Moving AuthenticationEvaluator to model-impl

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/MidPointAuthenticationProvider.java

@@ -16,9 +16,9 @@
 
 package com.evolveum.midpoint.web.security;
 
+import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;
 import com.evolveum.midpoint.prism.crypto.Protector;
-import com.evolveum.midpoint.security.api.AuthenticationEvaluator;
 import com.evolveum.midpoint.security.api.Authorization;
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;

repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthenticationEvaluator.java → model/model-api/src/main/java/com/evolveum/midpoint/model/api/AuthenticationEvaluator.java

@@ -13,11 +13,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package com.evolveum.midpoint.security.api;
+package com.evolveum.midpoint.model.api;
 
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 
+import com.evolveum.midpoint.security.api.ConnectionEnvironment;
+import com.evolveum.midpoint.security.api.MidPointPrincipal;
+import com.evolveum.midpoint.security.api.UserProfileService;
+
 /**
  * @author semancik
  *

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelController.java

@@ -29,6 +29,7 @@
 
 import com.evolveum.midpoint.certification.api.CertificationManager;
 import com.evolveum.midpoint.model.api.AccessCertificationService;
+import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
 import com.evolveum.midpoint.model.api.ProgressListener;
 import com.evolveum.midpoint.model.api.ScriptExecutionException;
 import com.evolveum.midpoint.model.api.ScriptExecutionResult;
@@ -93,7 +94,6 @@
 import com.evolveum.midpoint.schema.result.OperationResultRunner;
 import com.evolveum.midpoint.schema.result.OperationResultStatus;
 import com.evolveum.midpoint.schema.util.ShadowUtil;
-import com.evolveum.midpoint.security.api.AuthenticationEvaluator;
 import com.evolveum.midpoint.security.api.AuthorizationConstants;
 import com.evolveum.midpoint.security.api.SecurityEnforcer;
 import com.evolveum.midpoint.security.api.UserProfileService;

repo/security-impl/src/main/java/com/evolveum/midpoint/security/impl/AuthenticationEvaluatorImpl.java → model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package com.evolveum.midpoint.security.impl;
+package com.evolveum.midpoint.model.impl.security;
 
 import java.util.Collection;
 
@@ -29,11 +29,11 @@
 import org.springframework.stereotype.Component;
 
 import com.evolveum.midpoint.common.Clock;
+import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
 import com.evolveum.midpoint.prism.crypto.EncryptionException;
 import com.evolveum.midpoint.prism.crypto.Protector;
 import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
 import com.evolveum.midpoint.schema.util.MiscSchemaUtil;
-import com.evolveum.midpoint.security.api.AuthenticationEvaluator;
 import com.evolveum.midpoint.security.api.Authorization;
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;

model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/AbstractInternalModelIntegrationTest.java

@@ -60,6 +60,7 @@
 import com.evolveum.midpoint.schema.util.ResourceTypeUtil;
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.test.DummyResourceContoller;
+import com.evolveum.midpoint.test.util.MidPointTestConstants;
 import com.evolveum.midpoint.util.exception.CommunicationException;
 import com.evolveum.midpoint.util.exception.ConfigurationException;
 import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
@@ -74,6 +75,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
@@ -89,13 +91,17 @@ public class AbstractInternalModelIntegrationTest extends AbstractModelIntegrati
 	public static final File SYSTEM_CONFIGURATION_FILE = new File(COMMON_DIR, "system-configuration.xml");
 	public static final String SYSTEM_CONFIGURATION_OID = SystemObjectsType.SYSTEM_CONFIGURATION.value();
 
+	public static final File SECURITY_POLICY_FILE = new File(COMMON_DIR, "security-policy.xml");
+	public static final String SECURITY_POLICY_OID = "28bf845a-b107-11e3-85bc-001e8c717e5b";
+
 	public static final File USER_ADMINISTRATOR_FILE = new File(COMMON_DIR, "user-administrator.xml");
 	protected static final String USER_ADMINISTRATOR_NAME = "administrator";
 	protected static final String USER_ADMINISTRATOR_OID = "00000000-0000-0000-0000-000000000002";
 
 	protected static final File USER_JACK_FILE = new File(COMMON_DIR, "user-jack.xml");
 	protected static final String USER_JACK_OID = "c0c010c0-d34d-b33f-f00d-111111111111";
 	protected static final String USER_JACK_USERNAME = "jack";
+	protected static final String USER_JACK_PASSWORD = "deadmentellnotales";
 
 	protected static final File USER_BARBOSSA_FILE = new File(COMMON_DIR, "user-barbossa.xml");
 	protected static final String USER_BARBOSSA_OID = "c0c010c0-d34d-b33f-f00d-111111111112";
@@ -188,6 +194,8 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 			throw new ObjectAlreadyExistsException("System configuration already exists in repository;" +
 					"looks like the previous test haven't cleaned it up", e);
 		}
+
+		repoAddObjectFromFile(SECURITY_POLICY_FILE, SecurityPolicyType.class, initResult);
 
