Search in sources :

Example 1 with PermissionConfig

use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.

the class TestSecureApplicationContext method testPermissions.

@Test
public void testPermissions() {
    Set<PermissionConfig> perms = securityConfig.getClientPermissionConfigs();
    assertFalse(perms.isEmpty());
    for (PermissionConfig permConfig : perms) {
        switch(permConfig.getType()) {
            case ALL:
                assertEquals("admin", permConfig.getPrincipal());
                assertEquals(1, permConfig.getEndpoints().size());
                assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
                break;
            case MAP:
                assertEquals("customMap", permConfig.getName());
                assertEquals("dev", permConfig.getPrincipal());
                assertEquals(1, permConfig.getEndpoints().size());
                assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
                break;
            case QUEUE:
                assertEquals("customQ", permConfig.getName());
                assertEquals("dev", permConfig.getPrincipal());
                assertEquals(1, permConfig.getEndpoints().size());
                assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
                break;
        }
    }
}
Also used : PermissionConfig(com.hazelcast.config.PermissionConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 2 with PermissionConfig

use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.

the class TestFullApplicationContext method testSecurity.

@Test
public void testSecurity() {
    SecurityConfig securityConfig = config.getSecurityConfig();
    assertEquals(OnJoinPermissionOperationName.SEND, securityConfig.getOnJoinPermissionOperation());
    final Set<PermissionConfig> clientPermissionConfigs = securityConfig.getClientPermissionConfigs();
    assertFalse(securityConfig.getClientBlockUnmappedActions());
    assertTrue(isNotEmpty(clientPermissionConfigs));
    assertEquals(PermissionType.values().length, clientPermissionConfigs.size());
    final PermissionConfig pnCounterPermission = new PermissionConfig(PermissionType.PN_COUNTER, "pnCounterPermission", "*").addAction("create").setEndpoints(Collections.emptySet());
    assertContains(clientPermissionConfigs, pnCounterPermission);
    Set<PermissionType> permTypes = new HashSet<>(Arrays.asList(PermissionType.values()));
    for (PermissionConfig pc : clientPermissionConfigs) {
        permTypes.remove(pc.getType());
    }
    assertTrue("All permission types should be listed in fullConfig. Not found ones: " + permTypes, permTypes.isEmpty());
    RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberosRealm");
    assertNotNull(kerberosRealm);
    KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
    assertNotNull(kerbAuthentication);
    assertEquals(TRUE, kerbAuthentication.getRelaxFlagsCheck());
    assertEquals(TRUE, kerbAuthentication.getUseNameWithoutRealm());
    assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
    assertNotNull(kerbAuthentication.getLdapAuthenticationConfig());
    KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
    assertNotNull(kerbIdentity);
    assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
    assertEquals(TRUE, kerbIdentity.getUseCanonicalHostname());
    RealmConfig simpleRealm = securityConfig.getRealmConfig("simpleRealm");
    assertNotNull(simpleRealm);
    SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
    assertNotNull(simpleAuthnCfg);
    assertEquals(2, simpleAuthnCfg.getUsernames().size());
    assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
    assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
    Set<String> expectedRoles = new HashSet<>();
    expectedRoles.add("monitor");
    expectedRoles.add("hazelcast");
    assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
}
Also used : PermissionConfig(com.hazelcast.config.PermissionConfig) RealmConfig(com.hazelcast.config.security.RealmConfig) SecurityConfig(com.hazelcast.config.SecurityConfig) PermissionType(com.hazelcast.config.PermissionConfig.PermissionType) KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig) SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig) HashSet(java.util.HashSet) KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig) Test(org.junit.Test) QuickTest(com.hazelcast.test.annotation.QuickTest)

Example 3 with PermissionConfig

use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.

the class UpdatePermissionConfigOperation method readInternal.

