Examples with Authority com.yahoo.athenz.auth.Authority used on opensource projects

Search in sources :

Example 51 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testGetAccessCrossUser.

@Test
public void testGetAccessCrossUser() {
    TopLevelDomain dom1 = createTopLevelDomainObject("CrossAllowDom1", "Test Domain1", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);
    Role role1 = createRoleObject("CrossAllowDom1", "Role1", null, "user.user1", "user.user3");
    zms.putRole(mockDomRsrcCtx, "CrossAllowDom1", "Role1", auditRef, role1);
    Role role2 = createRoleObject("CrossAllowDom1", "Role2", null, "user.user2", "user.user3");
    zms.putRole(mockDomRsrcCtx, "CrossAllowDom1", "Role2", auditRef, role2);
    Role role3 = createRoleObject("CrossAllowDom1", "Role3", null, "user.user1", null);
    zms.putRole(mockDomRsrcCtx, "CrossAllowDom1", "Role3", auditRef, role3);
    Policy policy1 = createPolicyObject("CrossAllowDom1", "Policy1", "Role1", "UPDATE", "CrossAllowDom1:resource1", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "CrossAllowDom1", "Policy1", auditRef, policy1);
    Policy policy2 = createPolicyObject("CrossAllowDom1", "Policy2", "Role2", "CREATE", "CrossAllowDom1:resource2", AssertionEffect.DENY);
    zms.putPolicy(mockDomRsrcCtx, "CrossAllowDom1", "Policy2", auditRef, policy2);
    Policy policy3 = createPolicyObject("CrossAllowDom1", "Policy3", "Role2", "*", "CrossAllowDom1:resource3", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "CrossAllowDom1", "Policy3", auditRef, policy3);
    Policy policy4 = createPolicyObject("CrossAllowDom1", "Policy4", "Role2", "DELETE", "CrossAllowDom1:*", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "CrossAllowDom1", "Policy4", auditRef, policy4);
    // verify we have allow access for access resource
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx1 = createResourceContext(principal1);
    Principal principal2 = principalAuthority.authenticate("v=U1;d=user;n=user2;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx2 = createResourceContext(principal2);
    Principal principal3 = principalAuthority.authenticate("v=U1;d=user;n=user3;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx3 = createResourceContext(principal3);
    // user1 and user3 have access to UPDATE/resource1
    Access access = zms.getAccess(rsrcCtx1, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user1");
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user.user1");
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx2, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user2");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user.user2");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx3, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user3");
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user.user3");
    assertTrue(access.getGranted());
    // all three have no access to CREATE action on resource1
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user1");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user.user1");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx2, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user2");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user.user2");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx3, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user3");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user.user3");
    assertFalse(access.getGranted());
    // all three have no access to invalid domain name on resource 1
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom2", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom2", "user1");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom2", "user.user1");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx2, "CREATE", "CrossAllowDom1:resource1", "CrossAllowDom2", null);
    assertFalse(access.getGranted());
    // user2 and user3 have access to CREATE(*)/resource 3
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource3", "CrossAllowDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource3", "CrossAllowDom1", "user1");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource3", "CrossAllowDom1", "user.user1");
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx2, "CREATE", "CrossAllowDom1:resource3", "CrossAllowDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource3", "CrossAllowDom1", "user2");
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource3", "CrossAllowDom1", "user.user2");
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx3, "CREATE", "CrossAllowDom1:resource3", "CrossAllowDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource3", "CrossAllowDom1", "user3");
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx1, "CREATE", "CrossAllowDom1:resource3", "CrossAllowDom1", "user.user3");
    assertTrue(access.getGranted());
    // user2 and user3 are allowed to check each other's access
    access = zms.getAccess(rsrcCtx2, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user1");
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx2, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user.user1");
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx3, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user1");
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx3, "UPDATE", "CrossAllowDom1:resource1", "CrossAllowDom1", "user.user1");
    assertTrue(access.getGranted());
    zms.deleteTopLevelDomain(mockDomRsrcCtx, "CrossAllowDom1", auditRef);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 52 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testGetAccessWildcard.

