/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.gateway.identityasserter.regex.filter;
import org.apache.hadoop.gateway.security.GroupPrincipal;
import org.apache.hadoop.gateway.security.PrimaryPrincipal;
import org.easymock.EasyMock;
import org.junit.Test;
import javax.security.auth.Subject;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import java.security.Principal;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.assertEquals;
public class RegexIdentityAssertionFilterTest {
@Test
public void testExtractUsernameFromEmail() throws Exception {
FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
ServletContext context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
EasyMock.replay( config );
EasyMock.replay( context );
RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
Subject subject = new Subject();
subject.getPrincipals().add(new PrimaryPrincipal( "member@us.apache.org" ) );
subject.getPrincipals().add(new GroupPrincipal( "user" ) );
subject.getPrincipals().add( new GroupPrincipal( "admin" ) );
// First test is with no config. Since the output template is the empty string that should be the result.
filter.init(config);
String actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
String[] groups = filter.mapGroupPrincipals(actual, subject);
assertThat( actual, is( "" ) );
assertThat( groups, is( nullValue() ) ); // means for the caller to use the existing subject groups
// Test what is effectively a static mapping
config = EasyMock.createNiceMock( FilterConfig.class );
EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "test-output" ).anyTimes();
EasyMock.replay( config );
EasyMock.replay( context );
filter.init( config );
actual = filter.mapUserPrincipal(((Principal) subject.getPrincipals(PrimaryPrincipal.class).toArray()[0]).getName());
assertEquals( actual, "test-output" );
// Test username extraction.
config = EasyMock.createNiceMock( FilterConfig.class );
EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@.*" ).anyTimes();
EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix" ).anyTimes();
EasyMock.replay( config );
EasyMock.replay( context );
filter.init( config );
actual = filter.mapUserPrincipal( "member@us.apache.org" );
assertEquals( actual, "prefix_member_suffix" );
}
@Test
public void testMapDomain() throws Exception {
FilterConfig config = EasyMock.createNiceMock( FilterConfig.class );
EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
ServletContext context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
EasyMock.replay( config );
EasyMock.replay( context );
RegexIdentityAssertionFilter filter = new RegexIdentityAssertionFilter();
Subject subject = new Subject();
subject.getPrincipals().add(new PrimaryPrincipal( "member@us.apache.org" ) );
subject.getPrincipals().add(new GroupPrincipal( "user" ) );
subject.getPrincipals().add( new GroupPrincipal( "admin" ) );
String actual;
// Test dictionary lookup.
config = EasyMock.createNiceMock( FilterConfig.class );
EasyMock.expect(config.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
context = EasyMock.createNiceMock(ServletContext.class);
EasyMock.expect(config.getServletContext() ).andReturn( context ).anyTimes();
EasyMock.expect(context.getInitParameter("principal.mapping") ).andReturn( "" ).anyTimes();
EasyMock.expect(config.getInitParameter( "input" ) ).andReturn( "(.*)@(.*?)\\..*" ).anyTimes();
EasyMock.expect(config.getInitParameter( "output" ) ).andReturn( "prefix_{1}_suffix:{[2]}" ).anyTimes();
EasyMock.expect(config.getInitParameter( "lookup" ) ).andReturn( "us=USA;ca=CANADA" ).anyTimes();
EasyMock.replay( config );
EasyMock.replay( context );
filter.init( config );
actual = filter.mapUserPrincipal( "member1@us.apache.org" );
assertThat( actual, is( "prefix_member1_suffix:USA" ) );
actual = filter.mapUserPrincipal( "member2@ca.apache.org" );
assertThat( actual, is( "prefix_member2_suffix:CANADA" ) );
actual = filter.mapUserPrincipal( "member3@nj.apache.org" );
assertThat( actual, is( "prefix_member3_suffix:" ) );
}
}