Examples of org.sonatype.security.SecuritySystem

org.sonatype.security.SecuritySystem
This is a facade around all things security ( authentication, authorization, user management, and configuration ). It is meant to be the single point of access. @author Brian Demers


  public void testCacheManagerInit()
      throws Exception
  {
    // Start up security
    SecuritySystem securitySystem = this.lookup(SecuritySystem.class);
    RealmSecurityManager plexusSecurityManager = this.lookup(RealmSecurityManager.class, "default");


    List<String> realms = securitySystem.getRealms();
    realms.clear();
    realms.add(SimpleAccountRealm.class.getName());
    securitySystem.setRealms(realms);


    // now if we grab one of the realms from the Realm locator, it should have its cache set
    CachingRealm cRealm1 = (CachingRealm) plexusSecurityManager.getRealms().iterator().next();
    Assert.assertNotNull("Realm has null cacheManager", cRealm1.getCacheManager());


    // // so far so good, the cacheManager should be set on all the child realms, but what if we add one after the
    // init method?
    realms.add(SimpleAccountRealm.class.getName());
    securitySystem.setRealms(realms);


    // this list should have exactly 2 elements
    Assert.assertEquals(2, plexusSecurityManager.getRealms().size());


    for (Realm realm : plexusSecurityManager.getRealms()) {

View Full Code Here

{


  public void testGetSubjectFromThread()
      throws Exception
  {
    SecuritySystem securitySystem = this.lookup(SecuritySystem.class);
    securitySystem.start();


    // need to bind to a request
    // this.setupLoginContext( "testGetSubjectFromThread" );


    Assert.assertNotNull(securitySystem.login(new UsernamePasswordToken("jcoder", "jcoder")));


    // WebUtils.unbindServletRequest();
    // WebUtils.unbindServletResponse();
    //
    // now with the thread
    SubjectRetrievingThread thread = new SubjectRetrievingThread(this);


    thread.setContextClassLoader(null);
    thread.start();
    thread.join(500);
    Assert.assertNotNull(thread.getSubject());
    Subject subject = thread.getSubject();
    Assert.assertTrue(subject.hasRole("RoleA"));


    // if we login again with the jcoder user we should need to bind the request again
    try {
      securitySystem.login(new UsernamePasswordToken("jcoder", "jcoder"));
      Assert.fail("Expected IllegalStateException");
    }
    catch (IllegalStateException e) {
      // this is not a great exception to catch...
      // but we check the success on the next call
    }


    this.setupLoginContext("testGetSubjectFromThread-again");
    subject = securitySystem.login(new UsernamePasswordToken("jcoder", "jcoder"));
    Assert.assertNotNull(subject);


  }

View Full Code Here

  }


  public void testSetUsersRoles()
      throws Exception
  {
    SecuritySystem securitySystem = this.getSecuritySystem();


    Set<RoleIdentifier> roleIdentifiers = new HashSet<RoleIdentifier>();
    RoleIdentifier roleIdentifier = new RoleIdentifier("default", "role2");
    roleIdentifiers.add(roleIdentifier);


    securitySystem.setUsersRoles("admin", "default", roleIdentifiers);


    Configuration securityModel = this.getSecurityConfiguration();


    boolean found = false;
    for (CUserRoleMapping roleMapping : securityModel.getUserRoleMappings()) {

View Full Code Here

  }


  public void testSetUserRolesForAnonymous()
      throws Exception
  {
    SecuritySystem securitySystem = this.getSecuritySystem();


    User anon = securitySystem.getUser(securitySystem.getAnonymousUsername(), "default");


    Set<RoleIdentifier> roles = new HashSet<RoleIdentifier>();


    roles.add(new RoleIdentifier("default", "role3"));


    securitySystem.setUsersRoles(anon.getUserId(), anon.getSource(), roles);


    boolean found = false;
    for (CUserRoleMapping roleMapping : getSecurityConfiguration().getUserRoleMappings()) {
      if (roleMapping.getUserId().equals(securitySystem.getAnonymousUsername())) {
        found = true;


        Assert.assertEquals(1, roleMapping.getRoles().size());
        Assert.assertEquals("role3", roleMapping.getRoles().get(0));
      }

View Full Code Here

    injector = Guice.createInjector(getWireModule());
  }


  @Test
  public void testInjectionIsSetupCorrectly() {
    SecuritySystem securitySystem = injector.getInstance(SecuritySystem.class);


    SecurityManager securityManager = injector.getInstance(SecurityManager.class);


    RealmSecurityManager realmSecurityManager =
        (RealmSecurityManager) injector.getInstance(WebSecurityManager.class);


    assertThat(securitySystem.getSecurityManager(), sameInstance(securityManager));
    assertThat(securitySystem.getSecurityManager(), sameInstance(realmSecurityManager));


    assertThat(securityManager, instanceOf(DefaultWebSecurityManager.class));
    DefaultSecurityManager defaultSecurityManager = (DefaultSecurityManager) securityManager;


    assertThat(defaultSecurityManager.getSessionManager(), instanceOf(DefaultWebSessionManager.class));

View Full Code Here

   */
  @Test
  public void testValidAuthentication()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);
    AuthenticationToken token = new UsernamePasswordToken("admin-simple", "admin123");
    AuthenticationInfo authInfo = plexusSecurity.authenticate(token);


    // check
    Assert.assertNotNull(authInfo);
  }

View Full Code Here

   */
  @Test
  public void testInvalidPasswordAuthentication()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);
    AuthenticationToken token = new UsernamePasswordToken("admin-simple", "INVALID");


    try {
      plexusSecurity.authenticate(token);
    }
    catch (AuthenticationException e) {
      // expected
    }
  }

View Full Code Here

   */
  @Test
  public void testInvalidUserAuthentication()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);
    AuthenticationToken token = new UsernamePasswordToken("INVALID", "INVALID");


    try {
      plexusSecurity.authenticate(token);
    }
    catch (AuthenticationException e) {
      // expected
    }
  }

View Full Code Here

   */
  @Test
  public void testPrivileges()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);


    PrincipalCollection principal = new SimplePrincipalCollection("admin-simple", new SimpleRealm().getName());


    // test one of the privleges that the admin user has Repositories - (create,read)
    Assert.assertTrue(plexusSecurity.isPermitted(principal, "nexus:repositories:create"));
  }

View Full Code Here

   */
  @Test
  public void testPrivilegesInvalidUser()
      throws Exception
  {
    SecuritySystem plexusSecurity = this.lookup(SecuritySystem.class);


    PrincipalCollection principal = new SimplePrincipalCollection("INVALID", SecuritySystem.class.getSimpleName());


    // test one of the privleges
    Assert.assertFalse(plexusSecurity.isPermitted(principal, "nexus:repositories:create"));// Repositories -
    // (create,read)


  }

View Full Code Here

0 1

TOP

Related Classes of org.sonatype.security.SecuritySystem

org.sonatype.nexus.proxy.repository.AccessTest

org.sonatype.security.guice.SecurityModuleTest

org.sonatype.security.ldap.usermanagement.LdapUserManagerIT

org.sonatype.security.locators.AdditinalRoleSecuritySystemTest

org.sonatype.security.locators.MissingRoleUserManagerTest

org.sonatype.security.realms.ExternalRoleMappedTest

org.sonatype.security.realms.simple.SimpleRealmTest

org.sonatype.security.rest.AbstractSecurityPlexusResource

org.sonatype.security.usermanagement.xml.UserManagerTest

org.sonatype.security.web.DifferentThreadAuthenticationTestSkipped

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.