Search in sources :

Example 1 with PermissionType

use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.

the class XmlConfigBuilder method handleSecurityPermissions.

private void handleSecurityPermissions(Node node) throws Exception {
    for (Node child : childElements(node)) {
        String nodeName = cleanNodeName(child);
        PermissionType type;
        if ("map-permission".equals(nodeName)) {
            type = PermissionType.MAP;
        } else if ("queue-permission".equals(nodeName)) {
            type = PermissionType.QUEUE;
        } else if ("multimap-permission".equals(nodeName)) {
            type = PermissionType.MULTIMAP;
        } else if ("topic-permission".equals(nodeName)) {
            type = PermissionType.TOPIC;
        } else if ("list-permission".equals(nodeName)) {
            type = PermissionType.LIST;
        } else if ("set-permission".equals(nodeName)) {
            type = PermissionType.SET;
        } else if ("lock-permission".equals(nodeName)) {
            type = PermissionType.LOCK;
        } else if ("atomic-long-permission".equals(nodeName)) {
            type = PermissionType.ATOMIC_LONG;
        } else if ("countdown-latch-permission".equals(nodeName)) {
            type = PermissionType.COUNTDOWN_LATCH;
        } else if ("semaphore-permission".equals(nodeName)) {
            type = PermissionType.SEMAPHORE;
        } else if ("id-generator-permission".equals(nodeName)) {
            type = PermissionType.ID_GENERATOR;
        } else if ("executor-service-permission".equals(nodeName)) {
            type = PermissionType.EXECUTOR_SERVICE;
        } else if ("transaction-permission".equals(nodeName)) {
            type = PermissionType.TRANSACTION;
        } else if ("all-permissions".equals(nodeName)) {
            type = PermissionType.ALL;
        } else {
            continue;
        }
        handleSecurityPermission(child, type);
    }
}
Also used : PermissionType(com.hazelcast.config.PermissionConfig.PermissionType) Node(org.w3c.dom.Node)

Example 2 with PermissionType

use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.

the class TestFullApplicationContext method testSecurity.

@Test
public void testSecurity() {
    SecurityConfig securityConfig = config.getSecurityConfig();
    assertEquals(OnJoinPermissionOperationName.SEND, securityConfig.getOnJoinPermissionOperation());
    final Set<PermissionConfig> clientPermissionConfigs = securityConfig.getClientPermissionConfigs();
    assertFalse(securityConfig.getClientBlockUnmappedActions());
    assertTrue(isNotEmpty(clientPermissionConfigs));
    assertEquals(PermissionType.values().length, clientPermissionConfigs.size());
    final PermissionConfig pnCounterPermission = new PermissionConfig(PermissionType.PN_COUNTER, "pnCounterPermission", "*").addAction("create").setEndpoints(Collections.emptySet());
    assertContains(clientPermissionConfigs, pnCounterPermission);
    Set<PermissionType> permTypes = new HashSet<>(Arrays.asList(PermissionType.values()));
    for (PermissionConfig pc : clientPermissionConfigs) {
        permTypes.remove(pc.getType());
    }
    assertTrue("All permission types should be listed in fullConfig. Not found ones: " + permTypes, permTypes.isEmpty());
    RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberosRealm");
    assertNotNull(kerberosRealm);
    KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
    assertNotNull(kerbAuthentication);
    assertEquals(TRUE, kerbAuthentication.getRelaxFlagsCheck());
    assertEquals(TRUE, kerbAuthentication.getUseNameWithoutRealm());
    assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
    assertNotNull(kerbAuthentication.getLdapAuthenticationConfig());
    KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
    assertNotNull(kerbIdentity);
    assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
    assertEquals(TRUE, kerbIdentity.getUseCanonicalHostname());
    RealmConfig simpleRealm = securityConfig.getRealmConfig("simpleRealm");
    assertNotNull(simpleRealm);
    SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
    assertNotNull(simpleAuthnCfg);
    assertEquals(2, simpleAuthnCfg.getUsernames().size());
    assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
    assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
    Set<String> expectedRoles = new HashSet<>();
    expectedRoles.add("monitor");
    expectedRoles.add("hazelcast");
    assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
}
Also used : PermissionConfig(com.hazelcast.config.PermissionConfig) RealmConfig(com.hazelcast.config.security.RealmConfig) SecurityConfig(com.hazelcast.config.SecurityConfig) PermissionType(com.hazelcast.config.PermissionConfig.PermissionType) KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig) SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig) HashSet(java.util.HashSet) KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig) Test(org.junit.Test) QuickTest(com.hazelcast.test.annotation.QuickTest)

Example 3 with PermissionType

use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.

the class YamlMemberDomConfigProcessor method handleSecurityPermissions.

