Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 ecdaa6c1b -> a94e793db
RANGER-526 : Provide REST API to change user role Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/bd8caf44 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/bd8caf44 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/bd8caf44 Branch: refs/heads/ranger-0.5 Commit: bd8caf441a296d6788335c370098157a708baeeb Parents: ecdaa6c Author: Gautam Borad <[email protected]> Authored: Tue Oct 13 12:40:19 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Tue Oct 13 20:33:50 2015 -0400 ---------------------------------------------------------------------- .../db/mysql/patches/009-updated_schema.sql | 2 +- .../db/oracle/patches/009-updated_schema.sql | 2 +- .../db/postgres/xa_core_db_postgres.sql | 2 +- .../db/sqlanywhere/xa_core_db_sqlanywhere.sql | 2 +- .../db/sqlserver/xa_core_db_sqlserver.sql | 2 +- .../java/org/apache/ranger/biz/UserMgr.java | 9 +- .../java/org/apache/ranger/biz/XUserMgr.java | 165 ++++++ .../apache/ranger/db/XXGroupPermissionDao.java | 2 +- .../java/org/apache/ranger/rest/XUserREST.java | 41 ++ .../ranger/security/context/RangerAPIList.java | 4 + .../security/context/RangerAPIMapping.java | 4 + .../CustomLogoutSuccessHandler.java | 1 + .../RangerAuthFailureHandler.java | 1 + .../RangerAuthSuccessHandler.java | 2 +- .../RangerAuthenticationEntryPoint.java | 1 + .../security/web/filter/MyRememberMeFilter.java | 7 +- .../RangerSecurityContextFormationFilter.java | 5 +- security-admin/src/main/webapp/login.jsp | 4 +- .../java/org/apache/ranger/biz/TestUserMgr.java | 187 ++++++- .../org/apache/ranger/biz/TestXUserMgr.java | 511 ++++++++++++++++++- 20 files changed, 922 insertions(+), 32 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/db/mysql/patches/009-updated_schema.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/patches/009-updated_schema.sql b/security-admin/db/mysql/patches/009-updated_schema.sql index c5aa728..beaeda6 100644 --- a/security-admin/db/mysql/patches/009-updated_schema.sql +++ b/security-admin/db/mysql/patches/009-updated_schema.sql @@ -52,7 +52,7 @@ CREATE TABLE `x_service` ( `upd_by_id` bigint(20) DEFAULT NULL, `version` bigint(20) DEFAULT NULL, `type` bigint(20) DEFAULT NULL, -`name` varchar(512) DEFAULT NULL, +`name` varchar(255) DEFAULT NULL, `policy_version` bigint(20) DEFAULT NULL, `policy_update_time`datetime DEFAULT NULL, `description` varchar(1024) DEFAULT NULL, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/db/oracle/patches/009-updated_schema.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/oracle/patches/009-updated_schema.sql b/security-admin/db/oracle/patches/009-updated_schema.sql index ef5ff3c..293d6a5 100644 --- a/security-admin/db/oracle/patches/009-updated_schema.sql +++ b/security-admin/db/oracle/patches/009-updated_schema.sql @@ -63,7 +63,7 @@ added_by_id NUMBER(20) DEFAULT NULL NULL, upd_by_id NUMBER(20) DEFAULT NULL NULL, version NUMBER(20) DEFAULT NULL NULL, type NUMBER(20) DEFAULT NULL NULL, -name varchar(512) DEFAULT NULL NULL, +name varchar(255) DEFAULT NULL NULL, policy_version NUMBER(20) DEFAULT NULL NULL, policy_update_time DATE DEFAULT NULL NULL, description VARCHAR(1024) DEFAULT NULL NULL, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/db/postgres/xa_core_db_postgres.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/postgres/xa_core_db_postgres.sql b/security-admin/db/postgres/xa_core_db_postgres.sql index 5a76442..8245c23 100644 --- a/security-admin/db/postgres/xa_core_db_postgres.sql +++ b/security-admin/db/postgres/xa_core_db_postgres.sql @@ -492,7 +492,7 @@ added_by_id BIGINT DEFAULT NULL NULL, upd_by_id BIGINT DEFAULT NULL NULL, version BIGINT DEFAULT NULL NULL, type BIGINT DEFAULT NULL NULL, -name VARCHAR(512) DEFAULT NULL NULL, +name VARCHAR(255) DEFAULT NULL NULL, policy_version BIGINT DEFAULT NULL NULL, policy_update_time TIMESTAMP DEFAULT NULL NULL, description VARCHAR(1024) DEFAULT NULL NULL, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/db/sqlanywhere/xa_core_db_sqlanywhere.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlanywhere/xa_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/xa_core_db_sqlanywhere.sql index 0760cb8..b063bad 100644 --- a/security-admin/db/sqlanywhere/xa_core_db_sqlanywhere.sql +++ b/security-admin/db/sqlanywhere/xa_core_db_sqlanywhere.sql @@ -312,7 +312,7 @@ create table dbo.x_service ( upd_by_id bigint DEFAULT NULL NULL, version bigint DEFAULT NULL NULL, type bigint DEFAULT NULL NULL, - name varchar(512) DEFAULT NULL NULL, + name varchar(255) DEFAULT NULL NULL, policy_version bigint DEFAULT NULL NULL, policy_update_time datetime DEFAULT NULL NULL, description varchar(1024) DEFAULT NULL NULL, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/db/sqlserver/xa_core_db_sqlserver.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql index 25d374e..f2e9644 100644 --- a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql +++ b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql @@ -1778,7 +1778,7 @@ CREATE TABLE [dbo].[x_service] ( [upd_by_id] [bigint] DEFAULT NULL NULL, [version] [bigint] DEFAULT NULL NULL, [type] [bigint] DEFAULT NULL NULL, - [name] [varchar](512) DEFAULT NULL NULL, + [name] [varchar](255) DEFAULT NULL NULL, [policy_version] [bigint] DEFAULT NULL NULL, [policy_update_time] [datetime2] DEFAULT NULL NULL, [description] [varchar](1024) DEFAULT NULL NULL, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index ff0ea01..8fbad1f 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -304,7 +304,7 @@ public class UserMgr { return gjUser; } - private boolean updateRoles(Long userId, Collection<String> rolesList) { + public boolean updateRoles(Long userId, Collection<String> rolesList) { boolean rolesUpdated = false; if (rolesList == null || rolesList.size() == 0) { return false; @@ -352,12 +352,13 @@ public class UserMgr { * @param vStrings */ public void setUserRoles(Long userId, List<VXString> vStringRolesList) { - checkAccess(userId); List<String> stringRolesList = new ArrayList<String>(); for (VXString vXString : vStringRolesList) { stringRolesList.add(vXString.getValue()); } - updateRoles(userId, stringRolesList); + xUserMgr.checkAccessRoles(stringRolesList); + VXPortalUser oldUserProfile=getUserProfile(userId); + xUserMgr.updateUserRolesPermissions(oldUserProfile, stringRolesList); } /** @@ -634,7 +635,7 @@ public class UserMgr { .getXXUserPermission().findByUserPermissionIdAndIsAllowed( userProfile.getId()); List<XXGroupPermission> xxGroupPermissions = daoManager - .getXXGroupPermission().findbyVXPoratUserId( + .getXXGroupPermission().findbyVXPortalUserId( userProfile.getId()); List<VXGroupPermission> groupPermissions = new ArrayList<VXGroupPermission>(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 5f43bc0..b860877 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -80,6 +80,10 @@ import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletResponse; import org.apache.ranger.view.VXResponse; +import org.apache.ranger.entity.XXPortalUserRole; +import javax.servlet.http.HttpServletResponse; +import org.apache.ranger.view.VXString; +import org.apache.ranger.view.VXStringList; @Component public class XUserMgr extends XUserMgrBase { @@ -1131,4 +1135,165 @@ public class XUserMgr extends XUserMgrBase { vxAuditMapList.setTotalCount(auditMapList.size()); } + public void checkAccessRoles(List<String> stringRolesList) { + UserSessionBase session = ContextUtil.getCurrentUserSession(); + if (session != null && stringRolesList!=null) { + if (!session.isUserAdmin() && !session.isKeyAdmin()) { + throw restErrorUtil.create403RESTException("Permission" + + " denied. LoggedInUser=" + + (session != null ? session.getXXPortalUser().getId() + : "Not Logged In") + + " ,isn't permitted to perform the action."); + }else{ + if (session.isUserAdmin() && stringRolesList.contains(RangerConstants.ROLE_KEY_ADMIN)) { + throw restErrorUtil.create403RESTException("Permission" + + " denied. LoggedInUser=" + + (session != null ? session.getXXPortalUser().getId() + : "") + + " isn't permitted to perform the action."); + } + if (session.isKeyAdmin() && stringRolesList.contains(RangerConstants.ROLE_SYS_ADMIN)) { + throw restErrorUtil.create403RESTException("Permission" + + " denied. LoggedInUser=" + + (session != null ? session.getXXPortalUser().getId() + : "") + + " isn't permitted to perform the action."); + } + } + }else{ + VXResponse vXResponse = new VXResponse(); + vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED); + vXResponse.setMsgDesc("Bad Credentials"); + throw restErrorUtil.generateRESTException(vXResponse); + } + } + + public VXStringList setUserRolesByExternalID(Long userId, List<VXString> vStringRolesList) { + List<String> roleListNewProfile = new ArrayList<String>(); + if(vStringRolesList!=null){ + for (VXString vXString : vStringRolesList) { + roleListNewProfile.add(vXString.getValue()); + } + } + checkAccessRoles(roleListNewProfile); + VXUser vXUser=getXUser(userId); + List<XXPortalUserRole> portalUserRoleList =null; + if(vXUser!=null && roleListNewProfile.size()>0){ + VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser.getName()); + if(oldUserProfile!=null){ + updateUserRolesPermissions(oldUserProfile,roleListNewProfile); + portalUserRoleList = daoManager.getXXPortalUserRole().findByUserId(oldUserProfile.getId()); + return getStringListFromUserRoleList(portalUserRoleList); + }else{ + throw restErrorUtil.createRESTException("User ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA); + } + }else{ + throw restErrorUtil.createRESTException("User ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA); + } + } + + public VXStringList setUserRolesByName(String userName, List<VXString> vStringRolesList) { + List<String> roleListNewProfile = new ArrayList<String>(); + if(vStringRolesList!=null){ + for (VXString vXString : vStringRolesList) { + roleListNewProfile.add(vXString.getValue()); + } + } + checkAccessRoles(roleListNewProfile); + if(userName!=null && roleListNewProfile.size()>0){ + VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(userName); + if(oldUserProfile!=null){ + updateUserRolesPermissions(oldUserProfile,roleListNewProfile); + List<XXPortalUserRole> portalUserRoleList = daoManager.getXXPortalUserRole().findByUserId(oldUserProfile.getId()); + return getStringListFromUserRoleList(portalUserRoleList); + }else{ + throw restErrorUtil.createRESTException("Login ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA); + } + }else{ + throw restErrorUtil.createRESTException("Login ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA); + } + + } + + public VXStringList getUserRolesByExternalID(Long userId) { + VXUser vXUser=getXUser(userId); + if(vXUser==null){ + throw restErrorUtil.createRESTException("Please provide a valid ID", MessageEnums.INVALID_INPUT_DATA); + } + List<XXPortalUserRole> portalUserRoleList =null; + VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser.getName()); + if(oldUserProfile!=null){ + portalUserRoleList = daoManager.getXXPortalUserRole().findByUserId(oldUserProfile.getId()); + return getStringListFromUserRoleList(portalUserRoleList); + }else{ + throw restErrorUtil.createRESTException("User ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA); + } + } + + public VXStringList getUserRolesByName(String userName) { + VXPortalUser vXPortalUser=null; + if(userName!=null && !userName.trim().isEmpty()){ + vXPortalUser = userMgr.getUserProfileByLoginId(userName); + if(vXPortalUser!=null && vXPortalUser.getUserRoleList()!=null){ + List<XXPortalUserRole> portalUserRoleList = daoManager.getXXPortalUserRole().findByUserId(vXPortalUser.getId()); + return getStringListFromUserRoleList(portalUserRoleList); + }else{ + throw restErrorUtil.createRESTException("Please provide a valid userName", MessageEnums.INVALID_INPUT_DATA); + } + }else{ + throw restErrorUtil.createRESTException("Please provide a valid userName", MessageEnums.INVALID_INPUT_DATA); + } + } + + public void updateUserRolesPermissions(VXPortalUser oldUserProfile,List<String> roleListNewProfile){ + //update permissions start + Collection<String> roleListUpdatedProfile =new ArrayList<String>(); + if (oldUserProfile != null && oldUserProfile.getId() != null) { + Collection<String> roleListOldProfile = oldUserProfile.getUserRoleList(); + if(roleListNewProfile!=null && roleListOldProfile!=null){ + for (String role : roleListNewProfile) { + if(role!=null && !roleListOldProfile.contains(role)){ + roleListUpdatedProfile.add(role); + } + } + } + } + if(roleListUpdatedProfile!=null && roleListUpdatedProfile.size()>0){ + oldUserProfile.setUserRoleList(roleListUpdatedProfile); + List<XXUserPermission> xuserPermissionList = daoManager + .getXXUserPermission() + .findByUserPermissionId(oldUserProfile.getId()); + if (xuserPermissionList!=null && xuserPermissionList.size()>0){ + for (XXUserPermission xXUserPermission : xuserPermissionList) { + if (xXUserPermission != null) { + xUserPermissionService.deleteResource(xXUserPermission.getId()); + } + } + } + assignPermissionToUser(oldUserProfile,true); + if(roleListUpdatedProfile!