@Test
public void testCreateUser() throws BiobankCheckException, Exception {
String name = "createUser" + r.nextInt();
String password = "******";
UserWrapper user = UserHelper.addUser(name, password, true);
// check biobank user
User dbUser = ModelUtils.getObjectWithId(appService, User.class, user.getId());
Assert.assertNotNull(dbUser);
Assert.assertEquals(name, dbUser.getLogin());
Assert.assertNotNull(dbUser.getCsmUserId());
// check csm user
UserProvisioningManager upm =
SecurityServiceProvider.getUserProvisioningManager(
BiobankCSMSecurityUtil.APPLICATION_CONTEXT_NAME);
gov.nih.nci.security.authorization.domainobjects.User csmUser = upm.getUser(name);
Assert.assertNotNull(csmUser);
Assert.assertNotNull(csmUser.getPassword());
Assert.assertFalse(csmUser.getPassword().isEmpty());
// check user can connect
BiobankApplicationService newUserAppService = AllTestsSuite.connect(name, password);
// check user can access a biobank object using the new appService
try {
newUserAppService.search(Site.class, new Site());
} catch (AccessDeniedException ade) {
Assert.fail("User should be able to access any object");
}
}
private AuthenticationManager getAuthenticationManagerCLM() {
if (authenticationManagerCLM == null) {
try {
authenticationManagerCLM = SecurityServiceProvider.getAuthenticationManager("CLM");
} catch (CSException e) {
fail();
}
}
return authenticationManagerCLM;
}
private AuthenticationManager getAuthenticationManagerEDirectory() {
if (authenticationManagerEDirectory == null) {
try {
authenticationManagerEDirectory =
SecurityServiceProvider.getAuthenticationManager("EDirectory");
} catch (CSException e) {
fail();
}
}
return authenticationManagerEDirectory;
}
private AuthenticationManager getAuthenticationManagerOpenLDAP() {
if (authenticationManagerOpenLdap == null) {
try {
authenticationManagerOpenLdap =
SecurityServiceProvider.getAuthenticationManager("OpenLDAP");
} catch (CSException e) {
fail();
}
}
return authenticationManagerOpenLdap;
}
private UserProvisioningManager getUserProvisioningManager(
AuthorizationManager authorizationManager, String applictionContextName) throws CSException {
UserProvisioningManager userProvisioningManager = null;
Application application = authorizationManager.getApplication(applictionContextName);
if (!StringUtilities.isBlank(application.getDatabaseURL())) {
HashMap hashMap = new HashMap();
hashMap.put("hibernate.connection.url", application.getDatabaseURL());
hashMap.put("hibernate.connection.username", application.getDatabaseUserName());
hashMap.put("hibernate.connection.password", application.getDatabasePassword());
hashMap.put("hibernate.dialect", application.getDatabaseDialect());
hashMap.put("hibernate.connection.driver_class", application.getDatabaseDriver());
userProvisioningManager =
SecurityServiceProvider.getUserProvisioningManager(applictionContextName, hashMap);
} else {
userProvisioningManager =
SecurityServiceProvider.getUserProvisioningManager(applictionContextName);
}
return userProvisioningManager;
}
@Test
public void testDeleteUser() throws BiobankCheckException, Exception {
String name = "deleteUser" + r.nextInt();
UserWrapper user = UserHelper.addUser(name, null, false);
User dbUser = ModelUtils.getObjectWithId(appService, User.class, user.getId());
Assert.assertNotNull(dbUser);
UserProvisioningManager upm =
SecurityServiceProvider.getUserProvisioningManager(
BiobankCSMSecurityUtil.APPLICATION_CONTEXT_NAME);
gov.nih.nci.security.authorization.domainobjects.User csmUser = upm.getUser(name);
Assert.assertNotNull(csmUser);
Integer idUser = user.getId();
user.delete();
Assert.assertNull(ModelUtils.getObjectWithId(appService, User.class, idUser));
csmUser = upm.getUser(name);
Assert.assertNull(csmUser);
}
/**
* @param username user name
* @return boolean
*/
public boolean isAuthorized(String username) {
boolean authorized = false;
try {
AuthorizationManager authManager =
SecurityServiceProvider.getAuthorizationManager(CsmHelper.SUITE_APPLICATION_NAME);
if (authManager != null) {
User user = authorizationManager.getUser(username);
if (user == null) {
LOG.error("Username: "******" is not a CSM user");
} else {
authorized = true;
}
}
} catch (CSConfigurationException e) {
LOG.error("Error during authorization check", e);
} catch (CSException e) {
LOG.error("Error during authorization check", e);
}
return authorized;
}
@Test
public void testAddUserFailAndCsmUser() throws Exception {
UserWrapper user = new UserWrapper(appService);
String login = Utils.getRandomString(300, 400);
user.setLogin(login);
// FIXME should use another test because I should set login length to be
// the same between csm_user and our user table. Maybe in using a
// WrapperTransation with something sending an error to make the commit
// fail
try {
user.persist();
Assert.fail();
} catch (Exception ex) {
Assert.assertTrue("should fail because login is too long", true);
}
// check csm user
UserProvisioningManager upm =
SecurityServiceProvider.getUserProvisioningManager(
BiobankCSMSecurityUtil.APPLICATION_CONTEXT_NAME);
gov.nih.nci.security.authorization.domainobjects.User csmUser = upm.getUser(login);