@Test
public void testGetAccessWildcard() {
    final String domainName = "WildcardAccessDomain1";
    TopLevelDomain dom1 = createTopLevelDomainObject(domainName, "Test Domain1", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);
    Role role1 = createRoleObject(domainName, "Role1", null, "user.user1", "user.user3");
    zms.putRole(mockDomRsrcCtx, domainName, "Role1", auditRef, role1);
    Role role2 = createRoleObject(domainName, "Role2", null, "user.*", null);
    zms.putRole(mockDomRsrcCtx, domainName, "Role2", auditRef, role2);
    Role role3 = createRoleObject(domainName, "Role3", null, "*", null);
    zms.putRole(mockDomRsrcCtx, domainName, "Role3", auditRef, role3);
    Policy policy1 = createPolicyObject(domainName, "Policy1", "Role1", "UPDATE", domainName + ":resource1", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, domainName, "Policy1", auditRef, policy1);
    Policy policy2 = createPolicyObject(domainName, "Policy2", "Role2", "CREATE", domainName + ":resource2", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, domainName, "Policy2", auditRef, policy2);
    Policy policy3 = createPolicyObject(domainName, "Policy3", "Role3", "DELETE", domainName + ":resource3", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, domainName, "Policy3", auditRef, policy3);
    // user1 and user3 have access to UPDATE/resource1
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx1 = createResourceContext(principal1);
    Principal principal2 = principalAuthority.authenticate("v=U1;d=user;n=user2;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx2 = createResourceContext(principal2);
    Principal principal3 = principalAuthority.authenticate("v=U1;d=user;n=user3;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx3 = createResourceContext(principal3);
    Principal principal4 = principalAuthority.authenticate("v=U1;d=user1;n=user4;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx4 = createResourceContext(principal4);
    Access access = zms.getAccess(rsrcCtx1, "UPDATE", domainName + ":resource1", domainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx2, "UPDATE", domainName + ":resource1", domainName, null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtx3, "UPDATE", domainName + ":resource1", domainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx4, "UPDATE", domainName + ":resource1", domainName, null);
    assertFalse(access.getGranted());
    // all users have access to CREATE/resource2 but not user1 domain user
    access = zms.getAccess(rsrcCtx1, "CREATE", domainName + ":resource2", null, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx2, "CREATE", domainName + ":resource2", null, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx3, "CREATE", domainName + ":resource2", null, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx4, "CREATE", domainName + ":resource2", null, null);
    assertFalse(access.getGranted());
    // everyone has access to DELETE/resource3
    access = zms.getAccess(rsrcCtx1, "DELETE", domainName + ":resource3", domainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx2, "DELETE", domainName + ":resource3", domainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx3, "DELETE", domainName + ":resource3", domainName, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtx4, "DELETE", domainName + ":resource3", domainName, null);
    assertTrue(access.getGranted());
    zms.deleteTopLevelDomain(mockDomRsrcCtx, domainName, auditRef);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 53 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testGetProviderClient.

@Test
public void testGetProviderClient() {
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
    try {
        zms.setProviderClientClass(null);
        zms.getProviderClient("localhost/zms", principal1);
    } catch (Exception ex) {
        assertTrue(true);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException)

Example 54 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testRetrieveAccessDomainMismatch.

@Test
public void testRetrieveAccessDomainMismatch() {
    System.setProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN, "true");
    ZMSImpl zmsTest = zmsInit();
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "user2", "v=U1;d=user;n=user2;s=signature", 0, principalAuthority);
    AthenzDomain athenzDomain = zmsTest.retrieveAccessDomain("user.user1", principal);
    assertNull(athenzDomain);
    System.clearProperty(ZMSConsts.ZMS_PROP_VIRTUAL_DOMAIN);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 55 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZMSImplTest method testGetUserTokenBadAuthority.

@Test
public void testGetUserTokenBadAuthority() {
    int code = 401;
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "user1", "v=U1;d=user;n=user1;s=signature", 0, principalAuthority);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    try {
        zms.getUserToken(rsrcCtx1, "user1", null, null);
        fail("unauthorizederror not thrown.");
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), code);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Aggregations

Authority (com.yahoo.athenz.auth.Authority)78 Principal (com.yahoo.athenz.auth.Principal)66 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)61 PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)49 Test (org.testng.annotations.Test)18 IOException (java.io.IOException)9 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 WebApplicationException (javax.ws.rs.WebApplicationException)9 CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)7 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7 ArrayList (java.util.ArrayList)5 UserAuthority (com.yahoo.athenz.auth.impl.UserAuthority)4 AuthorityList (com.yahoo.athenz.common.server.rest.Http.AuthorityList)4 File (java.io.File)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)3 Struct (com.yahoo.rdl.Struct)3 X509Certificate (java.security.cert.X509Certificate)3 Authorizer (com.yahoo.athenz.auth.Authorizer)2 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial