Examples of ExternalUser

Examples of com.porterhead.rest.user.api.ExternalUser

72
73
74
75
76
77
78
79
80
        String authToken = request.getHeaderValue(HEADER_AUTHORIZATION);
        String requestDateString = request.getHeaderValue(HEADER_DATE);
        String nonce = request.getHeaderValue(HEADER_NONCE);
        AuthorizationRequestContext context = new AuthorizationRequestContext(request.getPath(), request.getMethod(),
                            requestDateString, nonce, authToken);
        ExternalUser externalUser = authorizationService.authorize(context);
        request.setSecurityContext(new SecurityContextImpl(externalUser));
        return request;
    }
View Full Code Here

Examples of com.porterhead.rest.user.api.ExternalUser

118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
     * @return The request signature was valid and a user is returned or null if the context did not contain the information necessary
     * to load a user
     */
    public ExternalUser authorize(AuthorizationRequestContext context) {

        ExternalUser externalUser = null;
        if (context.getAuthorizationToken() != null && context.getRequestDateString() != null && context.getNonceToken() != null) {
            String userId = null;
            String hashedToken = null;
            String[] token = context.getAuthorizationToken().split(":");
            if (token.length == 2) {
                userId = token[0];
                hashedToken = token[1];
                //make sure date and nonce is valid
                validateRequestDate(context.getRequestDateString());
                validateNonce(context.getNonceToken());

                User user = userRepository.findByUuid(userId);
                if (user != null) {
                    externalUser = new ExternalUser(user);
                    if (!isAuthorized(user, context, hashedToken)) {
                        throw new AuthorizationException("Request rejected due to an authorization failure");
                    }
                }
            }
View Full Code Here

Examples of com.porterhead.rest.user.api.ExternalUser

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
        this.userRepository = repository;
    }

    public ExternalUser authorize(AuthorizationRequestContext securityContext) {
        String token = securityContext.getAuthorizationToken();
        ExternalUser externalUser = null;
        if(token == null) {
            return externalUser;
        }
        User user =  userRepository.findBySession(token);
        if(user == null) {
            throw new AuthorizationException("Session token not valid");
        }
        AuthorizationToken authorizationToken = user.getAuthorizationToken();
            if (authorizationToken.getToken().equals(token)) {
                externalUser = new ExternalUser(user);
            }
        return externalUser;
    }
View Full Code Here

Examples of com.porterhead.rest.user.api.ExternalUser

61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
    }

    private void setUpValidRequest() {
        User user = new User();
        user.setAuthorizationToken(new AuthorizationToken(user));
        final ExternalUser externalUser = new ExternalUser(user);
        String dateString = new DateTime().toString(ISODateTimeFormat.dateTimeNoMillis());
        String hashedToken = new String(Base64.encodeBase64(DigestUtils.sha256(user.getAuthorizationToken().getToken() + ":user/555,POST," + dateString + ",123")));
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_AUTHORIZATION)).thenReturn(externalUser.getId() + ":" + hashedToken);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_DATE)).thenReturn(dateString);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_NONCE)).thenReturn("123");
        when(containerRequest.getPath()).thenReturn("user/555");
        when(containerRequest.getMethod()).thenReturn("POST");
        when(userRepository.findByUuid(user.getUuid().toString())).thenReturn(user);
        doAnswer(new Answer() {

            public Object answer(InvocationOnMock invocation) throws Throwable {
                SecurityContext context = (SecurityContext) invocation.getArguments()[0];
                ExternalUser user = (ExternalUser) context.getUserPrincipal();
                assertThat(user.getId(), is(externalUser.getId()));
                return null;
            }
        }).when(containerRequest).setSecurityContext(any(SecurityContext.class));
    }
View Full Code Here

Examples of com.porterhead.rest.user.api.ExternalUser

84
85
86
87
88
89
90
91
92
93
94
95
    }

    @Test (expected = AuthorizationException.class)
    public void dateHeaderIsOutOfRange() {
        User user = new User();
        final ExternalUser externalUser = new ExternalUser(user);
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_AUTHORIZATION)).thenReturn(externalUser.getId() + ":123");
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_DATE)).thenReturn(new DateTime().minusMinutes(10).toString(ISODateTimeFormat.dateTimeNoMillis()));
        when(containerRequest.getHeaderValue(SecurityContextFilter.HEADER_NONCE)).thenReturn("123");
        when(applicationConfig.getSessionDateOffsetInMinutes()).thenReturn(5);
        containerRequest = filter.filter(containerRequest);
    }
View Full Code Here

Examples of com.porterhead.rest.user.api.ExternalUser

45
46
47
48
49
50
51
52
53
    @Test(expected = InvalidAuthorizationHeaderException.class)
    public void authenticationFailure() {
        User user = new User();
        user.setRole(Role.authenticated);
        ExternalUser externalUser = null;
        SecurityContext context = new SecurityContextImpl(externalUser);
        context.isUserInRole(Role.authenticated.name());
    }
View Full Code Here

Examples of com.porterhead.rest.user.api.ExternalUser

60
61
62
63
64
65
66
67
68

    private SecurityContext createSecurityContext(Role role) {
        User user = new User();
        user.setRole(role);
        ExternalUser externalUser = new ExternalUser(user);
        SecurityContext context = new SecurityContextImpl(externalUser);
        return context;
    }
View Full Code Here

Examples of com.porterhead.rest.user.api.ExternalUser

36
37
38
39
40
41
42
43
    @Test
    public void authorizeUser() throws Exception {
        String dateString = DateUtil.getCurrentDateAsIso8061String();
        String hashedToken = new String(Base64.encodeBase64(DigestUtils.sha256(USER.getAuthorizationToken().getToken() + ":user/555,POST," + dateString + ",123")));
        ExternalUser user = authorizationService.authorize(getAuthorizationRequest(USER.getUuid().toString() + ":" + hashedToken, "user/555", dateString, "123"));
        assertThat(user.getId(), is(USER.getUuid().toString()));
    }
View Full Code Here

Examples of com.porterhead.rest.user.api.ExternalUser

55
56
57
58
59
60
61
62
    }

    @Test
    public void missingNonce() {
        String hashedToken = new String(Base64.encodeBase64(DigestUtils.sha256("INVALID-SESSION-TOKEN:abcdef")));
        ExternalUser user = authorizationService.authorize(getAuthorizationRequest(USER.getUuid().toString() + ":" + hashedToken, "abcdef", null));
        assertThat(user, is(Matchers.<Object>nullValue()));
    }
View Full Code Here

Examples of com.porterhead.rest.user.api.ExternalUser

76
77
78
79
80
81
82
83
        authorizationService.authorize(getAuthorizationRequest(USER.getUuid().toString() + ":" + hashedToken, "hash123,123", dateString, "567"));
    }

    @Test
    public void nullSessionToken() {
        ExternalUser user = authorizationService.authorize(getAuthorizationRequest(null,  "abcdef", "123"));
        assertThat(user, is(Matchers.<Object>nullValue()));
    }
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.