=null && roleListUpdatedProfile.size()>0){ + userMgr.updateRoles(oldUserProfile.getId(), oldUserProfile.getUserRoleList()); + } + } + //update permissions end + } + + public VXStringList getStringListFromUserRoleList( + List<XXPortalUserRole> listXXPortalUserRole) { + if(listXXPortalUserRole==null){ + return null; + } + List<VXString> xStrList = new ArrayList<VXString>(); + VXString vXStr=null; + for (XXPortalUserRole userRole : listXXPortalUserRole) { + if(userRole!=null){ + vXStr = new VXString(); + vXStr.setValue(userRole.getUserRole()); + xStrList.add(vXStr); + } + } + VXStringList vXStringList = new VXStringList(xStrList); + return vXStringList; + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java index db69cea..18ca9e3 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java @@ -80,7 +80,7 @@ public class XXGroupPermissionDao extends BaseDao<XXGroupPermission> { } return null; } - public List<XXGroupPermission> findbyVXPoratUserId(Long userId) { + public List<XXGroupPermission> findbyVXPortalUserId(Long userId) { if (userId != null) { try { return getEntityManager() http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java index b7884eb..448a60a 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java @@ -75,6 +75,9 @@ import org.apache.ranger.view.VXModuleDef; import org.apache.ranger.view.VXModuleDefList; import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXPermMapList; +import org.apache.ranger.view.VXPortalUser; +import org.apache.ranger.view.VXResponse; +import org.apache.ranger.view.VXStringList; import org.apache.ranger.view.VXUser; import org.apache.ranger.view.VXUserGroupInfo; import org.apache.ranger.view.VXUserList; @@ -957,4 +960,42 @@ public class XUserREST { public void modifyUserActiveStatus(HashMap<Long, Integer> statusMap){ xUserMgr.modifyUserActiveStatus(statusMap); } + + @PUT + @Path("/secure/users/roles/{userId}") + @Produces({ "application/xml", "application/json" }) + @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SET_USER_ROLES_BY_ID + "\")") + public VXStringList setUserRolesByExternalID(@PathParam("userId") Long userId, + VXStringList roleList) { + return xUserMgr.setUserRolesByExternalID(userId, roleList.getVXStrings()); + } + + @PUT + @Path("/secure/users/roles/userName/{userName}") + @Produces({ "application/xml", "application/json" }) + @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SET_USER_ROLES_BY_NAME + "\")") + public VXStringList setUserRolesByName(@PathParam("userName") String userName, + VXStringList roleList) { + return xUserMgr.setUserRolesByName(userName, roleList.getVXStrings()); + } + + @GET + @Path("/secure/users/external/{userId}") + @Produces({ "application/xml", "application/json" }) + @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_USER_ROLES_BY_ID + "\")") + public VXStringList getUserRolesByExternalID(@PathParam("userId") Long userId) { + VXStringList vXStringList=new VXStringList(); + vXStringList=xUserMgr.getUserRolesByExternalID(userId); + return vXStringList; + } + + @GET + @Path("/secure/users/roles/userName/{userName}") + @Produces({ "application/xml", "application/json" }) + @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_USER_ROLES_BY_NAME + "\")") + public VXStringList getUserRolesByName(@PathParam("userName") String userName) { + VXStringList vXStringList=new VXStringList(); + vXStringList=xUserMgr.getUserRolesByName(userName); + return vXStringList; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java index f10453c..ab16535 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java +++ b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java @@ -198,4 +198,8 @@ public class RangerAPIList { public static final String SEARCH_X_GROUP_PERMISSION = "XUserREST.searchXGroupPermission"; public static final String COUNT_X_GROUP_PERMISSION = "XUserREST.countXGroupPermission"; public static final String MODIFY_USER_ACTIVE_STATUS = "XUserREST.modifyUserActiveStatus"; + public static final String SET_USER_ROLES_BY_ID="XUserREST.setUserRolesByID"; + public static final String SET_USER_ROLES_BY_NAME="XUserREST.setUserRolesByName"; + public static final String GET_USER_ROLES_BY_ID="XUserREST.getUserRolesByID"; + public static final String GET_USER_ROLES_BY_NAME="XUserREST.getUserRolesByName"; } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIMapping.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIMapping.java b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIMapping.java index adc8e2a..f8966f5 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIMapping.java +++ b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIMapping.java @@ -345,6 +345,10 @@ public class RangerAPIMapping { apiAssociatedWithUserAndGroups.add(RangerAPIList.UPDATE); apiAssociatedWithUserAndGroups.add(RangerAPIList.SET_USER_ROLES); apiAssociatedWithUserAndGroups.add(RangerAPIList.DEACTIVATE_USER); + apiAssociatedWithUserAndGroups.add(RangerAPIList.SET_USER_ROLES_BY_ID); + apiAssociatedWithUserAndGroups.add(RangerAPIList.SET_USER_ROLES_BY_NAME); + apiAssociatedWithUserAndGroups.add(RangerAPIList.GET_USER_ROLES_BY_ID); + apiAssociatedWithUserAndGroups.add(RangerAPIList.GET_USER_ROLES_BY_NAME); rangerAPIMappingWithUI.put(TAB_USERS_GROUPS, apiAssociatedWithUserAndGroups); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/security/web/authentication/CustomLogoutSuccessHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/CustomLogoutSuccessHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/CustomLogoutSuccessHandler.java index 80f5180..6a91834 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/CustomLogoutSuccessHandler.