Apache
/
archiva-redback-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix unit test

This commit is contained in:
Olivier Lamy 2015-02-06 23:09:37 +11:00
parent 8edcb36b95
commit f77d21b589
6 changed files with 90 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
View File

@ -22,6 +22,7 @@ package org.apache.archiva.redback.rest.services.interceptors;
import org.apache.archiva.redback.authentication.AuthenticationException; import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationResult; import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authorization.AuthorizationException; import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.AuthorizationResult;
import org.apache.archiva.redback.authorization.RedbackAuthorization; import org.apache.archiva.redback.authorization.RedbackAuthorization;
import org.apache.archiva.redback.integration.filter.authentication.basic.HttpBasicAuthentication; import org.apache.archiva.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
import org.apache.archiva.redback.policy.AccountLockedException; import org.apache.archiva.redback.policy.AccountLockedException;
@ -75,6 +76,7 @@ public class PermissionsInterceptor
{ {
if ( redbackAuthorization.noRestriction() ) if ( redbackAuthorization.noRestriction() )
{ {
log.debug( "redbackAuthorization.noRestriction() so skip permission check" );
// we are fine this services is marked as non restrictive access // we are fine this services is marked as non restrictive access
return; return;
} }
@ -84,48 +86,64 @@ public class PermissionsInterceptor
&& !( permissions.length == 1 && StringUtils.isEmpty( permissions[0] ) ) ) && !( permissions.length == 1 && StringUtils.isEmpty( permissions[0] ) ) )
{ {
HttpServletRequest request = getHttpServletRequest( message ); HttpServletRequest request = getHttpServletRequest( message );
SecuritySession securitySession = httpAuthenticator.getSecuritySession( request.getSession( true ) ); SecuritySession securitySession = httpAuthenticator.getSecuritySession( request.getSession() );
AuthenticationResult authenticationResult = message.get( AuthenticationResult.class ); AuthenticationResult authenticationResult = message.get( AuthenticationResult.class );
log.debug( "authenticationResult from message: {}", authenticationResult );
if ( authenticationResult == null ) if ( authenticationResult == null )
{ {
try try
{ {
authenticationResult = authenticationResult =
httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( message ) ); httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( message ) );
log.debug( "authenticationResult from request: {}", authenticationResult );
} }
catch ( AuthenticationException e ) catch ( AuthenticationException e )
{ {
log.debug( "failed to authenticate for path {}", message.get( Message.REQUEST_URI ) ); log.debug( "failed to authenticate for path {}", message.get( Message.REQUEST_URI ) );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() ); containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return;
} }
catch ( AccountLockedException e ) catch ( AccountLockedException e )
{ {
log.debug( "account locked for path {}", message.get( Message.REQUEST_URI ) ); log.debug( "account locked for path {}", message.get( Message.REQUEST_URI ) );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() ); containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return;
} }
catch ( MustChangePasswordException e ) catch ( MustChangePasswordException e )
{ {
log.debug( "must change password for path {}", message.get( Message.REQUEST_URI ) ); log.debug( "must change password for path {}", message.get( Message.REQUEST_URI ) );
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() ); containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return;
} }
} }
if ( authenticationResult != null && authenticationResult.isAuthenticated() ) if ( authenticationResult != null && authenticationResult.isAuthenticated() )
{ {
message.put( AuthenticationResult.class, authenticationResult );
for ( String permission : permissions ) for ( String permission : permissions )
{ {
log.debug( "check permission: {} with securitySession {}", permission, securitySession );
if ( StringUtils.isBlank( permission ) ) if ( StringUtils.isBlank( permission ) )
{ {
continue; continue;
} }
try try
{ {
if ( securitySystem.isAuthorized( securitySession, permission, AuthorizationResult authorizationResult =
StringUtils.isBlank( redbackAuthorization.resource() ) securitySystem.authorize( authenticationResult.getUser(), permission, //
? null StringUtils.isBlank( redbackAuthorization.resource() ) //
: redbackAuthorization.resource() ) ) ? null : redbackAuthorization.resource() );
/*
if ( securitySystem.isAuthorized( securitySession, permission, //
StringUtils.isBlank( redbackAuthorization.resource() ) //
? null : redbackAuthorization.resource() ) )
*/
if ( authenticationResult != null && authorizationResult.isAuthorized() )
{ {
log.debug( "isAuthorized for permission {}", permission );
return; return;
} }
else else
@ -140,13 +158,12 @@ public class PermissionsInterceptor
} }
catch ( AuthorizationException e ) catch ( AuthorizationException e )
{ {
log.debug( e.getMessage(), e ); log.debug( " AuthorizationException " + e.getMessage() //
+ " checking permission " + permission, e );
}
}
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() ); containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
return; return;
}
}
} }
else else
{ {