@Override
protected void readInternal(ObjectDataInput in) throws IOException {
    super.readInternal(in);
    int configSize = in.readInt();
    permissionConfigs = new HashSet<>(configSize);
    for (int i = 0; i < configSize; i++) {
        PermissionConfig permissionConfig = new PermissionConfig();
        permissionConfig.readData(in);
        permissionConfigs.add(permissionConfig);
    }
}
Also used : PermissionConfig(com.hazelcast.config.PermissionConfig)

Example 4 with PermissionConfig

use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.

the class MemberDomConfigProcessor method handleSecurityPermission.

void handleSecurityPermission(Node node, PermissionConfig.PermissionType type) {
    SecurityConfig cfg = config.getSecurityConfig();
    Node nameNode = getNamedItemNode(node, "name");
    String name = nameNode != null ? getTextContent(nameNode) : null;
    Node principalNode = getNamedItemNode(node, "principal");
    String principal = principalNode != null ? getTextContent(principalNode) : null;
    PermissionConfig permConfig = new PermissionConfig(type, name, principal);
    cfg.addClientPermissionConfig(permConfig);
    for (Node child : childElements(node)) {
        String nodeName = cleanNodeName(child);
        if (matches("endpoints", nodeName)) {
            handleSecurityPermissionEndpoints(child, permConfig);
        } else if (matches("actions", nodeName)) {
            handleSecurityPermissionActions(child, permConfig);
        }
    }
}
Also used : PermissionConfig(com.hazelcast.config.PermissionConfig) SecurityConfig(com.hazelcast.config.SecurityConfig) Node(org.w3c.dom.Node)

Example 5 with PermissionConfig

use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.

the class SecureApplicationContextTest method testPermissions.

@Test
public void testPermissions() {
    Set<PermissionConfig> perms = securityConfig.getClientPermissionConfigs();
    assertFalse(perms.isEmpty());
    for (PermissionConfig permConfig : perms) {
        switch(permConfig.getType()) {
            case ALL:
                assertEquals("admin", permConfig.getPrincipal());
                assertEquals(1, permConfig.getEndpoints().size());
                assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
                break;
            case MAP:
                assertEquals("customMap", permConfig.getName());
                assertEquals("dev", permConfig.getPrincipal());
                assertEquals(1, permConfig.getEndpoints().size());
                assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
                break;
            case QUEUE:
                assertEquals("customQ", permConfig.getName());
                assertEquals("dev", permConfig.getPrincipal());
                assertEquals(1, permConfig.getEndpoints().size());
                assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
                break;
            case CACHE:
                assertEquals("test-cache", permConfig.getName());
                assertEquals("dev", permConfig.getPrincipal());
                assertEquals(1, permConfig.getEndpoints().size());
                assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
                assertEquals(4, permConfig.getActions().size());
                String[] expectedActions = new String[] { "create", "add", "read", "destroy" };
                String[] actualActions = permConfig.getActions().toArray(new String[0]);
                assertArrayEquals(expectedActions, actualActions);
                break;
            case CONFIG:
                assertEquals("dev", permConfig.getPrincipal());
                assertEquals(1, permConfig.getEndpoints().size());
                assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
                break;
        }
    }
}
Also used : PermissionConfig(com.hazelcast.config.PermissionConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Aggregations

PermissionConfig (com.hazelcast.config.PermissionConfig)8 SecurityConfig (com.hazelcast.config.SecurityConfig)2 QuickTest (com.hazelcast.test.annotation.QuickTest)2 Test (org.junit.Test)2 AttributeConfig (com.hazelcast.config.AttributeConfig)1 AwsConfig (com.hazelcast.config.AwsConfig)1 AzureConfig (com.hazelcast.config.AzureConfig)1 BitmapIndexOptions (com.hazelcast.config.BitmapIndexOptions)1 CachePartitionLostListenerConfig (com.hazelcast.config.CachePartitionLostListenerConfig)1 CacheSimpleConfig (com.hazelcast.config.CacheSimpleConfig)1 CacheSimpleEntryListenerConfig (com.hazelcast.config.CacheSimpleEntryListenerConfig)1 CardinalityEstimatorConfig (com.hazelcast.config.CardinalityEstimatorConfig)1 DataPersistenceConfig (com.hazelcast.config.DataPersistenceConfig)1 DiscoveryConfig (com.hazelcast.config.DiscoveryConfig)1 DiscoveryStrategyConfig (com.hazelcast.config.DiscoveryStrategyConfig)1 DiskTierConfig (com.hazelcast.config.DiskTierConfig)1 DurableExecutorConfig (com.hazelcast.config.DurableExecutorConfig)1 EntryListenerConfig (com.hazelcast.config.EntryListenerConfig)1 EurekaConfig (com.hazelcast.config.EurekaConfig)1 EventJournalConfig (com.hazelcast.config.EventJournalConfig)1