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/CustomLogoutSuccessHandler.java @@ -45,6 +45,7 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler response.setContentType("application/json;charset=UTF-8"); response.setHeader("Cache-Control", "no-cache"); + response.setHeader("X-Frame-Options", "DENY"); String jsonStr = ""; try { VXResponse vXResponse = new VXResponse(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java index 94ce93a..cb4c16a 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthFailureHandler.java @@ -76,6 +76,7 @@ ExceptionMappingAuthenticationFailureHandler { response.setContentType("application/json;charset=UTF-8"); response.setHeader("Cache-Control", "no-cache"); + response.setHeader("X-Frame-Options", "DENY"); String jsonResp = ""; try { String msg = exception.getMessage(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java index 62ba781..bf16a57 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java @@ -86,7 +86,7 @@ SavedRequestAwareAuthenticationSuccessHandler { response.setContentType("application/json;charset=UTF-8"); response.setHeader("Cache-Control", "no-cache"); - + response.setHeader("X-Frame-Options", "DENY"); VXResponse vXResponse = new VXResponse(); if(!isValidUser) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java index a3f3ed5..52228dd 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java @@ -78,6 +78,7 @@ public class RangerAuthenticationEntryPoint extends HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { String ajaxRequestHeader = request.getHeader("X-Requested-With"); + response.setHeader("X-Frame-Options", "DENY"); if (logger.isDebugEnabled()) { logger.debug("commence() X-Requested-With=" + ajaxRequestHeader); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/security/web/filter/MyRememberMeFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/MyRememberMeFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/MyRememberMeFilter.java index d18006e..9867bb0 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/MyRememberMeFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/MyRememberMeFilter.java @@ -71,8 +71,9 @@ public class MyRememberMeFilter extends RememberMeAuthenticationFilter { @Override public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { - // TODO Auto-generated method stub - super.doFilter(arg0, arg1, arg2); + HttpServletResponse res = (HttpServletResponse)arg1; + res.setHeader("X-Frame-Options", "DENY" ); + super.doFilter(arg0, res, arg2); } /* @@ -99,6 +100,7 @@ public class MyRememberMeFilter extends RememberMeAuthenticationFilter { @Override protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) { + response.setHeader("X-Frame-Options", "DENY" ); super.onSuccessfulAuthentication(request, response, authResult); // if (logger.isDebugEnabled()) { logger.info("onSuccessfulAuthentication() authResult=" + authResult); @@ -119,6 +121,7 @@ public class MyRememberMeFilter extends RememberMeAuthenticationFilter { HttpServletResponse response, AuthenticationException failed) { logger.error("Authentication failure. failed=" + failed, new Throwable()); + response.setHeader("X-Frame-Options", "DENY" ); super.onUnsuccessfulAuthentication(request, response, failed); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index 52ea841..d92fcbb 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -29,6 +29,7 @@ import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; @@ -135,7 +136,9 @@ public class RangerSecurityContextFormationFilter extends GenericFilterBean { // xUserMgr.checkPermissionRoleByGivenUrls(httpRequest.getRequestURL().toString(),httpMethod); } - chain.doFilter(request, response); + HttpServletResponse res = (HttpServletResponse)response; + res.setHeader("X-Frame-Options", "DENY" ); + chain.doFilter(request, res); } finally { // [4]remove context from thread-local http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/main/webapp/login.jsp ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/login.jsp b/security-admin/src/main/webapp/login.jsp index 1faae6a..0db6882 100644 --- a/security-admin/src/main/webapp/login.jsp +++ b/security-admin/src/main/webapp/login.jsp @@ -55,7 +55,9 @@ </head> <body class="login" style=""> - + <% + response.setHeader("X-Frame-Options", "DENY"); + %> <!-- Page content ================================================== --> <section id="signin-container" style="margin-top: 4.5px;"> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java index 479dfde..e617de6 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java @@ -105,7 +105,10 @@ public class TestUserMgr { @Mock SessionMgr sessionMgr; - + + @Mock + XUserMgr xUserMgr; + @Rule public ExpectedException thrown = ExpectedException.none(); @@ -131,10 +134,9 @@ public class TestUserMgr { return userProfile; } - @Ignore("Junit breakage: RANGER-425") // TODO @Test public void test11CreateUser() { - setup(); + setup(); XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); XXPortalUserRoleDao roleDao = Mockito.mock(XXPortalUserRoleDao.class); @@ -188,10 +190,9 @@ public class TestUserMgr { Mockito.verify(daoManager).getXXPortalUserRole(); } - @Ignore("Junit breakage: RANGER-425") // TODO @Test public void test12CreateUser() { - setup(); + setup(); XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); XXPortalUserRoleDao roleDao = Mockito.mock(XXPortalUserRoleDao.class); @@ -426,7 +427,7 @@ public class TestUserMgr { Mockito.when(daoManager.getXXGroupPermission()).thenReturn( xGroupPermissionDao); Mockito.when( - xGroupPermissionDao.findbyVXPoratUserId(userProfile.getId())) + xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())) .thenReturn(xGroupPermissionList); VXPortalUser dbVXPortalUser = userMgr.createUser(userProfile); @@ -710,7 +711,7 @@ public class TestUserMgr { Mockito.when(daoManager.getXXGroupPermission()).thenReturn( xGroupPermissionDao); Mockito.when( - xGroupPermissionDao.findbyVXPoratUserId(userProfile.getId())) + xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())) .thenReturn(xGroupPermissionList); Mockito.when( @@ -744,6 +745,7 @@ public class TestUserMgr { @Test public void test30checkAccess() { + setup(); XXPortalUserDao xPortalUserDao = Mockito.mock(XXPortalUserDao.class); XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class); Mockito.when(daoManager.getXXPortalUser()).thenReturn(xPortalUserDao); @@ -755,6 +757,7 @@ public class TestUserMgr { @Test public void test31getUserProfile() { + setup(); XXPortalUserDao xPortalUserDao = Mockito.mock(XXPortalUserDao.class); XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class); XXUserPermissionDao xUserPermissionDao = Mockito @@ -812,7 +815,7 @@ public class TestUserMgr { Mockito.when(daoManager.getXXGroupPermission()).thenReturn( xGroupPermissionDao); Mockito.when( - xGroupPermissionDao.findbyVXPoratUserId(userProfile.getId())) + xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())) .thenReturn(xGroupPermissionList); VXPortalUser dbVXPortalUser = userMgr.getUserProfile(userId); Assert.assertNotNull(dbVXPortalUser); @@ -825,6 +828,7 @@ public class TestUserMgr { @Test public void test32getUserProfileByLoginId() { + setup(); XXPortalUserDao xPortalUserDao = Mockito.mock(XXPortalUserDao.class); XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class); Mockito.when(daoManager.getXXPortalUser()).thenReturn(xPortalUserDao); @@ -836,24 +840,175 @@ public class TestUserMgr { Mockito.verify(daoManager).getXXPortalUser(); } - @Ignore("Junit breakage: RANGER-526") // TODO + @Test public void test33setUserRoles() { - XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); + setup(); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito + .mock(XXPortalUserRoleDao.class); + XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); + XXUserPermissionDao xUserPermissionDao = Mockito + .mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito + .mock(XXGroupPermissionDao.class); + XXModuleDefDao xModuleDefDao = Mockito.mock(XXModuleDefDao.class); + + VXPortalUser userProfile = userProfile(); + XXPortalUser user = new XXPortalUser(); + user.setEmailAddress(userProfile.getEmailAddress()); + user.setFirstName(userProfile.getFirstName()); + user.setLastName(userProfile.getLastName()); + user.setLoginId(userProfile.getLoginId()); + user.setPassword(userProfile.getPassword()); + user.setUserSource(userProfile.getUserSource()); + user.setPublicScreenName(userProfile.getPublicScreenName()); + user.setId(userProfile.getId()); + List<VXString> vStringRolesList = new ArrayList<VXString>(); VXString vXStringObj = new VXString(); - vXStringObj.setValue("1L"); + vXStringObj.setValue("ROLE_USER"); vStringRolesList.add(vXStringObj); - + List<XXPortalUserRole> xPortalUserRoleList = new ArrayList<XXPortalUserRole>(); XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); XXPortalUserRole.setUserRole("ROLE_USER"); xPortalUserRoleList.add(XXPortalUserRole); - - Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); - Mockito.when(xPortalUserRoleDao.findByUserId(userId)) - .thenReturn(xPortalUserRoleList); + + List<XXUserPermission> xUserPermissionsList = new ArrayList<XXUserPermission>(); + XXUserPermission xUserPermissionObj = new XXUserPermission(); + xUserPermissionObj.setAddedByUserId(userId); + xUserPermissionObj.setCreateTime(new Date()); + xUserPermissionObj.setId(userId); + xUserPermissionObj.setIsAllowed(1); + xUserPermissionObj.setModuleId(1L); + xUserPermissionObj.setUpdatedByUserId(userId); + xUserPermissionObj.setUpdateTime(new Date()); + xUserPermissionObj.setUserId(userId); + xUserPermissionsList.add(xUserPermissionObj); + + List<XXGroupPermission> xGroupPermissionList = new ArrayList<XXGroupPermission>(); + XXGroupPermission xGroupPermissionObj = new XXGroupPermission(); + xGroupPermissionObj.setAddedByUserId(userId); + xGroupPermissionObj.setCreateTime(new Date()); + xGroupPermissionObj.setId(userId); + xGroupPermissionObj.setIsAllowed(1); + xGroupPermissionObj.setModuleId(1L); + xGroupPermissionObj.setUpdatedByUserId(userId); + xGroupPermissionObj.setUpdateTime(new Date()); + xGroupPermissionObj.setGroupId(userId); + xGroupPermissionList.add(xGroupPermissionObj); + + List<VXGroupPermission> groupPermList = new ArrayList<VXGroupPermission>(); + VXGroupPermission groupPermission = new VXGroupPermission(); + groupPermission.setId(1L); + groupPermission.setIsAllowed(1); + groupPermission.setModuleId(1L); + groupPermission.setGroupId(userId); + groupPermission.setGroupName("xyz"); + groupPermission.setOwner("admin"); + groupPermList.add(groupPermission); + + XXModuleDef xModuleDef = new XXModuleDef(); + xModuleDef.setUpdatedByUserId(userId); + xModuleDef.setAddedByUserId(userId); + xModuleDef.setCreateTime(new Date()); + xModuleDef.setId(userId); + xModuleDef.setModule("Policy manager"); + xModuleDef.setUpdateTime(new Date()); + xModuleDef.setUrl("/policy manager"); + + VXUserPermission userPermission = new VXUserPermission(); + userPermission.setId(1L); + userPermission.setIsAllowed(1); + userPermission.setModuleId(1L); + userPermission.setUserId(userId); + userPermission.setUserName("xyz"); + userPermission.setOwner("admin"); + + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn( + xPortalUserRoleDao); + Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn( + xPortalUserRoleList); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.getById(userId)).thenReturn(user); + Mockito.when(daoManager.getXXUserPermission()).thenReturn( + xUserPermissionDao); + Mockito.when( + xUserPermissionDao + .findByUserPermissionIdAndIsAllowed(userProfile.getId())) + .thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn( + xGroupPermissionDao); + Mockito.when( + xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())) + .thenReturn(xGroupPermissionList); + Mockito.when( + xGroupPermissionService.populateViewBean(xGroupPermissionObj)) + .thenReturn(groupPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + Mockito.when( + xUserPermissionService.populateViewBean(xUserPermissionObj)) + .thenReturn(userPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + + userMgr.checkAccess(userId); userMgr.setUserRoles(userId, vStringRolesList); + + Mockito.verify(daoManager).getXXUserPermission(); + Mockito.verify(daoManager).getXXGroupPermission(); + Mockito.verify(xGroupPermissionService).populateViewBean( + xGroupPermissionObj); + Mockito.verify(xUserPermissionService).populateViewBean( + xUserPermissionObj); } + + @Test + public void test19updateRoles() { + //setup(); + Collection<String> rolesList = new ArrayList<String>(); + rolesList.add("ROLE_USER"); + rolesList.add("ROLE_ADMIN"); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + List<XXPortalUserRole> list = new ArrayList<XXPortalUserRole>(); + list.add(XXPortalUserRole); + XXPortalUserRoleDao userDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(userDao); + Mockito.when(userDao.findByUserId(userId)).thenReturn(list); + boolean isFound = userMgr.updateRoles(userId, rolesList); + Assert.assertFalse(isFound); + } + + @Test + public void test20UpdateUserWithPass() { + XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); + VXPortalUser userProfile = userProfile(); + String userName = userProfile.getFirstName(); + String userPassword = userProfile.getPassword(); + XXPortalUser user = new XXPortalUser(); + user.setEmailAddress(userProfile.getEmailAddress()); + user.setFirstName(userProfile.getFirstName()); + user.setLastName(userProfile.getLastName()); + user.setLoginId(userProfile.getLoginId()); + user.setPassword(userProfile.getPassword()); + user.setUserSource(userProfile.getUserSource()); + user.setPublicScreenName(userProfile.getPublicScreenName()); + user.setId(userProfile.getId()); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn( + user); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.update(user)).thenReturn(user); + XXPortalUser dbXXPortalUser = userMgr.updatePasswordInSHA256(userName, + userPassword); + Assert.assertNotNull(dbXXPortalUser); + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bd8caf44/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java index cda423e..e992190 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java @@ -61,10 +61,12 @@ import org.apache.ranger.view.VXGroupUser; import org.apache.ranger.view.VXGroupUserList; import org.apache.ranger.view.VXModuleDef; import org.apache.ranger.view.VXPortalUser; +import org.apache.ranger.view.VXStringList; import org.apache.ranger.view.VXUser; import org.apache.ranger.view.VXUserGroupInfo; import org.apache.ranger.view.VXUserList; import org.apache.ranger.view.VXUserPermission; +import org.apache.ranger.view.VXString; import org.junit.Assert; import org.junit.FixMethodOrder; import org.junit.Rule; @@ -211,7 +213,19 @@ public class TestXUserMgr { return groupPermission; } - @Ignore("temp disable") + private VXPortalUser userProfile() { + VXPortalUser userProfile = new VXPortalUser(); + userProfile.setEmailAddress("[email protected]"); + userProfile.setFirstName("user12"); + userProfile.setLastName("test12"); + userProfile.setLoginId("134"); + userProfile.setPassword("usertest12323"); + userProfile.setUserSource(123); + userProfile.setPublicScreenName("user"); + userProfile.setId(userId); + return userProfile; + } + @Test public void test11CreateXUser() { setup(); @@ -1147,4 +1161,499 @@ public class TestXUserMgr { Assert.assertNotNull(list); Mockito.verify(xUserService).getXUserByUserName(userName); } + + @Test + public void test45setUserRolesByExternalID() { + setup(); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito + .mock(XXPortalUserRoleDao.class); + XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); + XXUserPermissionDao xUserPermissionDao = Mockito + .mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito + .mock(XXGroupPermissionDao.class); + XXModuleDefDao xModuleDefDao = Mockito.mock(XXModuleDefDao.class); + + VXUser vXUser = vxUser(); + VXPortalUser userProfile = userProfile(); + XXPortalUser user = new XXPortalUser(); + user.setEmailAddress(userProfile.getEmailAddress()); + user.setFirstName(userProfile.getFirstName()); + user.setLastName(userProfile.getLastName()); + user.setLoginId(userProfile.getLoginId()); + user.setPassword(userProfile.getPassword()); + user.setUserSource(userProfile.getUserSource()); + user.setPublicScreenName(userProfile.getPublicScreenName()); + user.setId(userProfile.getId()); + + List<VXString> vStringRolesList = new ArrayList<VXString>(); + VXString vXStringObj = new VXString(); + vXStringObj.setValue("ROLE_USER"); + vStringRolesList.add(vXStringObj); + + List<XXPortalUserRole> xPortalUserRoleList = new ArrayList<XXPortalUserRole>(); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + + List<XXUserPermission> xUserPermissionsList = new ArrayList<XXUserPermission>(); + XXUserPermission xUserPermissionObj = new XXUserPermission(); + xUserPermissionObj.setAddedByUserId(userId); + xUserPermissionObj.setCreateTime(new Date()); + xUserPermissionObj.setId(userId); + xUserPermissionObj.setIsAllowed(1); + xUserPermissionObj.setModuleId(1L); + xUserPermissionObj.setUpdatedByUserId(userId); + xUserPermissionObj.setUpdateTime(new Date()); + xUserPermissionObj.setUserId(userId); + xUserPermissionsList.add(xUserPermissionObj); + + List<XXGroupPermission> xGroupPermissionList = new ArrayList<XXGroupPermission>(); + XXGroupPermission xGroupPermissionObj = new XXGroupPermission(); + xGroupPermissionObj.setAddedByUserId(userId); + xGroupPermissionObj.setCreateTime(new Date()); + xGroupPermissionObj.setId(userId); + xGroupPermissionObj.setIsAllowed(1); + xGroupPermissionObj.setModuleId(1L); + xGroupPermissionObj.setUpdatedByUserId(userId); + xGroupPermissionObj.setUpdateTime(new Date()); + xGroupPermissionObj.setGroupId(userId); + xGroupPermissionList.add(xGroupPermissionObj); + + List<VXGroupPermission> groupPermList = new ArrayList<VXGroupPermission>(); + VXGroupPermission groupPermission = new VXGroupPermission(); + groupPermission.setId(1L); + groupPermission.setIsAllowed(1); + groupPermission.setModuleId(1L); + groupPermission.setGroupId(userId); + groupPermission.setGroupName("xyz"); + groupPermission.setOwner("admin"); + groupPermList.add(groupPermission); + + XXModuleDef xModuleDef = new XXModuleDef(); + xModuleDef.setUpdatedByUserId(userId); + xModuleDef.setAddedByUserId(userId); + xModuleDef.setCreateTime(new Date()); + xModuleDef.setId(userId); + xModuleDef.setModule("Policy manager"); + xModuleDef.setUpdateTime(new Date()); + xModuleDef.setUrl("/policy manager"); + + VXUserPermission userPermission = new VXUserPermission(); + userPermission.setId(1L); + userPermission.setIsAllowed(1); + userPermission.setModuleId(1L); + userPermission.setUserId(userId); + userPermission.setUserName("xyz"); + userPermission.setOwner("admin"); + + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn( + xPortalUserRoleDao); + Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn( + xPortalUserRoleList); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.getById(userId)).thenReturn(user); + Mockito.when(daoManager.getXXUserPermission()).thenReturn( + xUserPermissionDao); + Mockito.when( + xUserPermissionDao + .findByUserPermissionIdAndIsAllowed(userProfile.getId())) + .thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn( + xGroupPermissionDao); + Mockito.when( + xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())) + .thenReturn(xGroupPermissionList); + Mockito.when( + xGroupPermissionService.populateViewBean(xGroupPermissionObj)) + .thenReturn(groupPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + Mockito.when( + xUserPermissionService.populateViewBean(xUserPermissionObj)) + .thenReturn(userPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser); + Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())) + .thenReturn(userProfile); + VXStringList vXStringList = xUserMgr.setUserRolesByExternalID(userId, + vStringRolesList); + Assert.assertNotNull(vXStringList); + } + + @Test + public void test46setUserRolesByName() { + setup(); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito + .mock(XXPortalUserRoleDao.class); + XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); + XXUserPermissionDao xUserPermissionDao = Mockito + .mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito + .mock(XXGroupPermissionDao.class); + XXModuleDefDao xModuleDefDao = Mockito.mock(XXModuleDefDao.class); + + VXPortalUser userProfile = userProfile(); + XXPortalUser user = new