@SuppressWarnings({ "checkstyle:npathcomplexity", "checkstyle:methodlength" })
protected void handleSecurityPermissions(Node node) {
    String onJoinOp = getAttribute(node, "on-join-operation");
    if (onJoinOp != null) {
        OnJoinPermissionOperationName onJoinPermissionOperation = OnJoinPermissionOperationName.valueOf(upperCaseInternal(onJoinOp));
        config.getSecurityConfig().setOnJoinPermissionOperation(onJoinPermissionOperation);
    }
    Iterable<Node> nodes = childElements(node);
    for (Node child : nodes) {
        String nodeName = cleanNodeName(child);
        if (matches("on-join-operation", nodeName)) {
            continue;
        }
        nodeName = matches("all", nodeName) ? nodeName + "-permissions" : nodeName + "-permission";
        PermissionType type = PermissionConfig.PermissionType.getType(nodeName);
        if (type == null) {
            throw new InvalidConfigurationException("Security permission type is not valid " + nodeName);
        }
        if (PermissionConfig.PermissionType.CONFIG == type || PermissionConfig.PermissionType.ALL == type || PermissionConfig.PermissionType.TRANSACTION == type) {
            handleSecurityPermission(child, type);
        } else {
            handleSecurityPermissionGroup(child, type);
        }
    }
}
Also used : OnJoinPermissionOperationName(com.hazelcast.config.OnJoinPermissionOperationName) PermissionType(com.hazelcast.config.PermissionConfig.PermissionType) Node(org.w3c.dom.Node) YamlNode(com.hazelcast.internal.yaml.YamlNode) InvalidConfigurationException(com.hazelcast.config.InvalidConfigurationException)

Example 4 with PermissionType

use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.

the class MemberDomConfigProcessor method handleSecurityPermissions.

protected void handleSecurityPermissions(Node node) {
    String onJoinOp = getAttribute(node, "on-join-operation");
    if (onJoinOp != null) {
        OnJoinPermissionOperationName onJoinPermissionOperation = OnJoinPermissionOperationName.valueOf(upperCaseInternal(onJoinOp));
        config.getSecurityConfig().setOnJoinPermissionOperation(onJoinPermissionOperation);
    }
    for (Node child : childElements(node)) {
        String nodeName = cleanNodeName(child);
        PermissionType type = PermissionConfig.PermissionType.getType(nodeName);
        if (type == null) {
            throw new InvalidConfigurationException("Security permission type is not valid " + nodeName);
        }
        handleSecurityPermission(child, type);
    }
}
Also used : OnJoinPermissionOperationName(com.hazelcast.config.OnJoinPermissionOperationName) PermissionType(com.hazelcast.config.PermissionConfig.PermissionType) Node(org.w3c.dom.Node) InvalidConfigurationException(com.hazelcast.config.InvalidConfigurationException)

Example 5 with PermissionType

use of com.hazelcast.config.PermissionConfig.PermissionType in project hazelcast by hazelcast.

the class XMLConfigBuilderTest method testAllPermissionsCovered.

@Override
@Test
public void testAllPermissionsCovered() {
    InputStream xmlResource = XMLConfigBuilderTest.class.getClassLoader().getResourceAsStream("hazelcast-fullconfig.xml");
    Config config = null;
    try {
        config = new XmlConfigBuilder(xmlResource).build();
    } finally {
        IOUtil.closeResource(xmlResource);
    }
    Set<PermissionType> permTypes = new HashSet<>(Arrays.asList(PermissionType.values()));
    for (PermissionConfig pc : config.getSecurityConfig().getClientPermissionConfigs()) {
        permTypes.remove(pc.getType());
    }
    assertTrue("All permission types should be listed in hazelcast-fullconfig.xml. Not found ones: " + permTypes, permTypes.isEmpty());
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) TokenIdentityConfig(com.hazelcast.config.security.TokenIdentityConfig) LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig) SemaphoreConfig(com.hazelcast.config.cp.SemaphoreConfig) CPSubsystemConfig(com.hazelcast.config.cp.CPSubsystemConfig) RaftAlgorithmConfig(com.hazelcast.config.cp.RaftAlgorithmConfig) SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig) KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig) KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig) RealmConfig(com.hazelcast.config.security.RealmConfig) FencedLockConfig(com.hazelcast.config.cp.FencedLockConfig) PermissionType(com.hazelcast.config.PermissionConfig.PermissionType) HashSet(java.util.HashSet) ParallelJVMTest(com.hazelcast.test.annotation.ParallelJVMTest) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Aggregations

PermissionType (com.hazelcast.config.PermissionConfig.PermissionType)5 Node (org.w3c.dom.Node)3 InvalidConfigurationException (com.hazelcast.config.InvalidConfigurationException)2 OnJoinPermissionOperationName (com.hazelcast.config.OnJoinPermissionOperationName)2 KerberosAuthenticationConfig (com.hazelcast.config.security.KerberosAuthenticationConfig)2 KerberosIdentityConfig (com.hazelcast.config.security.KerberosIdentityConfig)2 RealmConfig (com.hazelcast.config.security.RealmConfig)2 SimpleAuthenticationConfig (com.hazelcast.config.security.SimpleAuthenticationConfig)2 QuickTest (com.hazelcast.test.annotation.QuickTest)2 HashSet (java.util.HashSet)2 Test (org.junit.Test)2 PermissionConfig (com.hazelcast.config.PermissionConfig)1 SecurityConfig (com.hazelcast.config.SecurityConfig)1 CPSubsystemConfig (com.hazelcast.config.cp.CPSubsystemConfig)1 FencedLockConfig (com.hazelcast.config.cp.FencedLockConfig)1 RaftAlgorithmConfig (com.hazelcast.config.cp.RaftAlgorithmConfig)1 SemaphoreConfig (com.hazelcast.config.cp.SemaphoreConfig)1 LdapAuthenticationConfig (com.hazelcast.config.security.LdapAuthenticationConfig)1 TokenIdentityConfig (com.hazelcast.config.security.TokenIdentityConfig)1 YamlNode (com.hazelcast.internal.yaml.YamlNode)1