Merge branch 'master' of https://github.com/Taskana/taskana into TSK-61

This commit is contained in:
Marcel Lengl 2017-12-08 15:12:38 +01:00
commit 663c79c6d2
6 changed files with 175 additions and 21 deletions

View File

@ -6,6 +6,8 @@ import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
@ -88,31 +90,44 @@ public final class CurrentUserContext {
private static String getUseridFromJAASSubject() {
Subject subject = Subject.getSubject(AccessController.getContext());
LOGGER.debug("Subject of caller: {}", subject);
LOGGER.trace("Subject of caller: {}", subject);
if (subject != null) {
Set<Object> publicCredentials = subject.getPublicCredentials();
LOGGER.debug("Public credentials of caller: {}", publicCredentials);
for (Object pC : publicCredentials) {
LOGGER.debug("Returning the first public credential: {}", pC.toString());
return pC.toString();
Set<Principal> principals = subject.getPrincipals();
LOGGER.trace("Public principals of caller: {}", principals);
for (Principal pC : principals) {
if (!(pC instanceof Group)) {
LOGGER.trace("Returning the first principal that is no group: {}", pC.getName());
return pC.getName();
}
}
}
LOGGER.debug("No userid found in subject!");
LOGGER.trace("No userid found in subject!");
return null;
}
public static List<String> getGroupIds() {
return null;
Subject subject = Subject.getSubject(AccessController.getContext());
LOGGER.trace("Subject of caller: {}", subject);
List<String> groupIds = new ArrayList<>();
if (subject != null) {
Set<Group> groups = subject.getPrincipals(Group.class);
LOGGER.trace("Public groups of caller: {}", groups);
for (Principal group : groups) {
LOGGER.trace("Returning the groupId: {}", group.getName());
groupIds.add(group.getName());
}
return groupIds;
}
LOGGER.trace("No groupids found in subject!");
return groupIds;
}
public static List<String> getAccessIds() {
List<String> accessIds = new ArrayList<>();
List<String> groupIds = getGroupIds();
accessIds.add(getUserid());
if (getGroupIds() != null) {
accessIds.addAll(getGroupIds());
}
if (accessIds.isEmpty()) {
return null;
if (!groupIds.isEmpty()) {
accessIds.addAll(groupIds);
}
return accessIds;
}

View File

@ -0,0 +1,46 @@
package pro.taskana.security;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Set;
/**
* Represents a group with a name and a set of members.
*/
public class GroupPrincipal implements Group {
private String name;
private Set<Principal> members;
public GroupPrincipal(String name) {
this.name = name;
}
@Override
public String getName() {
return this.name;
}
@Override
public boolean addMember(Principal user) {
return this.members.add(user);
}
@Override
public boolean removeMember(Principal user) {
return this.members.remove(user);
}
@Override
public boolean isMember(Principal member) {
return this.members.contains(member);
}
@Override
public Enumeration<? extends Principal> members() {
return Collections.enumeration(this.members);
}
}

View File

@ -0,0 +1,21 @@
package pro.taskana.security;
import java.security.Principal;
/**
* Represents a user principal with a name.
*/
public class UserPrincipal implements Principal {
private String name;
public UserPrincipal(String name) {
this.name = name;
}
@Override
public String getName() {
return this.name;
}
}

