertEquals("mondrianRole1", roles[0]); Assert.assertEquals("mondrianRole2", roles[1]); Assert.assertEquals("mondrianRole3", roles[2]); } catch (PentahoAccessControlException e) { Assert.fail(e.getMessage()); } }
@Test public void testReadRolesInSchema() throws Exception { final MondrianCatalogHelper helper = (MondrianCatalogHelper) PentahoSystem.get(IMondrianCatalogService.class); Assert.assertNotNull(helper); MondrianCatalog mc = SecurityHelper.getInstance() .runAsUser( "admin", new Callable<MondrianCatalog>() { @Override public MondrianCatalog call() throws Exception { return helper.getCatalog("SteelWheelsRoles", PentahoSessionHolder.getSession()); } }); Assert.assertNotNull(mc); MondrianSchema ms = mc.getSchema(); Assert.assertNotNull(ms); String[] roleNames = ms.getRoleNames(); Assert.assertNotNull(roleNames); Assert.assertEquals(2, roleNames.length); Assert.assertEquals("Role1", roleNames[0]); Assert.assertEquals("Role2", roleNames[1]); }
/** * Returns whether the current user is an administrator * * @return "true" or "false" */ @GET @Path("/isAdministrator") public Response isAdministrator() { return Response.ok( "" + (SecurityHelper.getInstance().isPentahoAdministrator(getPentahoSession()))) .build(); }
@Test public void testNoMatchLookupMapUserRoleListMapper() throws Exception { Map<String, String> lookup = new HashMap<String, String>(); lookup.put("No Match", "Role1"); lookup.put("No Match Here Either", "Role2"); final MondrianLookupMapUserRoleListMapper mapper = new MondrianLookupMapUserRoleListMapper(); mapper.setLookupMap(lookup); mapper.setFailOnEmptyRoleList(true); try { SecurityHelper.getInstance() .runAsUser( "admin", new Callable<String[]>() { @Override public String[] call() throws Exception { return mapper.mapConnectionRoles( PentahoSessionHolder.getSession(), "SteelWheelsRoles"); } }); Assert.fail(); } catch (PentahoAccessControlException e) { // no op. } mapper.setFailOnEmptyRoleList(false); try { String[] roles = SecurityHelper.getInstance() .runAsUser( "admin", new Callable<String[]>() { @Override public String[] call() throws Exception { return mapper.mapConnectionRoles( PentahoSessionHolder.getSession(), "SteelWheelsRoles"); } }); Assert.assertNull(roles); } catch (PentahoAccessControlException e) { Assert.fail(e.getMessage()); } }
private String generateInMemoryDatasourcesXml() { try { return SecurityHelper.getInstance() .runAsSystem( new Callable<String>() { public String call() throws Exception { return mondrianCatalogService.generateInMemoryDatasourcesXml(repo); } }); } catch (Exception e) { PentahoXmlaServlet.logger.error(e); throw new RuntimeException(e); } }
@Test public void testNoMatchMondrianOneToOneUserRoleListMapper() throws Exception { final MondrianOneToOneUserRoleListMapper mapper = new MondrianOneToOneUserRoleListMapper(); mapper.setFailOnEmptyRoleList(true); try { SecurityHelper.getInstance() .runAsUser( "admin", new Callable<String[]>() { @Override public String[] call() throws Exception { return mapper.mapConnectionRoles( PentahoSessionHolder.getSession(), "SteelWheelsRoles"); } }); Assert.fail(); } catch (PentahoAccessControlException e) { // No op. } mapper.setFailOnEmptyRoleList(false); try { String[] roles = SecurityHelper.getInstance() .runAsUser( "simplebob", new Callable<String[]>() { @Override public String[] call() throws Exception { return mapper.mapConnectionRoles( PentahoSessionHolder.getSession(), "SteelWheelsRoles"); } }); Assert.assertArrayEquals(new String[] {"Role1", "Role2"}, roles); } catch (PentahoAccessControlException e) { Assert.fail(e.getMessage()); } }