 		// Administrator
 		repoAddObjectFromFile(ROLE_SUPERUSER_FILE, RoleType.class, initResult);

repo/security-impl/src/test/java/com/evolveum/midpoint/security/impl/TestAuthenticationEvaluator.java → model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/TestAuthenticationEvaluator.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package com.evolveum.midpoint.security.impl;
+package com.evolveum.midpoint.model.impl;
 
 import static com.evolveum.midpoint.test.IntegrationTestTools.display;
 import static org.testng.AssertJUnit.assertEquals;
@@ -37,55 +37,45 @@
 import org.testng.annotations.Test;
 
 import com.evolveum.midpoint.common.Clock;
+import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.schema.result.OperationResult;
-import com.evolveum.midpoint.security.api.AuthenticationEvaluator;
+import com.evolveum.midpoint.security.api.Authorization;
 import com.evolveum.midpoint.security.api.ConnectionEnvironment;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;
+import com.evolveum.midpoint.security.api.UserProfileService;
 import com.evolveum.midpoint.task.api.Task;
-import com.evolveum.midpoint.test.AbstractIntegrationTest;
 import com.evolveum.midpoint.test.util.MidPointAsserts;
 import com.evolveum.midpoint.test.util.MidPointTestConstants;
 import com.evolveum.midpoint.test.util.TestUtil;
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.LoginEventType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemObjectsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 
 /**
  * @author semancik
  *
  */
-@ContextConfiguration(locations = "classpath:ctx-security-test-main.xml")
+@ContextConfiguration(locations = {"classpath:ctx-model-test-main.xml"})
 @DirtiesContext
 @Listeners({ com.evolveum.midpoint.tools.testng.AlphabeticalMethodInterceptor.class })
-public class TestAuthenticationEvaluator extends AbstractIntegrationTest {
+public class TestAuthenticationEvaluator extends AbstractInternalModelIntegrationTest {
 
-	protected static final File TEST_DIR = MidPointTestConstants.TEST_RESOURCES_DIR;
-
-	public static final File SYSTEM_CONFIGURATION_FILE = new File(TEST_DIR, "system-configuration.xml");
-	public static final String SYSTEM_CONFIGURATION_OID = SystemObjectsType.SYSTEM_CONFIGURATION.value();
-
-	protected static final File SECURITY_POLICY_FILE = new File(TEST_DIR, "security-policy.xml");
-	protected static final String SECURITY_POLICY_OID = "28bf845a-b107-11e3-85bc-001e8c717e5b";
-
-	protected static final File USER_JACK_FILE = new File(TEST_DIR, "user-jack.xml");
-	protected static final String USER_JACK_OID = "c0c010c0-d34d-b33f-f00d-111111111111";
-	protected static final String USER_JACK_USERNAME = "jack";
-	protected static final String USER_JACK_PASSWORD = "deadmentellnotales";
+	protected static final File TEST_DIR = new File(MidPointTestConstants.TEST_RESOURCES_DIR, "security");
 
 	private static final Trace LOGGER = TraceManager.getTrace(TestAuthenticationEvaluator.class);
 
 	@Autowired(required=true)
 	private AuthenticationEvaluator authenticationEvaluator;
 
 	@Autowired(required=true)
-	private UserProfileServiceMock userProfileService;
+	private UserProfileService userProfileService;
 
 	@Autowired(required = true)
 	private Clock clock;
@@ -95,11 +85,7 @@ public class TestAuthenticationEvaluator extends AbstractIntegrationTest {
 	 */
 	@Override
 	public void initSystem(Task initTask, OperationResult initResult) throws Exception {
-		authenticationEvaluator.setUserProfileService(userProfileService);
-
-		repoAddObjectFromFile(SYSTEM_CONFIGURATION_FILE, SystemConfigurationType.class, initResult);
-		repoAddObjectFromFile(SECURITY_POLICY_FILE, SecurityPolicyType.class, initResult);
-		repoAddObjectFromFile(USER_JACK_FILE, UserType.class, initResult);
+		super.initSystem(initTask, initResult);
 	}
 