XXPortalUser(); + user.setEmailAddress(userProfile.getEmailAddress()); + user.setFirstName(userProfile.getFirstName()); + user.setLastName(userProfile.getLastName()); + user.setLoginId(userProfile.getLoginId()); + user.setPassword(userProfile.getPassword()); + user.setUserSource(userProfile.getUserSource()); + user.setPublicScreenName(userProfile.getPublicScreenName()); + user.setId(userProfile.getId()); + + List<VXString> vStringRolesList = new ArrayList<VXString>(); + VXString vXStringObj = new VXString(); + vXStringObj.setValue("ROLE_USER"); + vStringRolesList.add(vXStringObj); + + List<XXPortalUserRole> xPortalUserRoleList = new ArrayList<XXPortalUserRole>(); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + + List<XXUserPermission> xUserPermissionsList = new ArrayList<XXUserPermission>(); + XXUserPermission xUserPermissionObj = new XXUserPermission(); + xUserPermissionObj.setAddedByUserId(userId); + xUserPermissionObj.setCreateTime(new Date()); + xUserPermissionObj.setId(userId); + xUserPermissionObj.setIsAllowed(1); + xUserPermissionObj.setModuleId(1L); + xUserPermissionObj.setUpdatedByUserId(userId); + xUserPermissionObj.setUpdateTime(new Date()); + xUserPermissionObj.setUserId(userId); + xUserPermissionsList.add(xUserPermissionObj); + + List<XXGroupPermission> xGroupPermissionList = new ArrayList<XXGroupPermission>(); + XXGroupPermission xGroupPermissionObj = new XXGroupPermission(); + xGroupPermissionObj.setAddedByUserId(userId); + xGroupPermissionObj.setCreateTime(new Date()); + xGroupPermissionObj.setId(userId); + xGroupPermissionObj.setIsAllowed(1); + xGroupPermissionObj.setModuleId(1L); + xGroupPermissionObj.setUpdatedByUserId(userId); + xGroupPermissionObj.setUpdateTime(new Date()); + xGroupPermissionObj.setGroupId(userId); + xGroupPermissionList.add(xGroupPermissionObj); + + List<VXGroupPermission> groupPermList = new ArrayList<VXGroupPermission>(); + VXGroupPermission groupPermission = new VXGroupPermission(); + groupPermission.setId(1L); + groupPermission.setIsAllowed(1); + groupPermission.setModuleId(1L); + groupPermission.setGroupId(userId); + groupPermission.setGroupName("xyz"); + groupPermission.setOwner("admin"); + groupPermList.add(groupPermission); + + XXModuleDef xModuleDef = new XXModuleDef(); + xModuleDef.setUpdatedByUserId(userId); + xModuleDef.setAddedByUserId(userId); + xModuleDef.setCreateTime(new Date()); + xModuleDef.setId(userId); + xModuleDef.setModule("Policy manager"); + xModuleDef.setUpdateTime(new Date()); + xModuleDef.setUrl("/policy manager"); + + VXUserPermission userPermission = new VXUserPermission(); + userPermission.setId(1L); + userPermission.setIsAllowed(1); + userPermission.setModuleId(1L); + userPermission.setUserId(userId); + userPermission.setUserName("xyz"); + userPermission.setOwner("admin"); + + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn( + xPortalUserRoleDao); + Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn( + xPortalUserRoleList); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.getById(userId)).thenReturn(user); + Mockito.when(daoManager.getXXUserPermission()).thenReturn( + xUserPermissionDao); + Mockito.when( + xUserPermissionDao + .findByUserPermissionIdAndIsAllowed(userProfile.getId())) + .thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn( + xGroupPermissionDao); + Mockito.when( + xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())) + .thenReturn(xGroupPermissionList); + Mockito.when( + xGroupPermissionService.populateViewBean(xGroupPermissionObj)) + .thenReturn(groupPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + Mockito.when( + xUserPermissionService.populateViewBean(xUserPermissionObj)) + .thenReturn(userPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())) + .thenReturn(userProfile); + VXStringList vXStringList = xUserMgr.setUserRolesByName( + userProfile.getLoginId(), vStringRolesList); + Assert.assertNotNull(vXStringList); + } + + @Test + public void test47getUserRolesByExternalID() { + setup(); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito + .mock(XXPortalUserRoleDao.class); + XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); + XXUserPermissionDao xUserPermissionDao = Mockito + .mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito + .mock(XXGroupPermissionDao.class); + XXModuleDefDao xModuleDefDao = Mockito.mock(XXModuleDefDao.class); + + VXUser vXUser = vxUser(); + VXPortalUser userProfile = userProfile(); + XXPortalUser user = new XXPortalUser(); + user.setEmailAddress(userProfile.getEmailAddress()); + user.setFirstName(userProfile.getFirstName()); + user.setLastName(userProfile.getLastName()); + user.setLoginId(userProfile.getLoginId()); + user.setPassword(userProfile.getPassword()); + user.setUserSource(userProfile.getUserSource()); + user.setPublicScreenName(userProfile.getPublicScreenName()); + user.setId(userProfile.getId()); + + List<VXString> vStringRolesList = new ArrayList<VXString>(); + VXString vXStringObj = new VXString(); + vXStringObj.setValue("ROLE_USER"); + vStringRolesList.add(vXStringObj); + + List<XXPortalUserRole> xPortalUserRoleList = new ArrayList<XXPortalUserRole>(); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + + List<XXUserPermission> xUserPermissionsList = new ArrayList<XXUserPermission>(); + XXUserPermission xUserPermissionObj = new XXUserPermission(); + xUserPermissionObj.setAddedByUserId(userId); + xUserPermissionObj.setCreateTime(new Date()); + xUserPermissionObj.setId(userId); + xUserPermissionObj.setIsAllowed(1); + xUserPermissionObj.setModuleId(1L); + xUserPermissionObj.setUpdatedByUserId(userId); + xUserPermissionObj.setUpdateTime(new Date()); + xUserPermissionObj.setUserId(userId); + xUserPermissionsList.add(xUserPermissionObj); + + List<XXGroupPermission> xGroupPermissionList = new ArrayList<XXGroupPermission>(); + XXGroupPermission xGroupPermissionObj = new XXGroupPermission(); + xGroupPermissionObj.setAddedByUserId(userId); + xGroupPermissionObj.setCreateTime(new Date()); + xGroupPermissionObj.setId(userId); + xGroupPermissionObj.setIsAllowed(1); + xGroupPermissionObj.setModuleId(1L); + xGroupPermissionObj.setUpdatedByUserId(userId); + xGroupPermissionObj.setUpdateTime(new Date()); + xGroupPermissionObj.setGroupId(userId); + xGroupPermissionList.add(xGroupPermissionObj); + + List<VXGroupPermission> groupPermList = new ArrayList<VXGroupPermission>(); + VXGroupPermission groupPermission = new