View File

@ -1,21 +1,29 @@
package pro.taskana.impl.integration;
import java.io.FileNotFoundException;
import java.io.InputStreamReader;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.sql.DataSource;
import org.apache.ibatis.jdbc.ScriptRunner;
import org.h2.store.fs.FileUtils;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import pro.taskana.Classification;
@ -42,6 +50,8 @@ import pro.taskana.model.ObjectReference;
import pro.taskana.model.Task;
import pro.taskana.model.TaskState;
import pro.taskana.model.Workbasket;
import pro.taskana.security.GroupPrincipal;
import pro.taskana.security.UserPrincipal;
/**
* Integration Test for TaskServiceImpl transactions with connection management mode EXPLICIT.
@ -54,6 +64,7 @@ public class TaskServiceImplIntExplicitTest {
private TaskanaEngineConfiguration taskanaEngineConfiguration;
private TaskanaEngine taskanaEngine;
private TaskanaEngineImpl taskanaEngineImpl;
private Subject subject;
@BeforeClass
public static void resetDb() throws SQLException {
@ -65,17 +76,49 @@ public class TaskServiceImplIntExplicitTest {
@Before
public void setup() throws FileNotFoundException, SQLException, LoginException {
dataSource = TaskanaEngineConfigurationTest.getDataSource();
taskanaEngineConfiguration = new TaskanaEngineConfiguration(dataSource, false, false);
taskanaEngineConfiguration = new TaskanaEngineConfiguration(dataSource, false);
taskanaEngine = taskanaEngineConfiguration.buildTaskanaEngine();
taskServiceImpl = (TaskServiceImpl) taskanaEngine.getTaskService();
taskanaEngineImpl = (TaskanaEngineImpl) taskanaEngine;
taskanaEngineImpl.setConnectionManagementMode(ConnectionManagementMode.EXPLICIT);
DBCleaner cleaner = new DBCleaner();
cleaner.clearDb(dataSource, false);
subject = new Subject();
List<Principal> principalList = new ArrayList<>();
principalList.add(new UserPrincipal("Elena"));
principalList.add(new GroupPrincipal("group1"));
principalList.add(new GroupPrincipal("group2"));
principalList.add(new GroupPrincipal("group3"));
subject.getPrincipals().addAll(principalList);
try {
Connection connection = dataSource.getConnection();
ScriptRunner runner = new ScriptRunner(connection);
runner.runScript(
new InputStreamReader(this.getClass().getResourceAsStream("/sql/workbasket-access-list.sql")));
} catch (SQLException e1) {
e1.printStackTrace();
}
}
@Test
public void testStart() throws FileNotFoundException, SQLException, TaskNotFoundException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
public void testCreateTask() throws Throwable {
try {
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws TaskNotFoundException, WorkbasketNotFoundException, FileNotFoundException, NotAuthorizedException, SQLException, ClassificationNotFoundException, ClassificationAlreadyExistException {
do_testCreateTask();
return null;
}
});
} catch (PrivilegedActionException e) {
throw e.getCause();
}
}
public void do_testCreateTask() throws FileNotFoundException, SQLException, TaskNotFoundException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
Connection connection = dataSource.getConnection();
taskanaEngineImpl.setConnection(connection);
@ -90,16 +133,17 @@ public class TaskServiceImplIntExplicitTest {
connection.commit();
}
@Ignore
@Test(expected = TaskNotFoundException.class)
public void testStartTransactionFail()
throws FileNotFoundException, SQLException, TaskNotFoundException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
Connection connection = dataSource.getConnection();
taskanaEngineImpl.setConnection(connection);
// taskServiceImpl = (TaskServiceImpl) taskanaEngine.getTaskService();
Workbasket workbasket = new Workbasket();
workbasket.setName("workbasket");
Classification classification = (Classification) new ClassificationImpl();
workbasket.setId("1"); // set id manually for authorization tests
taskanaEngine.getWorkbasketService().createWorkbasket(workbasket);
taskanaEngine.getClassificationService().createClassification(classification);
@ -132,6 +176,7 @@ public class TaskServiceImplIntExplicitTest {
Workbasket workbasket = new Workbasket();
workbasket.setName("workbasket");
Classification classification = (Classification) new ClassificationImpl();
workbasket.setName("workbasket99");
workbasketServiceImpl.createWorkbasket(workbasket);
classificationServiceImpl.createClassification(classification);
@ -147,6 +192,7 @@ public class TaskServiceImplIntExplicitTest {
te.setConnection(null);
}
@Ignore
@Test
public void testCreateTaskWithPlannedAndName() throws SQLException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
