public void TestSimplePrincipal()
{
string name = "CN=Manager,OU=MyUnit";
IIdentity identity = new GenericIdentity(name, "POF");
IPrincipal principalOne = new GenericPrincipal(identity, null);
IPrincipal principalTwo = new GenericPrincipal(identity, null);
Assert.IsFalse(principalOne.Equals(principalTwo));
Assert.IsFalse(Object.Equals(principalOne, principalTwo));
principalOne = new SimplePrincipal(identity, null);
principalTwo = new SimplePrincipal(identity, null);
Assert.IsTrue(principalOne.Equals(principalTwo));
Assert.IsTrue(Object.Equals(principalOne, principalTwo));
}
/// <summary>
/// Deserialize a user type instance from a POF stream by reading its
/// state using the specified <see cref="IPofReader"/> object.
/// </summary>
/// <remarks>
/// An implementation of <b>IPofSerializer</b> is required to follow
/// the following steps in sequence for reading in an object of a
/// user type:
/// <list type="number">
/// <item>
/// <description>
/// If the object is evolvable, the implementation must get the
/// version by calling <see cref="IPofWriter.VersionId"/>.
/// </description>
/// </item>
/// <item>
/// <description>
/// The implementation may read any combination of the
/// properties of the user type by using "read" methods of the
/// <b>IPofReader</b>, but it must do so in the order of the property
/// indexes.
/// </description>
/// </item>
/// <item>
/// <description>
/// After all desired properties of the user type have been read,
/// the implementation must terminate the reading of the user type by
/// calling <see cref="IPofReader.ReadRemainder"/>.
/// </description>
/// </item>
/// </list>
/// </remarks>
/// <param name="reader">
/// The <b>IPofReader</b> with which to read the object's state.
/// </param>
/// <returns>
/// The deserialized user type instance.
/// </returns>
/// <exception cref="IOException">
/// If an I/O error occurs.
/// </exception>
public object Deserialize(IPofReader reader)
{
IList identities = (IList)reader.ReadCollection(0, new ArrayList(1));
reader.ReadRemainder();
IPrincipal principal = null;
if (identities.Count > 0)
{
IIdentity identity = (IIdentity)identities[0];
principal = new SimplePrincipal(identity, null);
reader.RegisterIdentity(principal);
}
return(principal);
}
public void TestSimpleIdentityPassing()
{
string name = "CN=Manager,OU=MyUnit";
IIdentity identity = new GenericIdentity(name, "POF");
IPrincipal principalNew = new SimplePrincipal(identity, null);
IPrincipal principalOld = Thread.CurrentPrincipal;
INamedCache cache00;
Thread.CurrentPrincipal = principalNew;
try
{
cache00 = CacheFactory.GetCache(CacheName);
Assert.IsNotNull(cache00);
}
finally
{
Thread.CurrentPrincipal = principalOld;
}
INamedCache cache01;
name = "CN=CEO,OU=MyUnit";
identity = new GenericIdentity(name, "POF");
principalNew = new SimplePrincipal(identity, null);
principalOld = Thread.CurrentPrincipal;
Thread.CurrentPrincipal = principalNew;
try
{
cache01 = CacheFactory.GetCache(CacheName);
Assert.IsNotNull(cache01);
}
finally
{
Thread.CurrentPrincipal = principalOld;
}
Assert.IsFalse(cache00.Equals(cache01));
}
public void TestSimpleIdentityServiceScoping()
{
string name = "CN=Manager,OU=MyUnit";
IIdentity identity = new GenericIdentity(name, "POF");
IPrincipal principalNew = new SimplePrincipal(identity, null);
IPrincipal principalOld = Thread.CurrentPrincipal;
IService service00;
Thread.CurrentPrincipal = principalNew;
try
{
service00 = CacheFactory.GetService("RemoteInvocationService");
Assert.IsNotNull(service00);
}
finally
{
Thread.CurrentPrincipal = principalOld;
}
IService service01;
name = "CN=Admin,OU=MyUnit";
identity = new GenericIdentity(name, "POF");
principalNew = new SimplePrincipal(identity, null);
principalOld = Thread.CurrentPrincipal;
Thread.CurrentPrincipal = principalNew;
try
{
service01 = CacheFactory.GetService("RemoteInvocationService");
Assert.IsNotNull(service01);
}
finally
{
Thread.CurrentPrincipal = principalOld;
}
Assert.AreNotEqual(service00, service01);
}
/**
* @throws IllegalArgumentException if the ServiceTicketId or the Service
* are null.