19
redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java
View File

@ -25,6 +25,7 @@ import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest; import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
import org.apache.archiva.redback.rest.api.model.User; import org.apache.archiva.redback.rest.api.model.User;
import org.apache.archiva.redback.rest.api.model.UserRegistrationRequest; import org.apache.archiva.redback.rest.api.model.UserRegistrationRequest;
import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
import org.apache.archiva.redback.rest.api.services.UserService; import org.apache.archiva.redback.rest.api.services.UserService;
import org.apache.archiva.redback.rest.services.mock.EmailMessage; import org.apache.archiva.redback.rest.services.mock.EmailMessage;
import org.apache.archiva.redback.rest.services.mock.ServicesAssert; import org.apache.archiva.redback.rest.services.mock.ServicesAssert;
@ -178,7 +179,7 @@ public class UserServiceTest
} }
finally finally
{ {
getUserService( authorizationHeader ).deleteUser( "toto" ); deleteUserQuietly( "toto" );
} }
} }
@ -237,7 +238,7 @@ public class UserServiceTest
} }
finally finally
{ {
getUserService( authorizationHeader ).deleteUser( "toto" ); deleteUserQuietly( "toto" );
} }
} }
@ -307,11 +308,23 @@ public class UserServiceTest
} }
finally finally
{ {
getUserService( authorizationHeader ).deleteUser( "toto" ); deleteUserQuietly( "toto" );
} }
} }
private void deleteUserQuietly( String userName )
{
try
{
getUserService( authorizationHeader ).deleteUser( userName );
}
catch ( Exception e )
{
log.warn( "ignore fail to delete user " + e.getMessage(), e );
}
}
@Test @Test
public void getAdminPermissions() public void getAdminPermissions()
throws Exception throws Exception

3
redback-integrations/redback-rest/redback-rest-services/src/test/resources/log4j2-test.xml
View File

@ -21,7 +21,7 @@
<appenders> <appenders>
<Console name="console" target="SYSTEM_OUT"> <Console name="console" target="SYSTEM_OUT">
<PatternLayout pattern="%highlight{%d{HH:mm:ss.SSS} [%L] [%t] %-5level %logger{36} - %msg%n}" /> <PatternLayout pattern="%highlight{%d{HH:mm:ss.SSS} [%L] [%t] %-5level %logger{3} - %msg%n}" />
</Console> </Console>
</appenders> </appenders>
@ -32,6 +32,7 @@
<logger name="org.apache.archiva.redback.components.cache" level="error"/> <logger name="org.apache.archiva.redback.components.cache" level="error"/>
<logger name="org.apache.archiva.redback.rest.services.interceptors" level="debug"/> <logger name="org.apache.archiva.redback.rest.services.interceptors" level="debug"/>
<logger name="org.apache.archiva.redback.rest.services" level="debug"/> <logger name="org.apache.archiva.redback.rest.services" level="debug"/>
<logger name="org.apache.catalina" level="off" />
<logger name="JPOX" level="ERROR"/> <logger name="JPOX" level="ERROR"/>
<root level="info"> <root level="info">
<appender-ref ref="console"/> <appender-ref ref="console"/>

12
redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySession.java
View File

@ -19,8 +19,8 @@ package org.apache.archiva.redback.system;
* under the License. * under the License.
*/ */
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.authentication.AuthenticationResult; import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.users.User;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import java.io.Serializable; import java.io.Serializable;
@ -74,4 +74,14 @@ public class DefaultSecuritySession
{ {
return ( ( user != null ) && authenticated ); return ( ( user != null ) && authenticated );
} }
@Override
public String toString()
{
return "DefaultSecuritySession{" +
"authenticationResult=" + authenticationResult +
", user=" + user +
", authenticated=" + authenticated +
'}';
}
} }

42
redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySystem.java
View File

