Пример #1
0
  @Test
  public void testCreateUser() throws BiobankCheckException, Exception {
    String name = "createUser" + r.nextInt();
    String password = "******";
    UserWrapper user = UserHelper.addUser(name, password, true);

    // check biobank user
    User dbUser = ModelUtils.getObjectWithId(appService, User.class, user.getId());
    Assert.assertNotNull(dbUser);
    Assert.assertEquals(name, dbUser.getLogin());
    Assert.assertNotNull(dbUser.getCsmUserId());

    // check csm user
    UserProvisioningManager upm =
        SecurityServiceProvider.getUserProvisioningManager(
            BiobankCSMSecurityUtil.APPLICATION_CONTEXT_NAME);

    gov.nih.nci.security.authorization.domainobjects.User csmUser = upm.getUser(name);
    Assert.assertNotNull(csmUser);
    Assert.assertNotNull(csmUser.getPassword());
    Assert.assertFalse(csmUser.getPassword().isEmpty());

    // check user can connect
    BiobankApplicationService newUserAppService = AllTestsSuite.connect(name, password);
    // check user can access a biobank object using the new appService
    try {
      newUserAppService.search(Site.class, new Site());
    } catch (AccessDeniedException ade) {
      Assert.fail("User should be able to access any object");
    }
  }
 private AuthenticationManager getAuthenticationManagerCLM() {
   if (authenticationManagerCLM == null) {
     try {
       authenticationManagerCLM = SecurityServiceProvider.getAuthenticationManager("CLM");
     } catch (CSException e) {
       fail();
     }
   }
   return authenticationManagerCLM;
 }
 private AuthenticationManager getAuthenticationManagerEDirectory() {
   if (authenticationManagerEDirectory == null) {
     try {
       authenticationManagerEDirectory =
           SecurityServiceProvider.getAuthenticationManager("EDirectory");
     } catch (CSException e) {
       fail();
     }
   }
   return authenticationManagerEDirectory;
 }
 private AuthenticationManager getAuthenticationManagerOpenLDAP() {
   if (authenticationManagerOpenLdap == null) {
     try {
       authenticationManagerOpenLdap =
           SecurityServiceProvider.getAuthenticationManager("OpenLDAP");
     } catch (CSException e) {
       fail();
     }
   }
   return authenticationManagerOpenLdap;
 }
  private UserProvisioningManager getUserProvisioningManager(
      AuthorizationManager authorizationManager, String applictionContextName) throws CSException {
    UserProvisioningManager userProvisioningManager = null;

    Application application = authorizationManager.getApplication(applictionContextName);
    if (!StringUtilities.isBlank(application.getDatabaseURL())) {
      HashMap hashMap = new HashMap();
      hashMap.put("hibernate.connection.url", application.getDatabaseURL());
      hashMap.put("hibernate.connection.username", application.getDatabaseUserName());
      hashMap.put("hibernate.connection.password", application.getDatabasePassword());
      hashMap.put("hibernate.dialect", application.getDatabaseDialect());
      hashMap.put("hibernate.connection.driver_class", application.getDatabaseDriver());
      userProvisioningManager =
          SecurityServiceProvider.getUserProvisioningManager(applictionContextName, hashMap);
    } else {
      userProvisioningManager =
          SecurityServiceProvider.getUserProvisioningManager(applictionContextName);
    }

    return userProvisioningManager;
  }
Пример #6
0
  @Test
  public void testDeleteUser() throws BiobankCheckException, Exception {
    String name = "deleteUser" + r.nextInt();
    UserWrapper user = UserHelper.addUser(name, null, false);

    User dbUser = ModelUtils.getObjectWithId(appService, User.class, user.getId());
    Assert.assertNotNull(dbUser);
    UserProvisioningManager upm =
        SecurityServiceProvider.getUserProvisioningManager(
            BiobankCSMSecurityUtil.APPLICATION_CONTEXT_NAME);
    gov.nih.nci.security.authorization.domainobjects.User csmUser = upm.getUser(name);
    Assert.assertNotNull(csmUser);