*/
//@Audit(
// action="SERVICE_TICKET_VALIDATE",
// actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
// resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
//@Profiled(tag="VALIDATE_SERVICE_TICKET",logFailuresSeparately = false)
//@Transactional(readOnly = false)
public Assertion validateServiceTicket(string serviceTicketId, Service service)
{
//Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
//Assert.notNull(service, "service cannot be null");
ServiceTicket serviceTicket = (ServiceTicket)this.serviceTicketRegistry.getTicket(serviceTicketId, typeof(ServiceTicket));
RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService == null || !registeredService.isEnabled())
{
//log.warn("ServiceManagement: Service does not exist is not enabled, and thus not allowed to validate tickets. Service: [" + service.getId() + "]");
throw new UnauthorizedServiceException("Service not allowed to validate tickets.");
}
if (serviceTicket == null)
{
//log.info("ServiceTicket [" + serviceTicketId + "] does not exist.");
throw new InvalidTicketException();
}
try
{
lock (serviceTicket)
{
if (serviceTicket.isExpired())
{
//log.info("ServiceTicket [" + serviceTicketId + "] has expired.");
throw new InvalidTicketException();
}
if (!serviceTicket.isValidFor(service))
{
//log.error("ServiceTicket [" + serviceTicketId + "] with service [" + serviceTicket.getService().getId() + " does not match supplied service [" + service + "]");
throw new TicketValidationException(serviceTicket.getService());
}
}
List <Authentication> chainedAuthenticationsList = serviceTicket.getGrantingTicket().getChainedAuthentications();
Authentication authentication = chainedAuthenticationsList.ElementAt(chainedAuthenticationsList.Count() - 1);
Principal principal = authentication.getPrincipal();
string principalId = this.determinePrincipalIdForRegisteredService(principal, registeredService, serviceTicket);
Authentication authToUse;
if (!registeredService.isIgnoreAttributes())
{
Dictionary <string, Object> attributes = new Dictionary <string, Object>();
foreach (string attribute in registeredService.getAllowedAttributes())
{
Object value = principal.getAttributes().FirstOrDefault(x => x.Key == attribute).Value;
if (value != null)
{
attributes.Add(attribute, value);
}
}
Principal modifiedPrincipal = new SimplePrincipal(principalId, attributes);
MutableAuthentication mutableAuthentication = new MutableAuthentication(modifiedPrincipal, authentication.getAuthenticatedDate());
var mutableAuthenticationattributes = mutableAuthentication.getAttributes();
var U = mutableAuthentication.getAttributes().Concat(authentication.getAttributes());
mutableAuthentication.Attributes = U.ToDictionary(x => x.Key, x => x.Value);
mutableAuthentication.AuthenticatedDate = authentication.getAuthenticatedDate();
//mutableAuthentication.getAuthenticatedDate() = authentication.getAuthenticatedDate();
authToUse = mutableAuthentication;
}
else
{
Principal modifiedPrincipal = new SimplePrincipal(principalId, principal.getAttributes());
authToUse = new MutableAuthentication(modifiedPrincipal, authentication.getAuthenticatedDate());
}
List <Authentication> authentications = new List <Authentication>();
for (int i = 0; i < chainedAuthenticationsList.Count() - 1; i++)
{
authentications.Add(serviceTicket.getGrantingTicket().getChainedAuthentications().ElementAt(i));
}
authentications.Add(authToUse);
return(new ImmutableAssertionImpl(authentications, serviceTicket.getService(), serviceTicket.isFromNewLogin()));
}
finally
{
if (serviceTicket.isExpired())
{
this.serviceTicketRegistry.deleteTicket(serviceTicketId);
}
}
}
public void TestSimpleIdentityCacheScoping()
{
// Test two caches are not equal when different principals
// have different identity
string name = "CN=Manager,OU=MyUnit";
IIdentity identity = new GenericIdentity(name, "POF");
IPrincipal principalNew = new SimplePrincipal(identity, null);
IPrincipal principalOld = Thread.CurrentPrincipal;
INamedCache cache00;
Thread.CurrentPrincipal = principalNew;
try
{
cache00 = CacheFactory.GetCache(CacheName);
Assert.IsNotNull(cache00);
}
finally
{
Thread.CurrentPrincipal = principalOld;
}
INamedCache cache01;
name = "CN=CEO,OU=MyUnit";
identity = new GenericIdentity(name, "POF");
principalNew = new SimplePrincipal(identity, null);
principalOld = Thread.CurrentPrincipal;
Thread.CurrentPrincipal = principalNew;
try
{
cache01 = CacheFactory.GetCache(CacheName);
Assert.IsNotNull(cache01);
}
finally
{
Thread.CurrentPrincipal = principalOld;
}
Assert.IsFalse(cache00.Equals(cache01));
// Test two caches are equal when different principals
// have same identity
name = "CN=Manager,OU=MyUnit";
identity = new GenericIdentity(name, "POF");
principalNew = new SimplePrincipal(identity, null);
principalOld = Thread.CurrentPrincipal;
Thread.CurrentPrincipal = principalNew;
try
{
cache00 = CacheFactory.GetCache(CacheName);
Assert.IsNotNull(cache00);
}
finally
{
Thread.CurrentPrincipal = principalOld;
}
identity = new GenericIdentity(name, "POF");
principalNew = new SimplePrincipal(identity, null);
principalOld = Thread.CurrentPrincipal;
Thread.CurrentPrincipal = principalNew;
try
{
cache01 = CacheFactory.GetCache(CacheName);
Assert.IsNotNull(cache01);
}
finally
{
Thread.CurrentPrincipal = principalOld;
}
Assert.AreEqual(cache00, cache01);
}