VXGroupPermission(); + groupPermission.setId(1L); + groupPermission.setIsAllowed(1); + groupPermission.setModuleId(1L); + groupPermission.setGroupId(userId); + groupPermission.setGroupName("xyz"); + groupPermission.setOwner("admin"); + groupPermList.add(groupPermission); + + XXModuleDef xModuleDef = new XXModuleDef(); + xModuleDef.setUpdatedByUserId(userId); + xModuleDef.setAddedByUserId(userId); + xModuleDef.setCreateTime(new Date()); + xModuleDef.setId(userId); + xModuleDef.setModule("Policy manager"); + xModuleDef.setUpdateTime(new Date()); + xModuleDef.setUrl("/policy manager"); + + VXUserPermission userPermission = new VXUserPermission(); + userPermission.setId(1L); + userPermission.setIsAllowed(1); + userPermission.setModuleId(1L); + userPermission.setUserId(userId); + userPermission.setUserName("xyz"); + userPermission.setOwner("admin"); + + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn( + xPortalUserRoleDao); + Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn( + xPortalUserRoleList); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.getById(userId)).thenReturn(user); + Mockito.when(daoManager.getXXUserPermission()).thenReturn( + xUserPermissionDao); + Mockito.when( + xUserPermissionDao + .findByUserPermissionIdAndIsAllowed(userProfile.getId())) + .thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn( + xGroupPermissionDao); + Mockito.when( + xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())) + .thenReturn(xGroupPermissionList); + Mockito.when( + xGroupPermissionService.populateViewBean(xGroupPermissionObj)) + .thenReturn(groupPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + Mockito.when( + xUserPermissionService.populateViewBean(xUserPermissionObj)) + .thenReturn(userPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser); + Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())) + .thenReturn(userProfile); + VXStringList vXStringList = xUserMgr.getUserRolesByExternalID(userId); + Assert.assertNotNull(vXStringList); + } + + @Test + public void test48getUserRolesByName() { + setup(); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito + .mock(XXPortalUserRoleDao.class); + XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); + XXUserPermissionDao xUserPermissionDao = Mockito + .mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito + .mock(XXGroupPermissionDao.class); + XXModuleDefDao xModuleDefDao = Mockito.mock(XXModuleDefDao.class); + + VXPortalUser userProfile = userProfile(); + Collection<String> userRoleList = new ArrayList<String>(); + userRoleList.add("ROLE_USER"); + userProfile.setUserRoleList(userRoleList); + + XXPortalUser user = new XXPortalUser(); + user.setEmailAddress(userProfile.getEmailAddress()); + user.setFirstName(userProfile.getFirstName()); + user.setLastName(userProfile.getLastName()); + user.setLoginId(userProfile.getLoginId()); + user.setPassword(userProfile.getPassword()); + user.setUserSource(userProfile.getUserSource()); + user.setPublicScreenName(userProfile.getPublicScreenName()); + user.setId(userProfile.getId()); + + List<VXString> vStringRolesList = new ArrayList<VXString>(); + VXString vXStringObj = new VXString(); + vXStringObj.setValue("ROLE_USER"); + vStringRolesList.add(vXStringObj); + + List<XXPortalUserRole> xPortalUserRoleList = new ArrayList<XXPortalUserRole>(); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + + List<XXUserPermission> xUserPermissionsList = new ArrayList<XXUserPermission>(); + XXUserPermission xUserPermissionObj = new XXUserPermission(); + xUserPermissionObj.setAddedByUserId(userId); + xUserPermissionObj.setCreateTime(new Date()); + xUserPermissionObj.setId(userId); + xUserPermissionObj.setIsAllowed(1); + xUserPermissionObj.setModuleId(1L); + xUserPermissionObj.setUpdatedByUserId(userId); + xUserPermissionObj.setUpdateTime(new Date()); + xUserPermissionObj.setUserId(userId); + xUserPermissionsList.add(xUserPermissionObj); + + List<XXGroupPermission> xGroupPermissionList = new ArrayList<XXGroupPermission>(); + XXGroupPermission xGroupPermissionObj = new XXGroupPermission(); + xGroupPermissionObj.setAddedByUserId(userId); + xGroupPermissionObj.setCreateTime(new Date()); + xGroupPermissionObj.setId(userId); + xGroupPermissionObj.setIsAllowed(1); + xGroupPermissionObj.setModuleId(1L); + xGroupPermissionObj.setUpdatedByUserId(userId); + xGroupPermissionObj.setUpdateTime(new Date()); + xGroupPermissionObj.setGroupId(userId); + xGroupPermissionList.add(xGroupPermissionObj); + + List<VXGroupPermission> groupPermList = new ArrayList<VXGroupPermission>(); + VXGroupPermission groupPermission = new VXGroupPermission(); + groupPermission.setId(1L); + groupPermission.setIsAllowed(1); + groupPermission.setModuleId(1L); + groupPermission.setGroupId(userId); + groupPermission.setGroupName("xyz"); + groupPermission.setOwner("admin"); + groupPermList.add(groupPermission); + + XXModuleDef xModuleDef = new XXModuleDef(); + xModuleDef.setUpdatedByUserId(userId); + xModuleDef.setAddedByUserId(userId); + xModuleDef.setCreateTime(new Date()); + xModuleDef.setId(userId); + xModuleDef.setModule("Policy manager"); + xModuleDef.setUpdateTime(new Date()); + xModuleDef.setUrl("/policy manager"); + + VXUserPermission userPermission = new VXUserPermission(); + userPermission.setId(1L); + userPermission.setIsAllowed(1); + userPermission.setModuleId(1L); + userPermission.setUserId(userId); + userPermission.setUserName("xyz"); + userPermission.setOwner("admin"); + + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn( + xPortalUserRoleDao); + Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn( + xPortalUserRoleList); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.getById(userId)).thenReturn(user); + Mockito.when(daoManager.getXXUserPermission()).thenReturn( + xUserPermissionDao); + Mockito.when( + xUserPermissionDao + .findByUserPermissionIdAndIsAllowed(userProfile.getId())) + .thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn( + xGroupPermissionDao); + Mockito.when( + xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())) + .thenReturn(xGroupPermissionList); + Mockito.when( + xGroupPermissionService.populateViewBean(xGroupPermissionObj)) + .thenReturn(groupPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + Mockito.when( + xUserPermissionService.populateViewBean(xUserPermissionObj)) + .thenReturn(userPermission); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())) + .thenReturn(xModuleDef); + Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())) + .thenReturn(userProfile); + VXStringList vXStringList = xUserMgr.getUserRolesByName(userProfile + .getLoginId()); + Assert.assertNotNull(vXStringList); + } }
