use of com.sequenceiq.authorization.resource.AuthorizationResourceAction in project cloudbreak by hortonworks.
the class UmsResourceAuthorizationServiceTest method init.
@BeforeEach
public void init() throws IllegalAccessException {
when(resourceNameFactoryService.getNames(any())).thenReturn(Collections.EMPTY_MAP);
this.authorizationMessageUtilsService = spy(new AuthorizationMessageUtilsService(resourceNameFactoryService));
FieldUtils.writeField(underTest, "authorizationMessageUtilsService", authorizationMessageUtilsService, true);
when(umsRightProvider.getRight(any())).thenAnswer(invocation -> {
AuthorizationResourceAction action = invocation.getArgument(0);
return action.getRight();
});
}
use of com.sequenceiq.authorization.resource.AuthorizationResourceAction in project cloudbreak by hortonworks.
the class EnforcePropertyProviderTestUtil method validationAnnotationByProvider.
private static <T extends ResourcePropertyProvider> Optional<Class<? extends ResourcePropertyProvider>> validationAnnotationByProvider(Class<T> propertyProviderClass, Set<Predicate<Annotation>> validationPredicates, Annotation annotation) {
AuthorizationResourceAction action = getAction(annotation);
AuthorizationResourceType authorizationResourceType = action.getAuthorizationResourceType();
if (validationPredicates.stream().allMatch(predicate -> predicate.test(annotation))) {
return PROVIDER_SUBTYPES_MAP.get(propertyProviderClass).stream().filter(type -> {
ResourcePropertyProvider resourcePropertyProvider = (T) EnforceAuthorizationTestUtil.getSampleObjectFactory().manufacturePojo(type);
return authorizationResourceType.equals(resourcePropertyProvider.getSupportedAuthorizationResourceType());
}).findFirst();
}
return Optional.of(propertyProviderClass);
}
use of com.sequenceiq.authorization.resource.AuthorizationResourceAction in project cloudbreak by hortonworks.
the class EnforcePropertyProviderTestUtil method addErrorIfNeeded.
private static void addErrorIfNeeded(Method method, List<String> errors, Class<? extends ResourcePropertyProvider> providerClass, Annotation annotation, Optional<Class<? extends ResourcePropertyProvider>> providerClassPresent) {
if (providerClassPresent.isEmpty()) {
AuthorizationResourceAction action = getAction(annotation);
AuthorizationResourceType authorizationResourceType = action.getAuthorizationResourceType();
errors.add(String.format("Provider with interface %s implemented is needed to authorize using action %s and resource type %s (method: %s)", providerClass.getSimpleName(), action, authorizationResourceType, method.getDeclaringClass().getSimpleName() + "#" + method.getName()));
}
}
use of com.sequenceiq.authorization.resource.AuthorizationResourceAction in project cloudbreak by hortonworks.
the class RequestPropertyAuthorizationFactory method calcAuthorization.
private Optional<AuthorizationRule> calcAuthorization(Object resourceObject, CheckPermissionByRequestProperty methodAnnotation, String userCrn) {
boolean skipOnNull = methodAnnotation.skipOnNull();
try {
Object fieldObject = PropertyUtils.getProperty(resourceObject, methodAnnotation.path());
AuthorizationVariableType authorizationVariableType = methodAnnotation.type();
AuthorizationResourceAction action = methodAnnotation.action();
if (fieldObject != null) {
return calcAuthorizationFromObject(action, authorizationVariableType, fieldObject, userCrn);
} else if (!methodAnnotation.skipOnNull()) {
throw new BadRequestException(String.format("Property [%s] of the request object must not be null.", methodAnnotation.path()));
}
} catch (NestedNullException nne) {
if (!skipOnNull) {
throw new BadRequestException(String.format("Property [%s] of the request object must not be null.", methodAnnotation.path()));
}
} catch (NotFoundException nfe) {
LOGGER.warn("Resource not found during permission check of resource object, this should be handled by microservice.");
} catch (Error | RuntimeException unchecked) {
LOGGER.error("Error happened during authorization of the request object: ", unchecked);
throw unchecked;
} catch (Throwable t) {
LOGGER.error("Error happened during authorization of the request object: ", t);
throw new AccessDeniedException("Error happened during authorization of the request object, thus access is denied!", t);
}
return Optional.empty();
}
use of com.sequenceiq.authorization.resource.AuthorizationResourceAction in project cloudbreak by hortonworks.
the class ResourceCrnListAuthorizationFactory method doGetAuthorization.
@Override
public Optional<AuthorizationRule> doGetAuthorization(CheckPermissionByResourceCrnList methodAnnotation, String userCrn, ProceedingJoinPoint proceedingJoinPoint, MethodSignature methodSignature) {
AuthorizationResourceAction action = methodAnnotation.action();
Collection<String> resourceCrns = commonPermissionCheckingUtils.getParameter(proceedingJoinPoint, methodSignature, ResourceCrnList.class, Collection.class);
crnAccountValidator.validateSameAccount(userCrn, resourceCrns);
LOGGER.debug("Getting authorization rule to authorize user [{}] for action [{}] over resources [{}]", userCrn, action, Joiner.on(",").join(resourceCrns));
return calcAuthorization(resourceCrns, action);
}
Aggregations