    Integer idUser = user.getId();
    user.delete();
    Assert.assertNull(ModelUtils.getObjectWithId(appService, User.class, idUser));
    csmUser = upm.getUser(name);
    Assert.assertNull(csmUser);
  }
  /**
   * @param username user name
   * @return boolean
   */
  public boolean isAuthorized(String username) {
    boolean authorized = false;
    try {
      AuthorizationManager authManager =
          SecurityServiceProvider.getAuthorizationManager(CsmHelper.SUITE_APPLICATION_NAME);
      if (authManager != null) {
        User user = authorizationManager.getUser(username);
        if (user == null) {
          LOG.error("Username: "******" is not a CSM user");
        } else {
          authorized = true;
        }
      }
    } catch (CSConfigurationException e) {
      LOG.error("Error during authorization check", e);
    } catch (CSException e) {
      LOG.error("Error during authorization check", e);
    }

    return authorized;
  }
Пример #8
0
  @Test
  public void testAddUserFailAndCsmUser() throws Exception {
    UserWrapper user = new UserWrapper(appService);
    String login = Utils.getRandomString(300, 400);
    user.setLogin(login);
    // FIXME should use another test because I should set login length to be
    // the same between csm_user and our user table. Maybe in using a
    // WrapperTransation with something sending an error to make the commit
    // fail
    try {
      user.persist();
      Assert.fail();
    } catch (Exception ex) {
      Assert.assertTrue("should fail because login is too long", true);
    }
    // check csm user
    UserProvisioningManager upm =
        SecurityServiceProvider.getUserProvisioningManager(
            BiobankCSMSecurityUtil.APPLICATION_CONTEXT_NAME);

    gov.nih.nci.security.authorization.domainobjects.User csmUser = upm.getUser(login);
    Assert.assertNull(csmUser);
  }
  public ActionForward execute(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response) {
    ActionErrors errors = new ActionErrors();

    AuthenticationManager authenticationManager = null;
    AuthorizationManager authorizationManager = null;
    UserProvisioningManager userProvisioningManager = null;
    boolean loginSuccessful = false;
    boolean hasPermission = false;
    String uptContextName = DisplayConstants.UPT_CONTEXT_NAME;
    Application application = null;

    String serverInfoPathPort =
        (request.isSecure() ? "https://" : "http://")
            + request.getServerName()
            + ":"
            + request.getServerPort();
    ObjectFactory.initialize("upt-beans.xml");
    UPTProperties uptProperties = null;
    String urlContextForLoginApp = "";
    String centralUPTConfiguration = "";
    try {
      uptProperties = (UPTProperties) ObjectFactory.getObject("UPTProperties");
      urlContextForLoginApp =
          uptProperties.getBackwardsCompatibilityInformation().getLoginApplicationContextName();
      if (!StringUtils.isBlank(urlContextForLoginApp)) {
        serverInfoPathPort = serverInfoPathPort + "/" + urlContextForLoginApp + "/";
      } else {
        serverInfoPathPort =
            serverInfoPathPort + "/" + DisplayConstants.LOGIN_APPLICATION_CONTEXT_NAME + "/";
      }

      centralUPTConfiguration =
          uptProperties.getBackwardsCompatibilityInformation().getCentralUPTConfiguration();
      if ("true".equalsIgnoreCase(centralUPTConfiguration)) {
        uptContextName = DisplayConstants.UPT_AUTHENTICATION_CONTEXT_NAME;
      }
    } catch (UPTConfigurationException e) {
      serverInfoPathPort =
          serverInfoPathPort + "/" + DisplayConstants.LOGIN_APPLICATION_CONTEXT_NAME + "/";
    }

    //		System.out.println("centralUPTConfiguration: "+centralUPTConfiguration);
    //		System.out.println("urlContextForLoginApp: "+urlContextForLoginApp);
    //		System.out.println("serverInfoPathPort: "+serverInfoPathPort);

    LoginForm loginForm = (LoginForm) form;
    if (StringUtils.isBlank(loginForm.getApplicationContextName())
        || StringUtils.isBlank(loginForm.getLoginId())
        || StringUtils.isBlank(loginForm.getPassword())) {

