Skip to content

Commit

Permalink
Fix #777
Browse files Browse the repository at this point in the history
  • Loading branch information
pavel.stastny committed Nov 3, 2020
1 parent f33b85d commit 511c080
Show file tree
Hide file tree
Showing 3 changed files with 125 additions and 0 deletions.
74 changes: 74 additions & 0 deletions authfilters/src/test/java/cz/incad/kramerius/auth/shibb/rules/ShibbolethTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
package cz.incad.kramerius.auth.shibb.rules;

import antlr.RecognitionException;
import antlr.TokenStreamException;
import cz.incad.kramerius.auth.shibb.RequestSupportForTests;
import cz.incad.kramerius.auth.thirdparty.shibb.rules.ShibRuleLexer;
import cz.incad.kramerius.auth.thirdparty.shibb.rules.ShibRuleParser;
import cz.incad.kramerius.auth.thirdparty.shibb.rules.objects.ShibRules;
import cz.incad.kramerius.auth.thirdparty.shibb.utils.ClientShibbolethContext;
import cz.incad.kramerius.auth.thirdparty.shibb.utils.ShibbolethUserWrapper;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.easymock.EasyMock;
import org.easymock.IAnswer;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;

import javax.servlet.http.HttpServletRequest;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.util.Enumeration;

public class ShibbolethTest {

public static final String CONST = "match(header(\"AJP_uid\"),\"happy\") {\n" +
" user(\"firstname\",header(\"AJP_uid\"))\n" +
" user(\"surname\", header(\"AJP_uid\"))\n" +
"\n" +
" role(\"k4_admins\")\n" +
"\n" +
"}\n";

@Test
public void testParse() throws IOException, TokenStreamException, RecognitionException {
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getHeaderNames()).andAnswer(new IAnswer<Enumeration>() {
@Override
public Enumeration answer() {
return RequestSupportForTests.getLoggedShibLowerCaseTable().keys();
}
});

EasyMock.expect(req.getHeader("affilation")).andReturn("[email protected];[email protected];[email protected]").anyTimes();
EasyMock.expect(req.getHeader("remote_user")).andReturn("[email protected]").anyTimes();
EasyMock.expect(req.getHeader("edupersonuniqueid")).andReturn("edupersonAtt").anyTimes();

RequestSupportForTests.callExpectation(req, RequestSupportForTests.getLoggedShibLowerCaseTable().keys(), RequestSupportForTests.getLoggedShibLowerCaseTable());
EasyMock.replay(req);

String userName = "[email protected]";
ShibbolethUserWrapper wrapper = new ShibbolethUserWrapper(userName);
ClientShibbolethContext ctx = new ClientShibbolethContext(req, wrapper);

InputStream resourceAsStream = ShibbolethTest.class.getResourceAsStream("/shibrules.txt");
String rules = IOUtils.toString(resourceAsStream, "UTF-8");

ShibRuleLexer shibRuleLexer = new ShibRuleLexer(new StringReader(rules));
ShibRuleParser shibRuleParser = new ShibRuleParser(shibRuleLexer);

ShibRules shibRules = shibRuleParser.shibRules();
shibRules.evaluate(ctx);

Assert.assertTrue(wrapper.getRoles().size() == 2);
Assert.assertTrue(wrapper.getRoles().get(0).equals("k4_admins"));
Assert.assertTrue(wrapper.getRoles().get(1).equals("dalsi_role"));

Assert.assertTrue(wrapper.getProperty("organization") != null );
Assert.assertTrue(wrapper.getProperty("organization").equals("MZK"));

}
}
32 changes: 32 additions & 0 deletions authfilters/src/test/resources/shibrules.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/** Organization **/
match(header("affilation"),/.*mzk.*/) {
user("organization", "MZK")
}

match(header("affilation"),/.*nkp.*/) {
user("organization", "NKP")
}

match(header("affilation"),/.*knav.*/) {
user("organization", "KNAV")
}

/**
* Pravidlo se aplikuje pokud ma v affilation havicce zamestnanec
*/
match(header("affilation"),/.*staff.*/) {
// first name
user("firstname",header("remote_user"))
// surname
user("surname", "Testovaci")
user("affilation", header("affilation"))
user("note_6", "From MZK")
role("k4_admins")
}

/** podchyceni admin uzivatele */
match(header("affilation"),/.*staff.*/) {
role("dalsi_role")
user("mujadmin", "true")
}

19 changes: 19 additions & 0 deletions search/src/java/cz/incad/Kramerius/imaging/IiifServlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@
import cz.incad.kramerius.security.IsActionAllowed;
import cz.incad.kramerius.security.SecuredActions;
import cz.incad.kramerius.security.User;
import cz.incad.kramerius.statistics.StatisticsAccessLog;
import cz.incad.kramerius.utils.FedoraUtils;
import cz.incad.kramerius.utils.RESTHelper;
import cz.incad.kramerius.utils.imgs.KrameriusImageSupport;
import org.apache.commons.io.IOUtils;
Expand Down Expand Up @@ -49,6 +51,11 @@ public class IiifServlet extends AbstractImageServlet {
@Named("cachedFedoraAccess")
private transient FedoraAccess fedoraAccess;


@Inject
private StatisticsAccessLog accessLog;


private static final java.util.logging.Logger LOGGER = java.util.logging.Logger.getLogger(IiifServlet.class.getName());


Expand Down Expand Up @@ -83,6 +90,16 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
String nextToken = tokenizer.nextToken();
url.append("/").append(nextToken);
if ("info.json".equals(nextToken)) {

// report access
try {
this.accessLog.reportAccess(pid, FedoraUtils.IMG_FULL_STREAM);
} catch (Exception e) {
LOGGER.severe("cannot write statistic records");
LOGGER.log(Level.SEVERE, e.getMessage(),e);
}


resp.setContentType("application/ld+json");
resp.setCharacterEncoding("UTF-8");
HttpURLConnection con = (HttpURLConnection) RESTHelper.openConnection(url.toString(), "", "");
Expand All @@ -97,6 +114,8 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
return;
}
}


copyFromImageServer(url.toString(),resp);
} catch (JSONException e) {
LOGGER.log(Level.SEVERE, e.getMessage());
Expand Down

0 comments on commit 511c080

Please sign in to comment.