/** * @return the {@link ISecurityHelper} used by this instance. If none has been specified, it will default to * using the {@link SecurityHelper} singleton. */ public ISecurityHelper getSecurityHelper() { return ( null != securityHelper ? securityHelper : SecurityHelper.getInstance() ); }
/** * Utility method that communicates with the installed ACLVoter to determine administrator status * @deprecated use SystemUtils.canAdminister() instead * * @param session The users IPentahoSession object * @return true if the user is considered a Pentaho administrator */ @Override @Deprecated public boolean isPentahoAdministrator( final IPentahoSession session ) { IAuthorizationPolicy policy = getAuthorizationPolicy(); if ( policy == null ) { SecurityHelper.logger.warn( "No IAuthorizationPolicy set in PentahoSystem" ); return false; } // TODO externalize action names return policy.isAllowed( "org.pentaho.repository.read" ) && policy.isAllowed( "org.pentaho.repository.create" ) && ( policy.isAllowed( "org.pentaho.security.administerSecurity" ) ); }
.getSystemSetting( "anonymous-authentication/anonymous-user", "anonymousUser" ); //$NON-NLS-1$//$NON-NLS-2$ userDetailsService = getUserDetailsService(); userRoleListService = getUserRoleListService();
private SecurityHelper getAuthorizedSecurityHelper() { SecurityHelper authorizedSecurityHelper = spy( new SecurityHelper() ); IUserRoleListService userRoleListServiceMock = getUserRoleListServiceMock( DEF_USERNAME, ALL_ROLES_ARRAY ); doReturn( userRoleListServiceMock ).when( authorizedSecurityHelper ).getUserRoleListService(); return authorizedSecurityHelper; }
when( mockStreamProvider.getOutputStream() ).thenReturn( mockOutputStream ); ISecurityHelper mockSecurityHelper = Mockito.mock( ISecurityHelper.class ); SecurityHelper.setMockInstance( mockSecurityHelper ); when( mockSecurityHelper.runAsUser( Mockito.anyString(), Mockito.any() ) ).thenReturn( mockOutputPath ); PowerMockito.mockStatic( PentahoSystem.class );
@Test public void isPentahoAdministratorNullPolicyTest() { when( emptySecurityHelper.getAuthorizationPolicy() ).thenReturn( null ); assertFalse( emptySecurityHelper.isPentahoAdministrator( any() ) ); }
@Test @SuppressWarnings( "unchecked" ) public void runAsSystemTest() throws Exception { // creating environment PentahoSystemBoot boot = new PentahoSystemBoot(); boot.setFilePath( "test-src/solution" ); IPentahoObjectFactory pentahoObjectFactory = mock( IPentahoObjectFactory.class, PENTAHO_OBJECT_FACTORY_MOCK_NAME ); when( pentahoObjectFactory.objectDefined( eq( SINGLE_TENANT_ADMIN_USER_NAME ) ) ).thenReturn( true ); when( pentahoObjectFactory.get( eq( String.class ), eq( SINGLE_TENANT_ADMIN_USER_NAME ), Matchers.<IPentahoSession>any() ) ).thenReturn( ADMIN_USER_NAME ); when( pentahoObjectFactory.getName() ).thenReturn( PENTAHO_OBJECT_FACTORY_MOCK_NAME ); boot.setFactory( pentahoObjectFactory ); IUserRoleListService mockUserRoleListService = getUserRoleListServiceMock( ADMIN_USER_NAME, ADMIN_ROLES_ARRAY ); doReturn( mockUserRoleListService ).when( emptySecurityHelper ).getUserRoleListService(); // test for call Callable<String> callable = (Callable<String>) mock( Callable.class ); when( callable.call() ).thenReturn( CALLABLE_RETURNED_VALUE_OK ); String runningResult = emptySecurityHelper.runAsSystem( callable ); assertEquals( CALLABLE_RETURNED_VALUE_OK, runningResult ); }
/** * Hi-jacks the system for the named user. <p/> <p> This is for unit tests only. </p> */ @Override public void becomeUser( final String principalName, final IParameterProvider paramProvider ) { UserSession session = null; tenantedUserNameUtils = getTenantedUserNameUtils(); if ( tenantedUserNameUtils != null ) { session = new UserSession( principalName, null, false, paramProvider ); ITenant tenant = tenantedUserNameUtils.getTenant( principalName ); session.setAttribute( IPentahoSession.TENANT_ID_KEY, tenant.getId() ); session.setAuthenticated( tenant.getId(), principalName ); } else { session = new UserSession( principalName, null, false, paramProvider ); session.setAuthenticated( principalName ); } PentahoSessionHolder.setSession( session ); Authentication auth = createAuthentication( principalName ); // TODO We need to figure out how to inject this // Get the tenant id from the principle name and set it as an attribute of the pentaho session // Clearing the SecurityContext to force the subsequent call to getContext() to generate a new SecurityContext. // This prevents us from modifying the Authentication on a SecurityContext isntance which may be shared between // threads. PentahoSessionHolder.getSession().setAttribute( IPentahoSession.SESSION_ROLES, auth.getAuthorities() ); SecurityContextHolder.clearContext(); SecurityContextHolder.getContext().setAuthentication( auth ); PentahoSystem.sessionStartup( PentahoSessionHolder.getSession(), paramProvider ); }
