Merge branch 'master' of https://github.com/Taskana/taskana into TSK-61
This commit is contained in:
commit
663c79c6d2
|
@ -6,6 +6,8 @@ import org.slf4j.LoggerFactory;
|
|||
import javax.security.auth.Subject;
|
||||
import java.lang.reflect.Method;
|
||||
import java.security.AccessController;
|
||||
import java.security.Principal;
|
||||
import java.security.acl.Group;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
@ -88,31 +90,44 @@ public final class CurrentUserContext {
|
|||
|
||||
private static String getUseridFromJAASSubject() {
|
||||
Subject subject = Subject.getSubject(AccessController.getContext());
|
||||
LOGGER.debug("Subject of caller: {}", subject);
|
||||
LOGGER.trace("Subject of caller: {}", subject);
|
||||
if (subject != null) {
|
||||
Set<Object> publicCredentials = subject.getPublicCredentials();
|
||||
LOGGER.debug("Public credentials of caller: {}", publicCredentials);
|
||||
for (Object pC : publicCredentials) {
|
||||
LOGGER.debug("Returning the first public credential: {}", pC.toString());
|
||||
return pC.toString();
|
||||
Set<Principal> principals = subject.getPrincipals();
|
||||
LOGGER.trace("Public principals of caller: {}", principals);
|
||||
for (Principal pC : principals) {
|
||||
if (!(pC instanceof Group)) {
|
||||
LOGGER.trace("Returning the first principal that is no group: {}", pC.getName());
|
||||
return pC.getName();
|
||||
}
|
||||
}
|
||||
}
|
||||
LOGGER.debug("No userid found in subject!");
|
||||
LOGGER.trace("No userid found in subject!");
|
||||
return null;
|
||||
}
|
||||
|
||||
public static List<String> getGroupIds() {
|
||||
return null;
|
||||
Subject subject = Subject.getSubject(AccessController.getContext());
|
||||
LOGGER.trace("Subject of caller: {}", subject);
|
||||
List<String> groupIds = new ArrayList<>();
|
||||
if (subject != null) {
|
||||
Set<Group> groups = subject.getPrincipals(Group.class);
|
||||
LOGGER.trace("Public groups of caller: {}", groups);
|
||||
for (Principal group : groups) {
|
||||
LOGGER.trace("Returning the groupId: {}", group.getName());
|
||||
groupIds.add(group.getName());
|
||||
}
|
||||
return groupIds;
|
||||
}
|
||||
LOGGER.trace("No groupids found in subject!");
|
||||
return groupIds;
|
||||
}
|
||||
|
||||
public static List<String> getAccessIds() {
|
||||
List<String> accessIds = new ArrayList<>();
|
||||
List<String> groupIds = getGroupIds();
|
||||
accessIds.add(getUserid());
|
||||
if (getGroupIds() != null) {
|
||||
accessIds.addAll(getGroupIds());
|
||||
}
|
||||
if (accessIds.isEmpty()) {
|
||||
return null;
|
||||
if (!groupIds.isEmpty()) {
|
||||
accessIds.addAll(groupIds);
|
||||
}
|
||||
return accessIds;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
package pro.taskana.security;
|
||||
|
||||
import java.security.Principal;
|
||||
import java.security.acl.Group;
|
||||
import java.util.Collections;
|
||||
import java.util.Enumeration;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* Represents a group with a name and a set of members.
|
||||
*/
|
||||
public class GroupPrincipal implements Group {
|
||||
|
||||
private String name;
|
||||
private Set<Principal> members;
|
||||
|
||||
public GroupPrincipal(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return this.name;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean addMember(Principal user) {
|
||||
return this.members.add(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean removeMember(Principal user) {
|
||||
return this.members.remove(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isMember(Principal member) {
|
||||
return this.members.contains(member);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Enumeration<? extends Principal> members() {
|
||||
return Collections.enumeration(this.members);
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
package pro.taskana.security;
|
||||
|
||||
import java.security.Principal;
|
||||
|
||||
/**
|
||||
* Represents a user principal with a name.
|
||||
*/
|
||||
public class UserPrincipal implements Principal {
|
||||
|
||||
private String name;
|
||||
|
||||
public UserPrincipal(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return this.name;
|
||||
}
|
||||
|
||||
}
|
|
@ -1,21 +1,29 @@
|
|||
package pro.taskana.impl.integration;
|
||||
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.InputStreamReader;
|
||||
import java.security.Principal;
|
||||
import java.security.PrivilegedActionException;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.sql.Connection;
|
||||
import java.sql.SQLException;
|
||||
import java.sql.Timestamp;
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.login.LoginException;
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.apache.ibatis.jdbc.ScriptRunner;
|
||||
import org.h2.store.fs.FileUtils;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
|
||||
import pro.taskana.Classification;
|
||||
|
@ -42,6 +50,8 @@ import pro.taskana.model.ObjectReference;
|
|||
import pro.taskana.model.Task;
|
||||
import pro.taskana.model.TaskState;
|
||||
import pro.taskana.model.Workbasket;
|
||||
import pro.taskana.security.GroupPrincipal;
|
||||
import pro.taskana.security.UserPrincipal;
|
||||
|
||||
/**
|
||||
* Integration Test for TaskServiceImpl transactions with connection management mode EXPLICIT.
