Search in sources :

Example 1 with InMemoryAuthorizer

use of co.cask.cdap.security.authorization.InMemoryAuthorizer in project cdap by caskdata.

the class AuthorizationHandlerTest method setUp.

@Before
public void setUp() throws Exception {
    CConfiguration conf = CConfiguration.create();
    conf.setBoolean(Constants.Security.Authorization.ENABLED, true);
    conf.setBoolean(Constants.Security.ENABLED, true);
    properties.setProperty("superusers", admin.getName());
    final InMemoryAuthorizer auth = new InMemoryAuthorizer();
    auth.initialize(FACTORY.create(properties));
    service = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(auth, new AuthorizerInstantiator(conf, FACTORY) {

        @Override
        public Authorizer get() {
            return auth;
        }
    }, conf, auth, new MasterAuthenticationContext(), entityExistenceVerifier)).setChannelPipelineModifier(new ChannelPipelineModifier() {

        @Override
        public void modify(ChannelPipeline pipeline) {
            pipeline.addBefore("dispatcher", "usernamesetter", new TestUserNameSetter());
            pipeline.addAfter("usernamesetter", "authenticator", new AuthenticationChannelHandler());
        }
    }).build();
    service.start();
    client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
    System.setProperty(USERNAME_PROPERTY, admin.getName());
}
Also used : MasterAuthenticationContext(co.cask.cdap.security.auth.context.MasterAuthenticationContext) CommonNettyHttpServiceBuilder(co.cask.cdap.common.http.CommonNettyHttpServiceBuilder) AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator) AuthenticationChannelHandler(co.cask.cdap.common.http.AuthenticationChannelHandler) CConfiguration(co.cask.cdap.common.conf.CConfiguration) ChannelPipeline(io.netty.channel.ChannelPipeline) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) AuthorizationClient(co.cask.cdap.client.AuthorizationClient) ChannelPipelineModifier(co.cask.http.ChannelPipelineModifier) Before(org.junit.Before)

Example 2 with InMemoryAuthorizer

use of co.cask.cdap.security.authorization.InMemoryAuthorizer in project cdap by caskdata.

the class AuthorizationHandlerTest method testDisabled.

private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception {
    final InMemoryAuthorizer authorizer = new InMemoryAuthorizer();
    NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(authorizer, new AuthorizerInstantiator(cConf, FACTORY) {

        @Override
        public Authorizer get() {
            return authorizer;
        }
    }, cConf, authorizer, new MasterAuthenticationContext(), entityExistenceVerifier)).build();
    service.start();
    try {
        final AuthorizationClient client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
        final NamespaceId ns1 = Ids.namespace("ns1");
        final Role admins = new Role("admins");
        // Test that the right exception is thrown when any Authorization REST API is called with authorization disabled
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.grant(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(Action.READ));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.revoke(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(Action.READ));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.revoke(Authorizable.fromEntityId(ns1));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.listPrivileges(admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.addRoleToPrincipal(admins, admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.removeRoleFromPrincipal(admins, admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.createRole(admins);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.dropRole(admins);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.listAllRoles();
            }
        }, feature, configSetting);
    } finally {
        service.stop();
    }
}
Also used : MasterAuthenticationContext(co.cask.cdap.security.auth.context.MasterAuthenticationContext) CommonNettyHttpServiceBuilder(co.cask.cdap.common.http.CommonNettyHttpServiceBuilder) AuthorizerInstantiator(co.cask.cdap.security.authorization.AuthorizerInstantiator) FeatureDisabledException(co.cask.cdap.common.FeatureDisabledException) IOException(java.io.IOException) AlreadyExistsException(co.cask.cdap.security.spi.authorization.AlreadyExistsException) UnauthenticatedException(co.cask.cdap.common.UnauthenticatedException) NotFoundException(co.cask.cdap.common.NotFoundException) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) Role(co.cask.cdap.proto.security.Role) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) InMemoryAuthorizer(co.cask.cdap.security.authorization.InMemoryAuthorizer) Authorizer(co.cask.cdap.security.spi.authorization.Authorizer) NettyHttpService(co.cask.http.NettyHttpService) AuthorizationClient(co.cask.cdap.client.AuthorizationClient) NamespaceId(co.cask.cdap.proto.id.NamespaceId)

Aggregations

AuthorizationClient (co.cask.cdap.client.AuthorizationClient)2 CommonNettyHttpServiceBuilder (co.cask.cdap.common.http.CommonNettyHttpServiceBuilder)2 MasterAuthenticationContext (co.cask.cdap.security.auth.context.MasterAuthenticationContext)2 AuthorizerInstantiator (co.cask.cdap.security.authorization.AuthorizerInstantiator)2 InMemoryAuthorizer (co.cask.cdap.security.authorization.InMemoryAuthorizer)2 Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)2 FeatureDisabledException (co.cask.cdap.common.FeatureDisabledException)1 NotFoundException (co.cask.cdap.common.NotFoundException)1 UnauthenticatedException (co.cask.cdap.common.UnauthenticatedException)1 CConfiguration (co.cask.cdap.common.conf.CConfiguration)1 AuthenticationChannelHandler (co.cask.cdap.common.http.AuthenticationChannelHandler)1 NamespaceId (co.cask.cdap.proto.id.NamespaceId)1 Role (co.cask.cdap.proto.security.Role)1 AlreadyExistsException (co.cask.cdap.security.spi.authorization.AlreadyExistsException)1 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)1 ChannelPipelineModifier (co.cask.http.ChannelPipelineModifier)1 NettyHttpService (co.cask.http.NettyHttpService)1 ChannelPipeline (io.netty.channel.ChannelPipeline)1 IOException (java.io.IOException)1 Before (org.junit.Before)1