@ -19,13 +19,6 @@ package org.apache.archiva.redback.system;
* under the License. * under the License.
*/ */
import org.apache.archiva.redback.keys.KeyManager;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.redback.authentication.AuthenticationDataSource; import org.apache.archiva.redback.authentication.AuthenticationDataSource;
import org.apache.archiva.redback.authentication.AuthenticationException; import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationManager; import org.apache.archiva.redback.authentication.AuthenticationManager;
@ -34,7 +27,14 @@ import org.apache.archiva.redback.authorization.AuthorizationDataSource;
import org.apache.archiva.redback.authorization.AuthorizationException; import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.AuthorizationResult; import org.apache.archiva.redback.authorization.AuthorizationResult;
import org.apache.archiva.redback.authorization.Authorizer; import org.apache.archiva.redback.authorization.Authorizer;
import org.apache.archiva.redback.keys.KeyManager;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException; import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
@ -47,7 +47,7 @@ import javax.inject.Named;
* *
* @author: Jesse McConnell <jesse@codehaus.org> * @author: Jesse McConnell <jesse@codehaus.org>
*/ */
@Service("securitySystem") @Service( "securitySystem" )
public class DefaultSecuritySystem public class DefaultSecuritySystem
implements SecuritySystem implements SecuritySystem
{ {
@ -57,15 +57,15 @@ public class DefaultSecuritySystem
private AuthenticationManager authnManager; private AuthenticationManager authnManager;
@Inject @Inject
@Named(value = "authorizer#default") @Named( value = "authorizer#default" )
private Authorizer authorizer; private Authorizer authorizer;
@Inject @Inject
@Named(value = "userManager#default") @Named( value = "userManager#default" )
private UserManager userManager; private UserManager userManager;
@Inject @Inject
@Named(value = "keyManager#cached") @Named( value = "keyManager#cached" )
private KeyManager keyManager; private KeyManager keyManager;
@Inject @Inject
@ -92,7 +92,6 @@ public class DefaultSecuritySystem
* @throws UserNotFoundException * @throws UserNotFoundException
* @throws MustChangePasswordException * @throws MustChangePasswordException
* @throws org.apache.archiva.redback.policy.AccountLockedException * @throws org.apache.archiva.redback.policy.AccountLockedException
*
* @throws MustChangePasswordException * @throws MustChangePasswordException
*/ */
public SecuritySession authenticate( AuthenticationDataSource source ) public SecuritySession authenticate( AuthenticationDataSource source )
@ -176,6 +175,24 @@ public class DefaultSecuritySystem
return authorizer.isAuthorized( source ); return authorizer.isAuthorized( source );
} }
public AuthorizationResult authorize( User user, String permission, String resource )
throws AuthorizationException
{
AuthorizationDataSource source = null;
if ( user != null )
{
source = new AuthorizationDataSource( user.getUsername(), user, permission, resource );
}
if ( source == null )
{
source = new AuthorizationDataSource( null, null, permission, resource );
}
return authorizer.isAuthorized( source );
}
public boolean isAuthorized( SecuritySession session, String permission ) public boolean isAuthorized( SecuritySession session, String permission )
throws AuthorizationException throws AuthorizationException
{ {
@ -287,4 +304,5 @@ public class DefaultSecuritySystem
{ {
return userManager.isReadOnly(); return userManager.isReadOnly();
} }
} }

4
redback-system/src/main/java/org/apache/archiva/redback/system/SecuritySystem.java
View File

@ -22,6 +22,7 @@ package org.apache.archiva.redback.system;
import org.apache.archiva.redback.policy.AccountLockedException; import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException; import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.policy.UserSecurityPolicy; import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManagerException; import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException; import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.redback.authentication.AuthenticationDataSource; import org.apache.archiva.redback.authentication.AuthenticationDataSource;
@ -73,6 +74,9 @@ public interface SecuritySystem
AuthorizationResult authorize( SecuritySession session, String permission, String resource ) AuthorizationResult authorize( SecuritySession session, String permission, String resource )
throws AuthorizationException; throws AuthorizationException;
AuthorizationResult authorize( User user, String permission, String resource )
throws AuthorizationException;
boolean isAuthorized( SecuritySession session, String permission, String resource ) boolean isAuthorized( SecuritySession session, String permission, String resource )
throws AuthorizationException; throws AuthorizationException;