      ActionForward newActionForward = new ActionForward();
      newActionForward.setPath(serverInfoPathPort);
      newActionForward.setRedirect(true);

      return newActionForward;
    }

    UserInfoHelper.setUserInfo(loginForm.getLoginId(), request.getSession().getId());
    errors.clear();

    try {
      //			System.out.println("uptContextName1: "+uptContextName);
      authorizationManager = SecurityServiceProvider.getAuthorizationManager(uptContextName);
      if (null == authorizationManager) {
        errors.add(
            ActionErrors.GLOBAL_ERROR,
            new ActionError(
                DisplayConstants.ERROR_ID,
                "Unable to initialize Authorization Manager for the given application context using new configuration"));
        saveErrors(request, errors);
        if (log.isDebugEnabled())
          log.debug(
              "|"
                  + loginForm.getLoginId()
                  + "||Login|Failure|Unable to instantiate Authorization Manager for UPT application using new configuration||");
        return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
      }
    } catch (CSException cse) {

      authorizationManager = null;
    }

    if (null == authorizationManager) {

      try {

        if (null == uptContextName || uptContextName.equalsIgnoreCase("")) {
          errors.add(
              ActionErrors.GLOBAL_ERROR,
              new ActionError(
                  DisplayConstants.ERROR_ID,
                  "Unable to read the UPT Context Name from Security Config File"));
          saveErrors(request, errors);
          if (log.isDebugEnabled())
            log.debug(
                "|"
                    + loginForm.getLoginId()
                    + "||Login|Failure|Unable to read the UPT Context Name from Security Config File");
          return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
        }
      } catch (Exception ex) {
        errors.add(
            ActionErrors.GLOBAL_ERROR,
            new ActionError(
                DisplayConstants.ERROR_ID,
                org.apache.commons.lang.StringEscapeUtils.escapeHtml(ex.getMessage())));
        saveErrors(request, errors);
        if (log.isDebugEnabled())
          log.debug(
              "|"
                  + loginForm.getLoginId()
                  + "||Login|Failure|Unable to read the UPT Context Name from Security Config File||");
        return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
      }
    }
    try {

      authenticationManager =
          SecurityServiceProvider.getAuthenticationManager(
              DisplayConstants.UPT_AUTHENTICATION_CONTEXT_NAME);
      if (null == authenticationManager) {
        errors.add(
            ActionErrors.GLOBAL_ERROR,
            new ActionError(
                DisplayConstants.ERROR_ID,
                "Unable to initialize Authentication Manager for the given application context"));
        saveErrors(request, errors);
        if (log.isDebugEnabled())
          log.debug(
              "|"
                  + loginForm.getLoginId()
                  + "||Login|Failure|Unable to instantiate AuthenticationManager for UPT application||");
        return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
      }
    } catch (CSException cse) {
      errors.add(
          ActionErrors.GLOBAL_ERROR,
          new ActionError(
              DisplayConstants.ERROR_ID,
              org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
      saveErrors(request, errors);
      if (log.isDebugEnabled())
        log.debug(
            "|"
                + loginForm.getLoginId()
                + "||Login|Failure|Unable to instantiate AuthenticationManager for UPT application|"
                + loginForm.toString()
                + "|"
                + cse.getMessage());
      return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
    }
    try {
      loginSuccessful =
          authenticationManager.login(loginForm.getLoginId(), loginForm.getPassword());
    } catch (CSCredentialExpiredException cse) {
      errors.add(
          ActionErrors.GLOBAL_ERROR,
          new ActionError(
              DisplayConstants.ERROR_ID,
              org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
      saveErrors(request, errors);
      if (log.isDebugEnabled())
        log.debug(
            "|"
                + loginForm.getLoginId()
                + "||Login|Failure|Password Expired for user name "
                + loginForm.getLoginId()
                + " and"
                + loginForm.getApplicationContextName()
                + " application|"
                + loginForm.toString()
                + "|"
                + cse.getMessage());
      return mapping.findForward(ForwardConstants.EXPIRED_PASSWORD);
    } catch (CSFirstTimeLoginException cse) {
      errors.add(
          ActionErrors.GLOBAL_ERROR,
          new ActionError(
              DisplayConstants.ERROR_ID,
              org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
      saveErrors(request, errors);
      if (log.isDebugEnabled())
        log.debug(
            "|"
                + loginForm.getLoginId()
                + "||Login|Failure|Password Expired for user name "
                + loginForm.getLoginId()
                + " and"
                + loginForm.getApplicationContextName()
                + " application|"
                + loginForm.toString()
                + "|"
                + cse.getMessage());
      return mapping.findForward(ForwardConstants.EXPIRED_PASSWORD);
    } catch (CSException cse) {
      errors.add(
          ActionErrors.GLOBAL_ERROR,
          new ActionError(
              DisplayConstants.ERROR_ID,
              org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
      saveErrors(request, errors);
      if (log.isDebugEnabled())
        log.debug(
            "|"
                + loginForm.getLoginId()
                + "||Login|Failure|Login Failed for user name "
                + loginForm.getLoginId()
                + " and"
                + loginForm.getApplicationContextName()
                + " application|"
                + loginForm.toString()
                + "|"
                + cse.getMessage());
      return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
    }

