use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.
the class TestSecureApplicationContext method testPermissions.
@Test
public void testPermissions() {
Set<PermissionConfig> perms = securityConfig.getClientPermissionConfigs();
assertFalse(perms.isEmpty());
for (PermissionConfig permConfig : perms) {
switch(permConfig.getType()) {
case ALL:
assertEquals("admin", permConfig.getPrincipal());
assertEquals(1, permConfig.getEndpoints().size());
assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
break;
case MAP:
assertEquals("customMap", permConfig.getName());
assertEquals("dev", permConfig.getPrincipal());
assertEquals(1, permConfig.getEndpoints().size());
assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
break;
case QUEUE:
assertEquals("customQ", permConfig.getName());
assertEquals("dev", permConfig.getPrincipal());
assertEquals(1, permConfig.getEndpoints().size());
assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
break;
}
}
}
use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.
the class TestFullApplicationContext method testSecurity.
@Test
public void testSecurity() {
SecurityConfig securityConfig = config.getSecurityConfig();
assertEquals(OnJoinPermissionOperationName.SEND, securityConfig.getOnJoinPermissionOperation());
final Set<PermissionConfig> clientPermissionConfigs = securityConfig.getClientPermissionConfigs();
assertFalse(securityConfig.getClientBlockUnmappedActions());
assertTrue(isNotEmpty(clientPermissionConfigs));
assertEquals(PermissionType.values().length, clientPermissionConfigs.size());
final PermissionConfig pnCounterPermission = new PermissionConfig(PermissionType.PN_COUNTER, "pnCounterPermission", "*").addAction("create").setEndpoints(Collections.emptySet());
assertContains(clientPermissionConfigs, pnCounterPermission);
Set<PermissionType> permTypes = new HashSet<>(Arrays.asList(PermissionType.values()));
for (PermissionConfig pc : clientPermissionConfigs) {
permTypes.remove(pc.getType());
}
assertTrue("All permission types should be listed in fullConfig. Not found ones: " + permTypes, permTypes.isEmpty());
RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberosRealm");
assertNotNull(kerberosRealm);
KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
assertNotNull(kerbAuthentication);
assertEquals(TRUE, kerbAuthentication.getRelaxFlagsCheck());
assertEquals(TRUE, kerbAuthentication.getUseNameWithoutRealm());
assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
assertNotNull(kerbAuthentication.getLdapAuthenticationConfig());
KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
assertNotNull(kerbIdentity);
assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
assertEquals(TRUE, kerbIdentity.getUseCanonicalHostname());
RealmConfig simpleRealm = securityConfig.getRealmConfig("simpleRealm");
assertNotNull(simpleRealm);
SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
assertNotNull(simpleAuthnCfg);
assertEquals(2, simpleAuthnCfg.getUsernames().size());
assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
Set<String> expectedRoles = new HashSet<>();
expectedRoles.add("monitor");
expectedRoles.add("hazelcast");
assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
}
use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.
the class UpdatePermissionConfigOperation method readInternal.
@Override
protected void readInternal(ObjectDataInput in) throws IOException {
super.readInternal(in);
int configSize = in.readInt();
permissionConfigs = new HashSet<>(configSize);
for (int i = 0; i < configSize; i++) {
PermissionConfig permissionConfig = new PermissionConfig();
permissionConfig.readData(in);
permissionConfigs.add(permissionConfig);
}
}
use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.
the class MemberDomConfigProcessor method handleSecurityPermission.
void handleSecurityPermission(Node node, PermissionConfig.PermissionType type) {
SecurityConfig cfg = config.getSecurityConfig();
Node nameNode = getNamedItemNode(node, "name");
String name = nameNode != null ? getTextContent(nameNode) : null;
Node principalNode = getNamedItemNode(node, "principal");
String principal = principalNode != null ? getTextContent(principalNode) : null;
PermissionConfig permConfig = new PermissionConfig(type, name, principal);
cfg.addClientPermissionConfig(permConfig);
for (Node child : childElements(node)) {
String nodeName = cleanNodeName(child);
if (matches("endpoints", nodeName)) {
handleSecurityPermissionEndpoints(child, permConfig);
} else if (matches("actions", nodeName)) {
handleSecurityPermissionActions(child, permConfig);
}
}
}
use of com.hazelcast.config.PermissionConfig in project hazelcast by hazelcast.
the class SecureApplicationContextTest method testPermissions.
@Test
public void testPermissions() {
Set<PermissionConfig> perms = securityConfig.getClientPermissionConfigs();
assertFalse(perms.isEmpty());
for (PermissionConfig permConfig : perms) {
switch(permConfig.getType()) {
case ALL:
assertEquals("admin", permConfig.getPrincipal());
assertEquals(1, permConfig.getEndpoints().size());
assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
break;
case MAP:
assertEquals("customMap", permConfig.getName());
assertEquals("dev", permConfig.getPrincipal());
assertEquals(1, permConfig.getEndpoints().size());
assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
break;
case QUEUE:
assertEquals("customQ", permConfig.getName());
assertEquals("dev", permConfig.getPrincipal());
assertEquals(1, permConfig.getEndpoints().size());
assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
break;
case CACHE:
assertEquals("test-cache", permConfig.getName());
assertEquals("dev", permConfig.getPrincipal());
assertEquals(1, permConfig.getEndpoints().size());
assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
assertEquals(4, permConfig.getActions().size());
String[] expectedActions = new String[] { "create", "add", "read", "destroy" };
String[] actualActions = permConfig.getActions().toArray(new String[0]);
assertArrayEquals(expectedActions, actualActions);
break;
case CONFIG:
assertEquals("dev", permConfig.getPrincipal());
assertEquals(1, permConfig.getEndpoints().size());
assertEquals("127.0.0.1", permConfig.getEndpoints().iterator().next());
break;
}
}
}
Aggregations