|
||||
|
@ -54,6 +64,7 @@ public class TaskServiceImplIntExplicitTest {
|
|||
private TaskanaEngineConfiguration taskanaEngineConfiguration;
|
||||
private TaskanaEngine taskanaEngine;
|
||||
private TaskanaEngineImpl taskanaEngineImpl;
|
||||
private Subject subject;
|
||||
|
||||
@BeforeClass
|
||||
public static void resetDb() throws SQLException {
|
||||
|
@ -65,17 +76,49 @@ public class TaskServiceImplIntExplicitTest {
|
|||
@Before
|
||||
public void setup() throws FileNotFoundException, SQLException, LoginException {
|
||||
dataSource = TaskanaEngineConfigurationTest.getDataSource();
|
||||
taskanaEngineConfiguration = new TaskanaEngineConfiguration(dataSource, false, false);
|
||||
taskanaEngineConfiguration = new TaskanaEngineConfiguration(dataSource, false);
|
||||
taskanaEngine = taskanaEngineConfiguration.buildTaskanaEngine();
|
||||
taskServiceImpl = (TaskServiceImpl) taskanaEngine.getTaskService();
|
||||
taskanaEngineImpl = (TaskanaEngineImpl) taskanaEngine;
|
||||
taskanaEngineImpl.setConnectionManagementMode(ConnectionManagementMode.EXPLICIT);
|
||||
DBCleaner cleaner = new DBCleaner();
|
||||
cleaner.clearDb(dataSource, false);
|
||||
|
||||
subject = new Subject();
|
||||
List<Principal> principalList = new ArrayList<>();
|
||||
principalList.add(new UserPrincipal("Elena"));
|
||||
principalList.add(new GroupPrincipal("group1"));
|
||||
principalList.add(new GroupPrincipal("group2"));
|
||||
principalList.add(new GroupPrincipal("group3"));
|
||||
subject.getPrincipals().addAll(principalList);
|
||||
|
||||
try {
|
||||
Connection connection = dataSource.getConnection();
|
||||
ScriptRunner runner = new ScriptRunner(connection);
|
||||
runner.runScript(
|
||||
new InputStreamReader(this.getClass().getResourceAsStream("/sql/workbasket-access-list.sql")));
|
||||
|
||||
} catch (SQLException e1) {
|
||||
e1.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testStart() throws FileNotFoundException, SQLException, TaskNotFoundException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
|
||||
public void testCreateTask() throws Throwable {
|
||||
try {
|
||||
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {
|
||||
@Override
|
||||
public Object run() throws TaskNotFoundException, WorkbasketNotFoundException, FileNotFoundException, NotAuthorizedException, SQLException, ClassificationNotFoundException, ClassificationAlreadyExistException {
|
||||
do_testCreateTask();
|
||||
return null;
|
||||
}
|
||||
});
|
||||
} catch (PrivilegedActionException e) {
|
||||
throw e.getCause();
|
||||
}
|
||||
}
|
||||
|
||||
public void do_testCreateTask() throws FileNotFoundException, SQLException, TaskNotFoundException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
|
||||
Connection connection = dataSource.getConnection();
|
||||
taskanaEngineImpl.setConnection(connection);
|
||||
|
||||
|
@ -90,16 +133,17 @@ public class TaskServiceImplIntExplicitTest {
|
|||
connection.commit();
|
||||
}
|
||||
|
||||
@Ignore
|
||||
@Test(expected = TaskNotFoundException.class)
|
||||
public void testStartTransactionFail()
|
||||
throws FileNotFoundException, SQLException, TaskNotFoundException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
|
||||
Connection connection = dataSource.getConnection();
|
||||
taskanaEngineImpl.setConnection(connection);
|
||||
// taskServiceImpl = (TaskServiceImpl) taskanaEngine.getTaskService();
|
||||
|
||||
Workbasket workbasket = new Workbasket();
|
||||
workbasket.setName("workbasket");
|
||||
Classification classification = (Classification) new ClassificationImpl();
|
||||
workbasket.setId("1"); // set id manually for authorization tests
|
||||
taskanaEngine.getWorkbasketService().createWorkbasket(workbasket);
|
||||
taskanaEngine.getClassificationService().createClassification(classification);
|
||||
|
||||
|
@ -132,6 +176,7 @@ public class TaskServiceImplIntExplicitTest {
|
|||
Workbasket workbasket = new Workbasket();
|
||||
workbasket.setName("workbasket");
|
||||
Classification classification = (Classification) new ClassificationImpl();
|
||||
workbasket.setName("workbasket99");
|
||||
workbasketServiceImpl.createWorkbasket(workbasket);
|
||||
classificationServiceImpl.createClassification(classification);
|
||||
|
||||
|
@ -147,6 +192,7 @@ public class TaskServiceImplIntExplicitTest {
|
|||
te.setConnection(null);
|
||||
}
|
||||
|
||||
@Ignore
|
||||
@Test
|
||||
public void testCreateTaskWithPlannedAndName() throws SQLException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
|
||||
Connection connection = dataSource.getConnection();
|
||||
|
@ -198,10 +244,11 @@ public class TaskServiceImplIntExplicitTest {
|
|||
taskanaEngineImpl.setConnection(connection);
|
||||
|
||||
Task test = this.generateDummyTask();
|
||||
test.setWorkbasketId("1");