    try {
      authorizationManager = SecurityServiceProvider.getAuthorizationManager(uptContextName);
      if (null == authorizationManager) {
        errors.add(
            ActionErrors.GLOBAL_ERROR,
            new ActionError(
                DisplayConstants.ERROR_ID,
                "Unable to initialize Authorization Manager for the given application context"));
        saveErrors(request, errors);
        if (log.isDebugEnabled())
          log.debug(
              "|"
                  + loginForm.getLoginId()
                  + "||Login|Failure|Unable to instantiate Authorization Manager for UPT application||");
        return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
      }
    } catch (CSException cse) {
      errors.add(
          ActionErrors.GLOBAL_ERROR,
          new ActionError(
              DisplayConstants.ERROR_ID,
              org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
      saveErrors(request, errors);
      if (log.isDebugEnabled())
        log.debug(
            "|"
                + loginForm.getLoginId()
                + "||Login|Failure|Unable to instantiate AuthorizationManager for UPT application|"
                + loginForm.toString()
                + "|"
                + cse.getMessage());
      return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
    }
    try {
      hasPermission =
          authorizationManager.checkPermission(
              loginForm.getLoginId(), loginForm.getApplicationContextName(), null);
      if (!hasPermission) {
        try {
          userProvisioningManager =
              getUserProvisioningManager(
                  authorizationManager, loginForm.getApplicationContextName());
          if (null == userProvisioningManager) {
            errors.add(
                ActionErrors.GLOBAL_ERROR,
                new ActionError(
                    DisplayConstants.ERROR_ID,
                    "Unable to initialize Authorization Manager for the given application context"));
            saveErrors(request, errors);
            if (log.isDebugEnabled())
              log.debug(
                  "|"
                      + loginForm.getLoginId()
                      + "||Login|Failure|Unable to instantiate User Provisioning Manager for "
                      + loginForm.getApplicationContextName()
                      + " application||");
            return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
          }
        } catch (CSException cse) {
          errors.add(
              ActionErrors.GLOBAL_ERROR,
              new ActionError(
                  DisplayConstants.ERROR_ID,
                  org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
          saveErrors(request, errors);
          if (log.isDebugEnabled())
            log.debug(
                "|"
                    + loginForm.getLoginId()
                    + "||Login|Failure|Unable to instantiate User Provisioning Manager for |"
                    + loginForm.toString()
                    + "|"
                    + cse.getMessage());
          return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
        }
        HttpSession session = request.getSession(true);
        session.setAttribute(DisplayConstants.USER_PROVISIONING_MANAGER, userProvisioningManager);
        session.setAttribute(DisplayConstants.LOGIN_OBJECT, form);
        session.setAttribute(DisplayConstants.CURRENT_TABLE_ID, DisplayConstants.HOME_ID);

        session.setAttribute(
            Constants.UPT_USER_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
        session.setAttribute(
            Constants.UPT_PROTECTION_ELEMENT_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE,
            "false");
        session.setAttribute(
            Constants.UPT_PRIVILEGE_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
        session.setAttribute(
            Constants.UPT_GROUP_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
        session.setAttribute(
            Constants.UPT_PROTECTION_GROUP_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE,
            "false");
        session.setAttribute(
            Constants.UPT_ROLE_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
        session.setAttribute(
            Constants.UPT_INSTANCE_LEVEL_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");