Connection connection = dataSource.getConnection();
@ -198,10 +244,11 @@ public class TaskServiceImplIntExplicitTest {
taskanaEngineImpl.setConnection(connection);
Task test = this.generateDummyTask();
test.setWorkbasketId("1");
test.setWorkbasketId("2");
taskServiceImpl.createTask(test);
}
@Ignore
@Test(expected = ClassificationNotFoundException.class)
public void createManualTaskShouldThrowClassificationNotFoundException() throws NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, SQLException, ClassificationAlreadyExistException {
Connection connection = dataSource.getConnection();
@ -213,14 +260,28 @@ public class TaskServiceImplIntExplicitTest {
}
@Test
public void should_ReturnList_when_BuilderIsUsed() throws SQLException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
public void should_ReturnList_when_BuilderIsUsed() throws Throwable {
try {
Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws WorkbasketNotFoundException, NotAuthorizedException, SQLException, ClassificationNotFoundException, ClassificationAlreadyExistException {
do_should_ReturnList_when_BuilderIsUsed();
return null;
}
});
} catch (PrivilegedActionException e) {
throw e.getCause();
}
}
public void do_should_ReturnList_when_BuilderIsUsed() throws SQLException, NotAuthorizedException, WorkbasketNotFoundException, ClassificationNotFoundException, ClassificationAlreadyExistException {
Connection connection = dataSource.getConnection();
taskanaEngineImpl.setConnection(connection);
Workbasket workbasket = new Workbasket();
workbasket.setName("workbasket");
Classification classification = (Classification) new ClassificationImpl();
workbasket.setId("1"); // set id manually for authorization tests
taskanaEngine.getWorkbasketService().createWorkbasket(workbasket);
taskanaEngine.getClassificationService().createClassification(classification);
@ -240,7 +301,7 @@ public class TaskServiceImplIntExplicitTest {
.systemInstance("sysInst1", "sysInst2").value("val1", "val2", "val3");
List<Task> results = taskServiceImpl.createTaskQuery().name("bla", "test").descriptionLike("test")
.priority(1, 2, 2).state(TaskState.CLAIMED).workbasketId("asd", "asdasdasd")
.priority(1, 2, 2).state(TaskState.CLAIMED).workbasketId("1", "2")
.owner("test", "test2", "bla").customFields("test").classification(classificationQuery)
.objectReference(objectReferenceQuery).list();
@ -251,6 +312,7 @@ public class TaskServiceImplIntExplicitTest {
private Task generateDummyTask() throws ClassificationAlreadyExistException {
Workbasket workbasket = new Workbasket();
workbasket.setName("wb");
workbasket.setId("1"); // set id manually for authorization tests
taskanaEngine.getWorkbasketService().createWorkbasket(workbasket);
Classification classification = (Classification) new ClassificationImpl();

View File

@ -0,0 +1,3 @@
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('1', '1', 'Elena', true, true, true, true, true, false, false, false, false, false, false, false, false);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('2', '2', 'Elena', true, true, true, true, true, true, true, true, true, false, false, false, false);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('3', '3', 'Simone', true, true, true, true, true, true, true, true, true, true, true, true, true);

View File

@ -4,6 +4,9 @@ import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
import org.springframework.security.core.Authentication;
import pro.taskana.security.GroupPrincipal;
import pro.taskana.security.UserPrincipal;
public class CustomAutenticationProvider implements AuthenticationProvider {
private AuthenticationProvider delegate;
@ -17,14 +20,18 @@ public class CustomAutenticationProvider implements AuthenticationProvider {
.authenticate(authentication);
if (jaasAuthenticationToken.isAuthenticated()) {
jaasAuthenticationToken.getLoginContext().getSubject().getPublicCredentials().add(jaasAuthenticationToken.getPrincipal());
String userName = jaasAuthenticationToken.getPrincipal().toString();
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new UserPrincipal(userName));
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group1"));
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group2"));
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group3"));
return jaasAuthenticationToken;
} else {
return null;
}
}
@Override
@Override
public boolean supports(Class<?> authentication) {
return delegate.supports(authentication);
}