|
||||
test.setWorkbasketId("2");
|
||||
taskServiceImpl.createTask(test);
|
||||
}
|
||||
|
||||
@Ignore
|
||||
@Test(expected = ClassificationNotFoundException.class)
|
||||
public void createManualTaskShouldThrowClassificationNotFoundException() throws NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, SQLException, ClassificationAlreadyExistException {
|
||||
Connection connection = dataSource.getConnection();
|
||||
|
@ -213,14 +260,28 @@ public class TaskServiceImplIntExplicitTest {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void should_ReturnList_when_BuilderIsUsed() throws SQLException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
|
||||
public void should_ReturnList_when_BuilderIsUsed() throws Throwable {
|
||||
try {
|
||||
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {
|
||||
@Override
|
||||
public Object run() throws WorkbasketNotFoundException, NotAuthorizedException, SQLException, ClassificationNotFoundException, ClassificationAlreadyExistException {
|
||||
do_should_ReturnList_when_BuilderIsUsed();
|
||||
return null;
|
||||
}
|
||||
});
|
||||
} catch (PrivilegedActionException e) {
|
||||
throw e.getCause();
|
||||
}
|
||||
}
|
||||
|
||||
public void do_should_ReturnList_when_BuilderIsUsed() throws SQLException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
|
||||
Connection connection = dataSource.getConnection();
|
||||
taskanaEngineImpl.setConnection(connection);
|
||||
|
||||
Workbasket workbasket = new Workbasket();
|
||||
workbasket.setName("workbasket");
|
||||
Classification classification = (Classification) new ClassificationImpl();
|
||||
workbasket.setId("1"); // set id manually for authorization tests
|
||||
taskanaEngine.getWorkbasketService().createWorkbasket(workbasket);
|
||||
taskanaEngine.getClassificationService().createClassification(classification);
|
||||
|
||||
|
@ -240,7 +301,7 @@ public class TaskServiceImplIntExplicitTest {
|
|||
.systemInstance("sysInst1", "sysInst2").value("val1", "val2", "val3");
|
||||
|
||||
List<Task> results = taskServiceImpl.createTaskQuery().name("bla", "test").descriptionLike("test")
|
||||
.priority(1, 2, 2).state(TaskState.CLAIMED).workbasketId("asd", "asdasdasd")
|
||||
.priority(1, 2, 2).state(TaskState.CLAIMED).workbasketId("1", "2")
|
||||
.owner("test", "test2", "bla").customFields("test").classification(classificationQuery)
|
||||
.objectReference(objectReferenceQuery).list();
|
||||
|
||||
|
@ -251,6 +312,7 @@ public class TaskServiceImplIntExplicitTest {
|
|||
private Task generateDummyTask() throws ClassificationAlreadyExistException {
|
||||
Workbasket workbasket = new Workbasket();
|
||||
workbasket.setName("wb");
|
||||
workbasket.setId("1"); // set id manually for authorization tests
|
||||
taskanaEngine.getWorkbasketService().createWorkbasket(workbasket);
|
||||
|
||||
Classification classification = (Classification) new ClassificationImpl();
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('1', '1', 'Elena', true, true, true, true, true, false, false, false, false, false, false, false, false);
|
||||
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('2', '2', 'Elena', true, true, true, true, true, true, true, true, true, false, false, false, false);
|
||||
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('3', '3', 'Simone', true, true, true, true, true, true, true, true, true, true, true, true, true);
|
|
@ -4,6 +4,9 @@ import org.springframework.security.authentication.AuthenticationProvider;
|
|||
import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
import pro.taskana.security.GroupPrincipal;
|
||||
import pro.taskana.security.UserPrincipal;
|
||||
|
||||
public class CustomAutenticationProvider implements AuthenticationProvider {
|
||||
private AuthenticationProvider delegate;
|
||||
|
||||
|
@ -17,14 +20,18 @@ public class CustomAutenticationProvider implements AuthenticationProvider {
|
|||
.authenticate(authentication);
|
||||
|
||||
if (jaasAuthenticationToken.isAuthenticated()) {
|
||||
jaasAuthenticationToken.getLoginContext().getSubject().getPublicCredentials().add(jaasAuthenticationToken.getPrincipal());
|
||||
String userName = jaasAuthenticationToken.getPrincipal().toString();
|
||||
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new UserPrincipal(userName));
|
||||
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group1"));
|
||||
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group2"));
|
||||
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group3"));
|
||||
return jaasAuthenticationToken;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
@Override
|
||||
public boolean supports(Class<?> authentication) {
|
||||
return delegate.supports(authentication);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue