/** * Sets the security context per last updater of the current process instance's job definition. * * @param applicationUser the application user */ protected void setSecurityContext(ApplicationUser applicationUser) { userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken( new SecurityUserWrapper(applicationUser.getUserId(), "", true, true, true, true, Collections.emptyList(), applicationUser), null)); }
isNamespaceAuthorizationAdmin(userId)) applicationUser.setNamespaceAuthorizations(getAllNamespaceAuthorizations()); .getUserNamespaceAuthorizationsByUserId(userId)) namespaceAuthorizations.add(toNamespaceAuthorization(userNamespaceAuthorizationEntity)); namespaceAuthorizations.add(toNamespaceAuthorization(wildcardEntity));
/** * Returns a list of namespace authorizations for all namespaces registered in the system and with all permissions enabled. * * @return namespacePermissions the list of namespace authorizations */ public Set<NamespaceAuthorization> getAllNamespaceAuthorizations() { Set<NamespaceAuthorization> namespaceAuthorizations = new LinkedHashSet<>(); List<NamespaceKey> namespaceKeys = namespaceDao.getNamespaces(); for (NamespaceKey namespaceKey : namespaceKeys) { NamespaceAuthorization namespaceAuthorization = new NamespaceAuthorization(); namespaceAuthorizations.add(namespaceAuthorization); namespaceAuthorization.setNamespace(namespaceKey.getNamespaceCode()); namespaceAuthorization.setNamespacePermissions(getAllNamespacePermissions()); } return namespaceAuthorizations; }
/** * Converts the given UserNamespaceAuthorizationEntity to NamespaceAuthorization. * * @param userNamespaceAuthorizationEntity The UserNamespaceAuthorizationEntity * * @return The NamespaceAuthorization */ private NamespaceAuthorization toNamespaceAuthorization(UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity) { NamespaceAuthorization namespaceAuthorization = new NamespaceAuthorization(); namespaceAuthorization.setNamespace(userNamespaceAuthorizationEntity.getNamespace().getCode()); namespaceAuthorization.setNamespacePermissions(getNamespacePermissions(userNamespaceAuthorizationEntity)); return namespaceAuthorization; }
/** * Builds the application user. * * @param request the HTTP servlet request. * @param includeRoles If true, the user's roles will be included. Otherwise, not. * * @return the application user. */ protected ApplicationUser buildUser(HttpServletRequest request, boolean includeRoles) { ApplicationUser applicationUser = new ApplicationUser(this.getClass()); applicationUser.setUserId(TRUSTED_USER_ID); applicationUser.setFirstName(TRUSTED_USER_FIRST_NAME); applicationUser.setLastName(TRUSTED_USER_LAST_NAME); applicationUser.setEmail(TRUSTED_USER_EMAIL); applicationUser.setSessionId(request.getSession().getId()); applicationUser.setNamespaceAuthorizations(userNamespaceAuthorizationHelper.getAllNamespaceAuthorizations()); if (includeRoles) { Set<String> roles = new HashSet<>(); roles.add(TRUSTED_USER_ROLE); applicationUser.setRoles(roles); } return applicationUser; } }
/** * Converts the given UserNamespaceAuthorizationEntity to NamespaceAuthorization. * * @param userNamespaceAuthorizationEntity The UserNamespaceAuthorizationEntity * * @return The NamespaceAuthorization */ private NamespaceAuthorization toNamespaceAuthorization(UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity) { NamespaceAuthorization namespaceAuthorization = new NamespaceAuthorization(); namespaceAuthorization.setNamespace(userNamespaceAuthorizationEntity.getNamespace().getCode()); namespaceAuthorization.setNamespacePermissions(getNamespacePermissions(userNamespaceAuthorizationEntity)); return namespaceAuthorization; }
/** * Sets the security context per last updater of the current process instance's job definition. * * @param applicationUser the application user */ protected void setSecurityContext(ApplicationUser applicationUser) { userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken( new SecurityUserWrapper(applicationUser.getUserId(), "", true, true, true, true, Collections.emptyList(), applicationUser), null)); }
isNamespaceAuthorizationAdmin(userId)) applicationUser.setNamespaceAuthorizations(getAllNamespaceAuthorizations()); .getUserNamespaceAuthorizationsByUserId(userId)) namespaceAuthorizations.add(toNamespaceAuthorization(userNamespaceAuthorizationEntity)); namespaceAuthorizations.add(toNamespaceAuthorization(wildcardEntity));
@Test public void testCreateUserNamespaceAuthorizationHappyPath() { when(alternateKeyHelper.validateStringParameter("namespace", NAMESPACE_VALUE)).thenReturn(NAMESPACE_VALUE); when(alternateKeyHelper.validateStringParameter("user id", USER_ID_VALUE)).thenReturn(USER_ID_VALUE); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationByKey(USER_NAMESPACE_AUTHORIZATION_KEY)).thenReturn(null); when(namespaceDaoHelper.getNamespaceEntity(NAMESPACE_VALUE)).thenReturn(NAMESPACE_ENTITY); when(userNamespaceAuthorizationDao.saveAndRefresh(any())).thenReturn(USER_NAMESPACE_AUTHORIZATION_ENTITY); when(userNamespaceAuthorizationHelper.getNamespacePermissions(USER_NAMESPACE_AUTHORIZATION_ENTITY)).thenReturn(NAMESPACE_PERMISSIONS); UserNamespaceAuthorization userNamespaceAuthorization = userNamespaceAuthorizationService.createUserNamespaceAuthorization(USER_NAMESPACE_AUTHORIZATION_CREATE_REQUEST); assertEquals(USER_NAMESPACE_AUTHORIZATION_ID, userNamespaceAuthorization.getId()); assertEquals(USER_NAMESPACE_AUTHORIZATION_KEY, userNamespaceAuthorization.getUserNamespaceAuthorizationKey()); assertEquals(NAMESPACE_PERMISSIONS, userNamespaceAuthorization.getNamespacePermissions()); verify(alternateKeyHelper).validateStringParameter("namespace", NAMESPACE_VALUE); verify(alternateKeyHelper).validateStringParameter("user id", USER_ID_VALUE); verify(namespaceDaoHelper).getNamespaceEntity(NAMESPACE_VALUE); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationByKey(USER_NAMESPACE_AUTHORIZATION_KEY); verify(userNamespaceAuthorizationDao).saveAndRefresh(any(UserNamespaceAuthorizationEntity.class)); verify(messageNotificationEventService).processUserNamespaceAuthorizationChangeNotificationEvent(USER_NAMESPACE_AUTHORIZATION_KEY); verify(userNamespaceAuthorizationHelper).getNamespacePermissions(USER_NAMESPACE_AUTHORIZATION_ENTITY); verifyNoMoreInteractionsHelper(); }
/** * Returns a list of namespace authorizations for all namespaces registered in the system and with all permissions enabled. * * @return namespacePermissions the list of namespace authorizations */ public Set<NamespaceAuthorization> getAllNamespaceAuthorizations() { Set<NamespaceAuthorization> namespaceAuthorizations = new LinkedHashSet<>(); List<NamespaceKey> namespaceKeys = namespaceDao.getNamespaces(); for (NamespaceKey namespaceKey : namespaceKeys) { NamespaceAuthorization namespaceAuthorization = new NamespaceAuthorization(); namespaceAuthorizations.add(namespaceAuthorization); namespaceAuthorization.setNamespace(namespaceKey.getNamespaceCode()); namespaceAuthorization.setNamespacePermissions(getAllNamespacePermissions()); } return namespaceAuthorizations; }
/** * Builds the application user from the header map. * * @param headerMap the map of headers. * @param includeRoles If true, the user's roles will be included. Otherwise, not. * * @return the application user. */ protected ApplicationUser buildUser(Map<String, String> headerMap, boolean includeRoles) { LOGGER.debug("Creating Application User From Headers"); Map<String, String> headerNames = getHeaderNames(); // Build the user in pieces. ApplicationUser applicationUser = createNewApplicationUser(); buildUserId(applicationUser, headerMap, headerNames.get(HTTP_HEADER_USER_ID)); buildFirstName(applicationUser, headerMap, headerNames.get(HTTP_HEADER_FIRST_NAME)); buildLastName(applicationUser, headerMap, headerNames.get(HTTP_HEADER_LAST_NAME)); buildEmail(applicationUser, headerMap, headerNames.get(HTTP_HEADER_EMAIL)); buildSessionId(applicationUser, headerMap, HTTP_HEADER_SESSION_ID); buildSessionInitTime(applicationUser, headerMap, headerNames.get(HTTP_HEADER_SESSION_INIT_TIME)); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); if (includeRoles) { buildRoles(applicationUser, headerMap, headerNames.get(HTTP_HEADER_ROLES)); } LOGGER.debug("Application user created successfully: " + applicationUser); return applicationUser; }
@Test public void testDeleteUserNamespaceAuthorizationHappyPath() { when(alternateKeyHelper.validateStringParameter("namespace", NAMESPACE_VALUE)).thenReturn(NAMESPACE_VALUE); when(alternateKeyHelper.validateStringParameter("user id", USER_ID_VALUE)).thenReturn(USER_ID_VALUE); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationByKey(USER_NAMESPACE_AUTHORIZATION_KEY)) .thenReturn(USER_NAMESPACE_AUTHORIZATION_ENTITY); when(userNamespaceAuthorizationHelper.getNamespacePermissions(USER_NAMESPACE_AUTHORIZATION_ENTITY)).thenReturn(NAMESPACE_PERMISSIONS); UserNamespaceAuthorization userNamespaceAuthorization = userNamespaceAuthorizationService.deleteUserNamespaceAuthorization(USER_NAMESPACE_AUTHORIZATION_KEY); assertEquals(USER_NAMESPACE_AUTHORIZATION_ID, userNamespaceAuthorization.getId()); assertEquals(USER_NAMESPACE_AUTHORIZATION_KEY, userNamespaceAuthorization.getUserNamespaceAuthorizationKey()); assertEquals(NAMESPACE_PERMISSIONS, userNamespaceAuthorization.getNamespacePermissions()); verify(alternateKeyHelper).validateStringParameter("namespace", NAMESPACE_VALUE); verify(alternateKeyHelper).validateStringParameter("user id", USER_ID_VALUE); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationByKey(USER_NAMESPACE_AUTHORIZATION_KEY); verify(userNamespaceAuthorizationDao).delete(any(UserNamespaceAuthorizationEntity.class)); verify(messageNotificationEventService).processUserNamespaceAuthorizationChangeNotificationEvent(USER_NAMESPACE_AUTHORIZATION_KEY); verify(userNamespaceAuthorizationHelper).getNamespacePermissions(USER_NAMESPACE_AUTHORIZATION_ENTITY); verifyNoMoreInteractionsHelper(); }
@Test public void testBuildNamespaceAuthorizationsAssertWildcardEntityNotAddedIfMatchFails() { ApplicationUser applicationUser = new ApplicationUser(getClass()); String userId = "userId"; applicationUser.setUserId(userId); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); List<UserNamespaceAuthorizationEntity> wildcardEntities = new ArrayList<>(); UserNamespaceAuthorizationEntity wildcardEntity = new UserNamespaceAuthorizationEntity(); wildcardEntity.setUserId("wildcardEntityUserId"); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode("namespace"); wildcardEntity.setNamespace(namespaceEntity); wildcardEntities.add(wildcardEntity); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserIdStartsWith(any())).thenReturn(wildcardEntities); when(wildcardHelper.matches(any(), any())).thenReturn(false); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); assertEquals(0, applicationUser.getNamespaceAuthorizations().size()); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserId(eq(userId)); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserIdStartsWith(eq(WildcardHelper.WILDCARD_TOKEN)); verify(wildcardHelper).matches(eq(userId.toUpperCase()), eq(wildcardEntity.getUserId().toUpperCase())); verifyNoMoreInteractions(userNamespaceAuthorizationDao, wildcardHelper); } }
@Test public void testUpdateUserNamespaceAuthorizationHappyPath() { when(alternateKeyHelper.validateStringParameter("namespace", NAMESPACE_VALUE)).thenReturn(NAMESPACE_VALUE); when(alternateKeyHelper.validateStringParameter("user id", USER_ID_VALUE)).thenReturn(USER_ID_VALUE); when(currentUserService.getCurrentUser()).thenReturn(USER_AUTHORIZATIONS); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationByKey(USER_NAMESPACE_AUTHORIZATION_KEY)) .thenReturn(USER_NAMESPACE_AUTHORIZATION_ENTITY); when(userNamespaceAuthorizationHelper.getNamespacePermissions(USER_NAMESPACE_AUTHORIZATION_ENTITY)).thenReturn(NAMESPACE_PERMISSIONS); UserNamespaceAuthorization userNamespaceAuthorization = userNamespaceAuthorizationService.updateUserNamespaceAuthorization(USER_NAMESPACE_AUTHORIZATION_KEY, USER_NAMESPACE_AUTHORIZATION_UPDATE_REQUEST); assertEquals(USER_NAMESPACE_AUTHORIZATION_ID, userNamespaceAuthorization.getId()); assertEquals(USER_NAMESPACE_AUTHORIZATION_KEY, userNamespaceAuthorization.getUserNamespaceAuthorizationKey()); assertEquals(NAMESPACE_PERMISSIONS, userNamespaceAuthorization.getNamespacePermissions()); verify(alternateKeyHelper).validateStringParameter("namespace", NAMESPACE_VALUE); verify(alternateKeyHelper).validateStringParameter("user id", USER_ID_VALUE); verify(currentUserService).getCurrentUser(); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationByKey(USER_NAMESPACE_AUTHORIZATION_KEY); verify(userNamespaceAuthorizationDao).saveAndRefresh(any(UserNamespaceAuthorizationEntity.class)); verify(messageNotificationEventService).processUserNamespaceAuthorizationChangeNotificationEvent(USER_NAMESPACE_AUTHORIZATION_KEY); verify(userNamespaceAuthorizationHelper).getNamespacePermissions(USER_NAMESPACE_AUTHORIZATION_ENTITY); verifyNoMoreInteractionsHelper(); }
@Test public void testBuildNamespaceAuthorizationsAssertWildcardQueryExecuted() { ApplicationUser applicationUser = new ApplicationUser(getClass()); String userId = "userId"; applicationUser.setUserId(userId); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); List<UserNamespaceAuthorizationEntity> wildcardEntities = new ArrayList<>(); UserNamespaceAuthorizationEntity wildcardEntity = new UserNamespaceAuthorizationEntity(); wildcardEntity.setUserId("wildcardEntityUserId"); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode("namespace"); wildcardEntity.setNamespace(namespaceEntity); wildcardEntities.add(wildcardEntity); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserIdStartsWith(any())).thenReturn(wildcardEntities); when(wildcardHelper.matches(any(), any())).thenReturn(true); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); assertEquals(1, applicationUser.getNamespaceAuthorizations().size()); NamespaceAuthorization namespaceAuthorization = IterableUtils.get(applicationUser.getNamespaceAuthorizations(), 0); assertEquals(namespaceEntity.getCode(), namespaceAuthorization.getNamespace()); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserId(eq(userId)); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserIdStartsWith(eq(WildcardHelper.WILDCARD_TOKEN)); verify(wildcardHelper).matches(eq(userId.toUpperCase()), eq(wildcardEntity.getUserId().toUpperCase())); verifyNoMoreInteractions(userNamespaceAuthorizationDao, wildcardHelper); }
/** * Creates the user namespace authorization from the persisted entity. * * @param userNamespaceAuthorizationEntity the user namespace authorization entity * * @return the user namespace authorization */ private UserNamespaceAuthorization createUserNamespaceAuthorizationFromEntity(UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity) { UserNamespaceAuthorization userNamespaceAuthorization = new UserNamespaceAuthorization(); userNamespaceAuthorization.setId(userNamespaceAuthorizationEntity.getId()); UserNamespaceAuthorizationKey userNamespaceAuthorizationKey = new UserNamespaceAuthorizationKey(); userNamespaceAuthorization.setUserNamespaceAuthorizationKey(userNamespaceAuthorizationKey); userNamespaceAuthorizationKey.setUserId(userNamespaceAuthorizationEntity.getUserId()); userNamespaceAuthorizationKey.setNamespace(userNamespaceAuthorizationEntity.getNamespace().getCode()); userNamespaceAuthorization.setNamespacePermissions(userNamespaceAuthorizationHelper.getNamespacePermissions(userNamespaceAuthorizationEntity)); return userNamespaceAuthorization; }
inOrder.verify(activitiService).getProcessDefinitionById(processDefinitionId); inOrder.verify(jobDefinitionDaoHelper).getJobDefinitionEntity(jobDefinitionNamespace, jobDefinitionName); inOrder.verify(userNamespaceAuthorizationHelper).buildNamespaceAuthorizations(applicationUserUserIdEq(updatedBy)); inOrder.verify(activitiRuntimeHelper).setTaskSuccessInWorkflow(delegateExecution); inOrder.verifyNoMoreInteractions();
/** * Creates the user namespace authorization from the persisted entity. * * @param userNamespaceAuthorizationEntity the user namespace authorization entity * * @return the user namespace authorization */ private UserNamespaceAuthorization createUserNamespaceAuthorizationFromEntity(UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity) { UserNamespaceAuthorization userNamespaceAuthorization = new UserNamespaceAuthorization(); userNamespaceAuthorization.setId(userNamespaceAuthorizationEntity.getId()); UserNamespaceAuthorizationKey userNamespaceAuthorizationKey = new UserNamespaceAuthorizationKey(); userNamespaceAuthorization.setUserNamespaceAuthorizationKey(userNamespaceAuthorizationKey); userNamespaceAuthorizationKey.setUserId(userNamespaceAuthorizationEntity.getUserId()); userNamespaceAuthorizationKey.setNamespace(userNamespaceAuthorizationEntity.getNamespace().getCode()); userNamespaceAuthorization.setNamespacePermissions(userNamespaceAuthorizationHelper.getNamespacePermissions(userNamespaceAuthorizationEntity)); return userNamespaceAuthorization; }
inOrder.verify(activitiService).getProcessDefinitionById(processDefinitionId); inOrder.verify(jobDefinitionDaoHelper).getJobDefinitionEntity(jobDefinitionNamespace, jobDefinitionName); inOrder.verify(userNamespaceAuthorizationHelper).buildNamespaceAuthorizations(applicationUserUserIdEq(updatedBy)); inOrder.verifyNoMoreInteractions(); verifyNoMoreInteractions(activitiService, jobDefinitionDaoHelper, userNamespaceAuthorizationHelper);
@Test public void testBuildNamespaceAuthorizationsAssertAuthLookupByUserId() { ApplicationUser applicationUser = new ApplicationUser(getClass()); String userId = "userId"; applicationUser.setUserId(userId); when(configurationHelper.getBooleanProperty(any())).thenReturn(true); List<UserNamespaceAuthorizationEntity> userNamespaceAuthorizationEntities = new ArrayList<>(); UserNamespaceAuthorizationEntity userNamespaceAuthorizationEntity = new UserNamespaceAuthorizationEntity(); userNamespaceAuthorizationEntity.setUserId("userNamespaceAuthorizationEntityUserId"); NamespaceEntity namespaceEntity = new NamespaceEntity(); namespaceEntity.setCode("namespace"); userNamespaceAuthorizationEntity.setNamespace(namespaceEntity); userNamespaceAuthorizationEntities.add(userNamespaceAuthorizationEntity); when(userNamespaceAuthorizationDao.getUserNamespaceAuthorizationsByUserId(any())).thenReturn(userNamespaceAuthorizationEntities); userNamespaceAuthorizationHelper.buildNamespaceAuthorizations(applicationUser); assertEquals(1, applicationUser.getNamespaceAuthorizations().size()); NamespaceAuthorization namespaceAuthorization = IterableUtils.get(applicationUser.getNamespaceAuthorizations(), 0); assertEquals(namespaceEntity.getCode(), namespaceAuthorization.getNamespace()); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserId(eq(userId)); verify(userNamespaceAuthorizationDao).getUserNamespaceAuthorizationsByUserIdStartsWith(eq(WildcardHelper.WILDCARD_TOKEN)); verifyNoMoreInteractions(userNamespaceAuthorizationDao, wildcardHelper); }