 	@Test
@@ -112,32 +98,22 @@ public void test000Sanity() throws Exception {
 	}
 
 	@Test
-	public void test020UserProfileServiceMockUsername() throws Exception {
-		final String TEST_NAME = "test020UserProfileServiceMockUsername";
+	public void test020UserProfileServiceUsername() throws Exception {
+		final String TEST_NAME = "test020UserProfileServiceUsername";
 		TestUtil.displayTestTile(TEST_NAME);
 
 		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
 		assertPrincipalJack(principal);
 	}
 
-	private void assertPrincipalJack(MidPointPrincipal principal) {
-		display("principal", principal);
-		assertEquals("Bad principal name", USER_JACK_USERNAME, principal.getName().getOrig());
-		assertEquals("Bad principal name", USER_JACK_USERNAME, principal.getUsername());
-		UserType user = principal.getUser();
-		assertNotNull("No user in principal",user);
-		assertEquals("Bad name in user in principal", USER_JACK_USERNAME, user.getName().getOrig());
-	}
 
 	@Test
 	public void test100PasswordLoginGoodPasswordJack() throws Exception {
 		final String TEST_NAME = "test100PasswordLoginGoodPasswordJack";
 		TestUtil.displayTestTile(TEST_NAME);
 
 		// GIVEN
-		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
-		assertPrincipalJack(principal);
-
+		MidPointPrincipal principal = getAuthorizedPrincipal(USER_JACK_USERNAME);
 		ConnectionEnvironment connEnv = createConnectionEnvironment();
 		XMLGregorianCalendar startTs = clock.currentTimeXMLGregorianCalendar();
 
@@ -162,9 +138,7 @@ public void test101PasswordLoginBadPasswordJack() throws Exception {
 		TestUtil.displayTestTile(TEST_NAME);
 
 		// GIVEN
-		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
-		assertPrincipalJack(principal);
-
+		MidPointPrincipal principal = getAuthorizedPrincipal(USER_JACK_USERNAME);
 		ConnectionEnvironment connEnv = createConnectionEnvironment();
 		XMLGregorianCalendar startTs = clock.currentTimeXMLGregorianCalendar();
 
@@ -199,9 +173,7 @@ public void test102PasswordLoginNullPasswordJack() throws Exception {
 		TestUtil.displayTestTile(TEST_NAME);
 
 		// GIVEN
-		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
-		assertPrincipalJack(principal);
-
+		MidPointPrincipal principal = getAuthorizedPrincipal(USER_JACK_USERNAME);
 		ConnectionEnvironment connEnv = createConnectionEnvironment();
 
 		try {
@@ -234,9 +206,7 @@ public void test103PasswordLoginEmptyPasswordJack() throws Exception {
 		TestUtil.displayTestTile(TEST_NAME);
 
 		// GIVEN
-		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
-		assertPrincipalJack(principal);
-
+		MidPointPrincipal principal = getAuthorizedPrincipal(USER_JACK_USERNAME);
 		ConnectionEnvironment connEnv = createConnectionEnvironment();
 
 		try {
@@ -274,9 +244,7 @@ public void test105PasswordLoginBadPasswordJackAfterLockoutFailedAttemptsDuratio
 		// GIVEN
 		clock.overrideDuration("PT5M");
 
-		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
-		assertPrincipalJack(principal);
-
+		MidPointPrincipal principal = getAuthorizedPrincipal(USER_JACK_USERNAME);
 		ConnectionEnvironment connEnv = createConnectionEnvironment();
 		XMLGregorianCalendar startTs = clock.currentTimeXMLGregorianCalendar();
 
@@ -312,9 +280,7 @@ public void test110PasswordLoginLockout() throws Exception {
 		TestUtil.displayTestTile(TEST_NAME);
 
 		// GIVEN
-		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
-		assertPrincipalJack(principal);
-
+		MidPointPrincipal principal = getAuthorizedPrincipal(USER_JACK_USERNAME);
 		ConnectionEnvironment connEnv = createConnectionEnvironment();
 		XMLGregorianCalendar startTs = clock.currentTimeXMLGregorianCalendar();
 
@@ -367,9 +333,7 @@ public void test112PasswordLoginLockedoutGoodPassword() throws Exception {
 		TestUtil.displayTestTile(TEST_NAME);
 
