use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.
the class XmlConfigBuilder method handleSecurityPermissions.
private void handleSecurityPermissions(Node node) throws Exception {
for (Node child : childElements(node)) {
String nodeName = cleanNodeName(child);
PermissionType type;
if ("map-permission".equals(nodeName)) {
type = PermissionType.MAP;
} else if ("queue-permission".equals(nodeName)) {
type = PermissionType.QUEUE;
} else if ("multimap-permission".equals(nodeName)) {
type = PermissionType.MULTIMAP;
} else if ("topic-permission".equals(nodeName)) {
type = PermissionType.TOPIC;
} else if ("list-permission".equals(nodeName)) {
type = PermissionType.LIST;
} else if ("set-permission".equals(nodeName)) {
type = PermissionType.SET;
} else if ("lock-permission".equals(nodeName)) {
type = PermissionType.LOCK;
} else if ("atomic-long-permission".equals(nodeName)) {
type = PermissionType.ATOMIC_LONG;
} else if ("countdown-latch-permission".equals(nodeName)) {
type = PermissionType.COUNTDOWN_LATCH;
} else if ("semaphore-permission".equals(nodeName)) {
type = PermissionType.SEMAPHORE;
} else if ("id-generator-permission".equals(nodeName)) {
type = PermissionType.ID_GENERATOR;
} else if ("executor-service-permission".equals(nodeName)) {
type = PermissionType.EXECUTOR_SERVICE;
} else if ("transaction-permission".equals(nodeName)) {
type = PermissionType.TRANSACTION;
} else if ("all-permissions".equals(nodeName)) {
type = PermissionType.ALL;
} else {
continue;
}
handleSecurityPermission(child, type);
}
}
use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.
the class TestFullApplicationContext method testSecurity.
@Test
public void testSecurity() {
SecurityConfig securityConfig = config.getSecurityConfig();
assertEquals(OnJoinPermissionOperationName.SEND, securityConfig.getOnJoinPermissionOperation());
final Set<PermissionConfig> clientPermissionConfigs = securityConfig.getClientPermissionConfigs();
assertFalse(securityConfig.getClientBlockUnmappedActions());
assertTrue(isNotEmpty(clientPermissionConfigs));
assertEquals(PermissionType.values().length, clientPermissionConfigs.size());
final PermissionConfig pnCounterPermission = new PermissionConfig(PermissionType.PN_COUNTER, "pnCounterPermission", "*").addAction("create").setEndpoints(Collections.emptySet());
assertContains(clientPermissionConfigs, pnCounterPermission);
Set<PermissionType> permTypes = new HashSet<>(Arrays.asList(PermissionType.values()));
for (PermissionConfig pc : clientPermissionConfigs) {
permTypes.remove(pc.getType());
}
assertTrue("All permission types should be listed in fullConfig. Not found ones: " + permTypes, permTypes.isEmpty());
RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberosRealm");
assertNotNull(kerberosRealm);
KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
assertNotNull(kerbAuthentication);
assertEquals(TRUE, kerbAuthentication.getRelaxFlagsCheck());
assertEquals(TRUE, kerbAuthentication.getUseNameWithoutRealm());
assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
assertNotNull(kerbAuthentication.getLdapAuthenticationConfig());
KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
assertNotNull(kerbIdentity);
assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
assertEquals(TRUE, kerbIdentity.getUseCanonicalHostname());
RealmConfig simpleRealm = securityConfig.getRealmConfig("simpleRealm");
assertNotNull(simpleRealm);
SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
assertNotNull(simpleAuthnCfg);
assertEquals(2, simpleAuthnCfg.getUsernames().size());
assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
Set<String> expectedRoles = new HashSet<>();
expectedRoles.add("monitor");
expectedRoles.add("hazelcast");
assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
}
use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.
the class YamlMemberDomConfigProcessor method handleSecurityPermissions.
@SuppressWarnings({ "checkstyle:npathcomplexity", "checkstyle:methodlength" })
protected void handleSecurityPermissions(Node node) {
String onJoinOp = getAttribute(node, "on-join-operation");
if (onJoinOp != null) {
OnJoinPermissionOperationName onJoinPermissionOperation = OnJoinPermissionOperationName.valueOf(upperCaseInternal(onJoinOp));
config.getSecurityConfig().setOnJoinPermissionOperation(onJoinPermissionOperation);
}
Iterable<Node> nodes = childElements(node);
for (Node child : nodes) {
String nodeName = cleanNodeName(child);
if (matches("on-join-operation", nodeName)) {
continue;
}
nodeName = matches("all", nodeName) ? nodeName + "-permissions" : nodeName + "-permission";
PermissionType type = PermissionConfig.PermissionType.getType(nodeName);
if (type == null) {
throw new InvalidConfigurationException("Security permission type is not valid " + nodeName);
}
if (PermissionConfig.PermissionType.CONFIG == type || PermissionConfig.PermissionType.ALL == type || PermissionConfig.PermissionType.TRANSACTION == type) {
handleSecurityPermission(child, type);
} else {
handleSecurityPermissionGroup(child, type);
}
}
}
use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.
the class MemberDomConfigProcessor method handleSecurityPermissions.
protected void handleSecurityPermissions(Node node) {
String onJoinOp = getAttribute(node, "on-join-operation");
if (onJoinOp != null) {
OnJoinPermissionOperationName onJoinPermissionOperation = OnJoinPermissionOperationName.valueOf(upperCaseInternal(onJoinOp));
config.getSecurityConfig().setOnJoinPermissionOperation(onJoinPermissionOperation);
}
for (Node child : childElements(node)) {
String nodeName = cleanNodeName(child);
PermissionType type = PermissionConfig.PermissionType.getType(nodeName);
if (type == null) {
throw new InvalidConfigurationException("Security permission type is not valid " + nodeName);
}
handleSecurityPermission(child, type);
}
}
use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.
the class XMLConfigBuilderTest method testAllPermissionsCovered.
@Override
@Test
public void testAllPermissionsCovered() {
InputStream xmlResource = XMLConfigBuilderTest.class.getClassLoader().getResourceAsStream("hazelcast-fullconfig.xml");
Config config = null;
try {
config = new XmlConfigBuilder(xmlResource).build();
} finally {
IOUtil.closeResource(xmlResource);
}
Set<PermissionType> permTypes = new HashSet<>(Arrays.asList(PermissionType.values()));
for (PermissionConfig pc : config.getSecurityConfig().getClientPermissionConfigs()) {
permTypes.remove(pc.getType());
}
assertTrue("All permission types should be listed in hazelcast-fullconfig.xml. Not found ones: " + permTypes, permTypes.isEmpty());
}
Aggregations