        //				errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(DisplayConstants.ERROR_ID,
        // "Access permission denied for the application" ));
        //				saveErrors( request,errors );
        //				if (log.isDebugEnabled())
        //					log.debug("|"+loginForm.getLoginId()+
        //							"||Login|Failure|User "+loginForm.getLoginId()+" doesnot have permission on
        // "+loginForm.getApplicationContextName()+" application||");

        return mapping.findForward(ForwardConstants.LOGIN_SUCCESS);
      }
    } catch (CSException cse) {
      errors.add(
          ActionErrors.GLOBAL_ERROR,
          new ActionError(
              DisplayConstants.ERROR_ID,
              org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
      saveErrors(request, errors);
      if (log.isDebugEnabled())
        log.debug(
            "|"
                + loginForm.getLoginId()
                + "||Login|Failure|Error in checking permission|"
                + loginForm.toString()
                + "|"
                + cse.getMessage());
      return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
    }

    try {
      // UserProvisioningManager upm = (UserProvisioningManager)authorizationManager;
      application = authorizationManager.getApplication(loginForm.getApplicationContextName());
      userProvisioningManager =
          getUserProvisioningManager(authorizationManager, loginForm.getApplicationContextName());
      if (null == userProvisioningManager) {
        errors.add(
            ActionErrors.GLOBAL_ERROR,
            new ActionError(
                DisplayConstants.ERROR_ID,
                "Unable to initialize Authorization Manager for the given application context"));
        saveErrors(request, errors);
        if (log.isDebugEnabled())
          log.debug(
              "|"
                  + loginForm.getLoginId()
                  + "||Login|Failure|Unable to instantiate User Provisioning Manager for "
                  + loginForm.getApplicationContextName()
                  + " application||");
        return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
      }
    } catch (CSException cse) {
      errors.add(
          ActionErrors.GLOBAL_ERROR,
          new ActionError(
              DisplayConstants.ERROR_ID,
              org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
      saveErrors(request, errors);
      if (log.isDebugEnabled())
        log.debug(
            "|"
                + loginForm.getLoginId()
                + "||Login|Failure|Unable to instantiate User Provisioning Manager for |"
                + loginForm.toString()
                + "|"
                + cse.getMessage());
      return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
    }

    HttpSession session = request.getSession(true);
    session.setAttribute(DisplayConstants.USER_PROVISIONING_MANAGER, userProvisioningManager);
    session.setAttribute(DisplayConstants.LOGIN_OBJECT, form);
    session.setAttribute(DisplayConstants.CURRENT_TABLE_ID, DisplayConstants.HOME_ID);

    authenticationManager = null;
    authorizationManager = null;

    try {
      processUptOperation(
          userProvisioningManager,
          loginForm.getLoginId(),
          application.getApplicationName(),
          session);
    } catch (CSTransactionException e) {
      // TODO Auto-generated catch block
      e.printStackTrace();
    }
    if (((LoginForm) form).getApplicationContextName().equalsIgnoreCase(uptContextName)) {
      session.setAttribute(DisplayConstants.ADMIN_USER, DisplayConstants.ADMIN_USER);
      if (log.isDebugEnabled())
        log.debug(
            session.getId()
                + "|"
                + ((LoginForm) session.getAttribute(DisplayConstants.LOGIN_OBJECT)).getLoginId()
                + "||Login|Success|Login Successful for user "
                + loginForm.getLoginId()
                + " and "
                + loginForm.getApplicationContextName()
                + " application, Forwarding to the Super Admin Home Page||");
      return (mapping.findForward(ForwardConstants.ADMIN_LOGIN_SUCCESS));
    } else {
      if (log.isDebugEnabled())
        log.debug(
            session.getId()
                + "|"
                + ((LoginForm) session.getAttribute(DisplayConstants.LOGIN_OBJECT)).getLoginId()
                + "||Login|Success|Login Successful for user "
                + loginForm.getLoginId()
                + " and "
                + loginForm.getApplicationContextName()
                + " application, Forwarding to the Home Page||");
      return (mapping.findForward(ForwardConstants.LOGIN_SUCCESS));
    }
  }