Assert.assertNull(csmUser);
}
public ActionForward execute(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response) {
ActionErrors errors = new ActionErrors();
AuthenticationManager authenticationManager = null;
AuthorizationManager authorizationManager = null;
UserProvisioningManager userProvisioningManager = null;
boolean loginSuccessful = false;
boolean hasPermission = false;
String uptContextName = DisplayConstants.UPT_CONTEXT_NAME;
Application application = null;
String serverInfoPathPort =
(request.isSecure() ? "https://" : "http://")
+ request.getServerName()
+ ":"
+ request.getServerPort();
ObjectFactory.initialize("upt-beans.xml");
UPTProperties uptProperties = null;
String urlContextForLoginApp = "";
String centralUPTConfiguration = "";
try {
uptProperties = (UPTProperties) ObjectFactory.getObject("UPTProperties");
urlContextForLoginApp =
uptProperties.getBackwardsCompatibilityInformation().getLoginApplicationContextName();
if (!StringUtils.isBlank(urlContextForLoginApp)) {
serverInfoPathPort = serverInfoPathPort + "/" + urlContextForLoginApp + "/";
} else {
serverInfoPathPort =
serverInfoPathPort + "/" + DisplayConstants.LOGIN_APPLICATION_CONTEXT_NAME + "/";
}
centralUPTConfiguration =
uptProperties.getBackwardsCompatibilityInformation().getCentralUPTConfiguration();
if ("true".equalsIgnoreCase(centralUPTConfiguration)) {
uptContextName = DisplayConstants.UPT_AUTHENTICATION_CONTEXT_NAME;
}
} catch (UPTConfigurationException e) {
serverInfoPathPort =
serverInfoPathPort + "/" + DisplayConstants.LOGIN_APPLICATION_CONTEXT_NAME + "/";
}
// System.out.println("centralUPTConfiguration: "+centralUPTConfiguration);
// System.out.println("urlContextForLoginApp: "+urlContextForLoginApp);
// System.out.println("serverInfoPathPort: "+serverInfoPathPort);
LoginForm loginForm = (LoginForm) form;
if (StringUtils.isBlank(loginForm.getApplicationContextName())
|| StringUtils.isBlank(loginForm.getLoginId())
|| StringUtils.isBlank(loginForm.getPassword())) {
ActionForward newActionForward = new ActionForward();
newActionForward.setPath(serverInfoPathPort);
newActionForward.setRedirect(true);
return newActionForward;
}
UserInfoHelper.setUserInfo(loginForm.getLoginId(), request.getSession().getId());
errors.clear();
try {
// System.out.println("uptContextName1: "+uptContextName);
authorizationManager = SecurityServiceProvider.getAuthorizationManager(uptContextName);
if (null == authorizationManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authorization Manager for the given application context using new configuration"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate Authorization Manager for UPT application using new configuration||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
authorizationManager = null;
}
if (null == authorizationManager) {
try {
if (null == uptContextName || uptContextName.equalsIgnoreCase("")) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to read the UPT Context Name from Security Config File"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to read the UPT Context Name from Security Config File");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (Exception ex) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(ex.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to read the UPT Context Name from Security Config File||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
}
try {
authenticationManager =
SecurityServiceProvider.getAuthenticationManager(
DisplayConstants.UPT_AUTHENTICATION_CONTEXT_NAME);
if (null == authenticationManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authentication Manager for the given application context"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate AuthenticationManager for UPT application||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate AuthenticationManager for UPT application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
try {
loginSuccessful =
authenticationManager.login(loginForm.getLoginId(), loginForm.getPassword());
} catch (CSCredentialExpiredException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Password Expired for user name "
+ loginForm.getLoginId()
+ " and"
+ loginForm.getApplicationContextName()
+ " application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.EXPIRED_PASSWORD);
} catch (CSFirstTimeLoginException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Password Expired for user name "
+ loginForm.getLoginId()
+ " and"
+ loginForm.getApplicationContextName()
+ " application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.EXPIRED_PASSWORD);
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Login Failed for user name "
+ loginForm.getLoginId()
+ " and"
+ loginForm.getApplicationContextName()
+ " application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
try {
authorizationManager = SecurityServiceProvider.getAuthorizationManager(uptContextName);
if (null == authorizationManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authorization Manager for the given application context"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate Authorization Manager for UPT application||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate AuthorizationManager for UPT application|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