 		// GIVEN
-		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
-		assertPrincipalJack(principal);
-
+		MidPointPrincipal principal = getAuthorizedPrincipal(USER_JACK_USERNAME);
 		ConnectionEnvironment connEnv = createConnectionEnvironment();
 
 		// WHEN
@@ -399,9 +363,7 @@ public void test113PasswordLoginLockedoutBadPassword() throws Exception {
 		TestUtil.displayTestTile(TEST_NAME);
 
 		// GIVEN
-		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
-		assertPrincipalJack(principal);
-
+		MidPointPrincipal principal = getAuthorizedPrincipal(USER_JACK_USERNAME);
 		ConnectionEnvironment connEnv = createConnectionEnvironment();
 
 		// WHEN
@@ -437,9 +399,7 @@ public void test118PasswordLoginLockedoutLockExpires() throws Exception {
 		// GIVEN
 		clock.overrideDuration("PT30M");
 
-		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
-		assertPrincipalJack(principal);
-
+		MidPointPrincipal principal = getAuthorizedPrincipal(USER_JACK_USERNAME);
 		ConnectionEnvironment connEnv = createConnectionEnvironment();
 		XMLGregorianCalendar startTs = clock.currentTimeXMLGregorianCalendar();
 
@@ -484,14 +444,6 @@ private ConnectionEnvironment createConnectionEnvironment() {
 		return connEnv;
 	}
 
-	private PrismObject<UserType> getUser(String oid) throws ObjectNotFoundException, SchemaException {
-		OperationResult result = new OperationResult("getUser");
-		PrismObject<UserType> user = repositoryService.getObject(UserType.class, oid, null, result);
-		result.computeStatus();
-		TestUtil.assertSuccess(result);
-		return user;
-	}
-
 	private void assertFailedLogins(PrismObject<UserType> user, int expected) {
 		if (expected == 0 && user.asObjectable().getCredentials().getPassword().getFailedLogins() == null) {
 			return;
@@ -515,4 +467,24 @@ private void assertLastFailedLogin(PrismObject<UserType> user, XMLGregorianCalen
 		TestUtil.assertBetween("wrong last failed login timestamp", startTs, endTs, failedLoginTs);
 	}
 
+	private MidPointPrincipal getAuthorizedPrincipal(String userJackUsername) throws ObjectNotFoundException {
+		MidPointPrincipal principal = userProfileService.getPrincipal(USER_JACK_USERNAME);
+		assertPrincipalJack(principal);
+		if (principal.getAuthorities().isEmpty()) {
+			AuthorizationType authorizationType = new AuthorizationType();
+	        authorizationType.getAction().add("FAKE");
+			principal.getAuthorities().add(new Authorization(authorizationType));
+		}
+		return principal;
+	}
+
+	private void assertPrincipalJack(MidPointPrincipal principal) {
+		display("principal", principal);
+		assertEquals("Bad principal name", USER_JACK_USERNAME, principal.getName().getOrig());
+		assertEquals("Bad principal name", USER_JACK_USERNAME, principal.getUsername());
+		UserType user = principal.getUser();
+		assertNotNull("No user in principal",user);
+		assertEquals("Bad name in user in principal", USER_JACK_USERNAME, user.getName().getOrig());
+	}
+
 }

model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/lens/AbstractLensTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013 Evolveum
+ * Copyright (c) 2013-2016 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,6 +46,7 @@
 import com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest;
 import com.evolveum.midpoint.model.impl.lens.projector.Projector;
 import com.evolveum.midpoint.task.api.TaskManager;
+import com.evolveum.midpoint.test.util.MidPointTestConstants;
 
 /**
  * @author semancik
@@ -55,8 +56,7 @@
 @DirtiesContext(classMode = ClassMode.AFTER_CLASS)
 public abstract class AbstractLensTest extends AbstractInternalModelIntegrationTest {
 
-	protected static final File TEST_DIR = new File("src/test/resources/lens");
-	protected static final File TEST_DIR_COMMON = new File("./src/test/resources/common");
+	protected static final File TEST_DIR = new File(MidPointTestConstants.TEST_RESOURCES_DIR, "lens");
 
 	protected static final File ASSIGNMENT_DIRECT_FILE = new File(TEST_DIR, "assignment-direct.xml");
 	protected static final File ASSIGNMENT_DIRECT_EXPRESSION_FILE = new File(TEST_DIR, "assignment-direct-expression.xml");