Authentication auth = createAuthentication( singleTenantAdmin ); //$NON-NLS-1$ SecurityContextHolder.getContext().setAuthentication( auth );
/** * Utility method that allows you to run a block of code as the given user. Regardless of success or exception * situation, the original session and authentication will be restored once your block of code is finished executing, * i.e. the given user will apply only to your {@link Callable}, then the system environment will return to the user * present prior to you calling this method. * * @param <T> the return type of your operation, specify this type as <code>T</code> * @param principalName the user under whom you wish to run a section of code * @param callable {@link Callable#call()} contains the code you wish to run as the given user * @return the value returned by your implementation of {@link Callable#call()} * @throws Exception * @see {@link Callable} */ @Override public <T> T runAsUser( final String principalName, final Callable<T> callable ) throws Exception { return runAsUser( principalName, null, callable ); }
when( mockStreamProvider.getOutputStream() ).thenReturn( mockOutputStream ); ISecurityHelper mockSecurityHelper = Mockito.mock( ISecurityHelper.class ); SecurityHelper.setMockInstance( mockSecurityHelper ); when( mockSecurityHelper.runAsUser( Mockito.anyString(), Mockito.any() ) ).thenReturn( mockOutputPath ); PowerMockito.mockStatic( PentahoSystem.class );
@Test public void isPentahoAdministratorValidPolicyTest() { IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class ); when( emptySecurityHelper.getAuthorizationPolicy() ).thenReturn( policy ); when( policy.isAllowed( anyString() ) ).thenReturn( true ); assertTrue( emptySecurityHelper.isPentahoAdministrator( any() ) ); }
@Test public void createAnonimousAuthentificationTest() { Authentication auth = getAuthorizedSecurityHelper().createAuthentication( ANONIMOUS_USER ); boolean roleWasFound = false; for ( GrantedAuthority authElem : auth.getAuthorities() ) { if ( authElem != null && ANONIMOUS_ROLE.equals( authElem.getAuthority() ) ) { roleWasFound = true; break; } } assertTrue( "not granted access for anonimous user", roleWasFound ); }
@Test @SuppressWarnings( "unchecked" ) public void runAsUserTest() throws Exception { Callable<String> callable = (Callable<String>) mock( Callable.class ); when( callable.call() ).thenReturn( CALLABLE_RETURNED_VALUE_OK ); String runningResult = getAuthorizedSecurityHelper().runAsUser( DEF_USERNAME, callable ); assertEquals( CALLABLE_RETURNED_VALUE_OK, runningResult ); }
private String runAsUser( Callable<String> callable ) { try { if ( callable != null ) { return SecurityHelper.getInstance().runAsUser( this.actionUser, callable ); } } catch ( Exception e ) { logger.error( e.getMessage(), e ); } return null; }
SecurityHelper.setMockInstance( securityHelper );
@Test public void isPentahoAdministratorInvalidPolicyTest() { IAuthorizationPolicy policy = mock( IAuthorizationPolicy.class ); when( emptySecurityHelper.getAuthorizationPolicy() ).thenReturn( policy ); when( policy.isAllowed( anyString() ) ).thenReturn( false ); assertFalse( emptySecurityHelper.isPentahoAdministrator( any() ) ); }
@Test public void createAuthentificationTest() { Authentication authentication = getAuthorizedSecurityHelper().createAuthentication( DEF_USERNAME ); Collection<? extends GrantedAuthority> autorities = authentication.getAuthorities(); // check for the all inner roles from ALL_ROLES_ARRAY that they are present in authentication authorities for ( String sourceRole : ALL_ROLES_ARRAY ) { boolean roleWasFound = false; for ( GrantedAuthority authRole : autorities ) { if ( sourceRole.equals( authRole.getAuthority() ) ) { roleWasFound = true; break; } } if ( !roleWasFound ) { fail( "not whole of required roles are present in created authentication authorities" ); return; } } }
@Override public Authentication getAuthentication( final IPentahoSession session ) { return SecurityHelper.getInstance().getAuthentication(); }
SecurityHelper.setMockInstance( new MockSecurityHelper() );