try {
hasPermission =
authorizationManager.checkPermission(
loginForm.getLoginId(), loginForm.getApplicationContextName(), null);
if (!hasPermission) {
try {
userProvisioningManager =
getUserProvisioningManager(
authorizationManager, loginForm.getApplicationContextName());
if (null == userProvisioningManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authorization Manager for the given application context"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate User Provisioning Manager for "
+ loginForm.getApplicationContextName()
+ " application||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate User Provisioning Manager for |"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
HttpSession session = request.getSession(true);
session.setAttribute(DisplayConstants.USER_PROVISIONING_MANAGER, userProvisioningManager);
session.setAttribute(DisplayConstants.LOGIN_OBJECT, form);
session.setAttribute(DisplayConstants.CURRENT_TABLE_ID, DisplayConstants.HOME_ID);
session.setAttribute(
Constants.UPT_USER_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
session.setAttribute(
Constants.UPT_PROTECTION_ELEMENT_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE,
"false");
session.setAttribute(
Constants.UPT_PRIVILEGE_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
session.setAttribute(
Constants.UPT_GROUP_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
session.setAttribute(
Constants.UPT_PROTECTION_GROUP_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE,
"false");
session.setAttribute(
Constants.UPT_ROLE_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
session.setAttribute(
Constants.UPT_INSTANCE_LEVEL_OPERATION + "_" + Constants.CSM_ACCESS_PRIVILEGE, "false");
// errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(DisplayConstants.ERROR_ID,
// "Access permission denied for the application" ));
// saveErrors( request,errors );
// if (log.isDebugEnabled())
// log.debug("|"+loginForm.getLoginId()+
// "||Login|Failure|User "+loginForm.getLoginId()+" doesnot have permission on
// "+loginForm.getApplicationContextName()+" application||");
return mapping.findForward(ForwardConstants.LOGIN_SUCCESS);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Error in checking permission|"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
try {
// UserProvisioningManager upm = (UserProvisioningManager)authorizationManager;
application = authorizationManager.getApplication(loginForm.getApplicationContextName());
userProvisioningManager =
getUserProvisioningManager(authorizationManager, loginForm.getApplicationContextName());
if (null == userProvisioningManager) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
"Unable to initialize Authorization Manager for the given application context"));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate User Provisioning Manager for "
+ loginForm.getApplicationContextName()
+ " application||");
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
} catch (CSException cse) {
errors.add(
ActionErrors.GLOBAL_ERROR,
new ActionError(
DisplayConstants.ERROR_ID,
org.apache.commons.lang.StringEscapeUtils.escapeHtml(cse.getMessage())));
saveErrors(request, errors);
if (log.isDebugEnabled())
log.debug(
"|"
+ loginForm.getLoginId()
+ "||Login|Failure|Unable to instantiate User Provisioning Manager for |"
+ loginForm.toString()
+ "|"
+ cse.getMessage());
return mapping.findForward(ForwardConstants.LOGIN_FAILURE);
}
HttpSession session = request.getSession(true);
session.setAttribute(DisplayConstants.USER_PROVISIONING_MANAGER, userProvisioningManager);
session.setAttribute(DisplayConstants.LOGIN_OBJECT, form);
session.setAttribute(DisplayConstants.CURRENT_TABLE_ID, DisplayConstants.HOME_ID);
authenticationManager = null;
authorizationManager = null;
try {
processUptOperation(
userProvisioningManager,
loginForm.getLoginId(),
application.getApplicationName(),
session);
} catch (CSTransactionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (((LoginForm) form).getApplicationContextName().equalsIgnoreCase(uptContextName)) {
session.setAttribute(DisplayConstants.ADMIN_USER, DisplayConstants.ADMIN_USER);
if (log.isDebugEnabled())
log.debug(
session.getId()
+ "|"
+ ((LoginForm) session.getAttribute(DisplayConstants.LOGIN_OBJECT)).getLoginId()
+ "||Login|Success|Login Successful for user "
+ loginForm.getLoginId()
+ " and "
+ loginForm.getApplicationContextName()
+ " application, Forwarding to the Super Admin Home Page||");
return (mapping.findForward(ForwardConstants.ADMIN_LOGIN_SUCCESS));
} else {
if (log.isDebugEnabled())
log.debug(
session.getId()
+ "|"
+ ((LoginForm) session.getAttribute(DisplayConstants.LOGIN_OBJECT)).getLoginId()
+ "||Login|Success|Login Successful for user "
+ loginForm.getLoginId()
+ " and "
+ loginForm.getApplicationContextName()
+ " application, Forwarding to the Home Page||");
return (mapping.findForward(ForwardConstants.LOGIN_SUCCESS));
}
}