@SuppressWarnings("deprecation") public void testVoter() throws Exception { SecurityHelper.getInstance() .runAsUser( "suzy", new Callable<Void>() { @Override public Void call() throws Exception { RepositoryFile testFile = new RepositoryFile("Test Folder", null, null); // $NON-NLS-1$ Map<IPermissionRecipient, IPermissionMask> perms = new LinkedHashMap<IPermissionRecipient, IPermissionMask>(); perms.put( new SimpleUser("suzy"), new SimplePermissionMask(IPentahoAclEntry.PERM_EXECUTE)); perms.put( new SimpleRole("ROLE_CTO"), new SimplePermissionMask(IPentahoAclEntry.PERM_SUBSCRIBE)); perms.put( new SimpleRole("ROLE_IS"), new SimplePermissionMask(IPentahoAclEntry.PERM_ADMINISTRATION)); SpringSecurityPermissionMgr.instance().setPermissions(perms, testFile); PentahoBasicAclVoter voter = new PentahoBasicAclVoter(); assertTrue( voter.hasAccess( PentahoSessionHolder.getSession(), testFile, IPentahoAclEntry.PERM_EXECUTE)); assertTrue( voter.hasAccess( PentahoSessionHolder.getSession(), testFile, IPentahoAclEntry.PERM_SUBSCRIBE)); assertTrue( voter.hasAccess( PentahoSessionHolder.getSession(), testFile, IPentahoAclEntry.PERM_ADMINISTRATION)); PentahoAclEntry entry = voter.getEffectiveAcl(PentahoSessionHolder.getSession(), testFile); assertNotNull(entry); assertEquals(entry.printPermissionsBlock(), "XSCUDP"); // $NON-NLS-1$ return null; } }); }
private String getDatasourcesXml() { final Callable<String> call = new Callable<String>() { public String call() throws Exception { return generateInMemoryDatasourcesXml(); } }; try { if (isSecurityEnabled()) { return SecurityHelper.getInstance().runAsSystem(call); } else { return call.call(); } } catch (Exception e) { throw new IOlapServiceException(e); } }
@Test public void testReadRolesInPlatform() throws Exception { SecurityHelper.getInstance() .runAsUser( "admin", new Callable<Void>() { @Override public Void call() throws Exception { Authentication auth = SecurityHelper.getInstance().getAuthentication(); Assert.assertNotNull(auth); GrantedAuthority[] gAuths = auth.getAuthorities(); Assert.assertNotNull(gAuths); Assert.assertEquals(3, gAuths.length); Assert.assertEquals("ceo", gAuths[0].getAuthority()); Assert.assertEquals("Admin", gAuths[1].getAuthority()); Assert.assertEquals("Authenticated", gAuths[2].getAuthority()); return null; } }); }
@Test public void testNoMatchMondrianUserSessionUserRoleListMapper() throws Exception { final MondrianUserSessionUserRoleListMapper mapper = new MondrianUserSessionUserRoleListMapper(); mapper.setSessionProperty("rolesAttribute"); try { String[] roles = SecurityHelper.getInstance() .runAsUser( "admin", new Callable<String[]>() { @Override public String[] call() throws Exception { return mapper.mapConnectionRoles( PentahoSessionHolder.getSession(), "SteelWheelsRoles"); } }); Assert.assertNull(roles); } catch (PentahoAccessControlException e) { Assert.fail(e.getMessage()); } }
/** Initializes the cache. Only the cache specific to the sesison's locale will be populated. */ protected void initCache(IPentahoSession session) { final List<Catalog> cache = getCache(session); final boolean needUpdate; final Lock readLock = cacheLock.readLock(); try { readLock.lock(); // Check if the cache is empty. if (cache.size() == 0) { needUpdate = true; } else { needUpdate = false; } } finally { readLock.unlock(); } if (needUpdate) { final Lock writeLock = cacheLock.writeLock(); try { writeLock.lock(); // First clear the cache cache.clear(); final Callable<Void> call = new Callable<Void>() { public Void call() throws Exception { // Now build the cache. Use the system session in the holder. for (String name : getHelper().getHostedCatalogs()) { try { addCatalogToCache(PentahoSessionHolder.getSession(), name); } catch (Throwable t) { LOG.error("Failed to initialize the cache for OLAP connection " + name, t); } } for (String name : getHelper().getOlap4jServers()) { try { addCatalogToCache(PentahoSessionHolder.getSession(), name); } catch (Throwable t) { LOG.error("Failed to initialize the cache for OLAP connection " + name, t); } } return null; } }; if (isSecurityEnabled()) { SecurityHelper.getInstance().runAsSystem(call); } else { call.call(); } // Sort it all. Collections.sort( cache, new Comparator<IOlapService.Catalog>() { public int compare(Catalog o1, Catalog o2) { return o1.name.compareTo(o2.name); } }); } catch (Throwable t) { LOG.error("Failed to initialize the connection cache", t); throw new IOlapServiceException(t); } finally { writeLock.unlock(); } } }