Examples with Authority com.yahoo.athenz.auth.Authority used on opensource projects

Search in sources :

Example 91 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class HttpTest method testAuthenticateHeaderFailureMultipleAuth.

@Test
public void testAuthenticateHeaderFailureMultipleAuth() {
    HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
    Http.AuthorityList authorities = new Http.AuthorityList();
    Authority authority1 = Mockito.mock(Authority.class);
    Mockito.when(authority1.getCredSource()).thenReturn(CredSource.HEADER);
    Mockito.when(authority1.getHeader()).thenReturn("Cookie.hogehoge");
    Mockito.when(authority1.getAuthenticateChallenge()).thenReturn("Basic realm=\"athenz\"");
    authorities.add(authority1);
    Authority authority2 = Mockito.mock(Authority.class);
    Mockito.when(authority2.getCredSource()).thenReturn(CredSource.REQUEST);
    Mockito.when(authority2.getAuthenticateChallenge()).thenReturn("AthenzRequest realm=\"athenz\"");
    authorities.add(authority2);
    try {
        Http.authenticate(httpServletRequest, authorities);
    } catch (ResourceException expected) {
        assertEquals(expected.getCode(), 401);
    }
    Set<String> challenges = new HashSet<>();
    challenges.add("Basic realm=\"athenz\"");
    challenges.add("AthenzRequest realm=\"athenz\"");
    Mockito.verify(httpServletRequest, times(1)).setAttribute("com.yahoo.athenz.auth.credential.challenges", challenges);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 92 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class HttpTest method testAuthorizedUser.

@Test
public void testAuthorizedUser() {
    HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
    Principal principal = Mockito.mock(Principal.class);
    Mockito.when(principal.getFullName()).thenReturn("athenz.api");
    Authorizer authorizer = Mockito.mock(Authorizer.class);
    Mockito.when(authorizer.access(ArgumentMatchers.any(), ArgumentMatchers.any(), ArgumentMatchers.any(Principal.class), ArgumentMatchers.any())).thenReturn(true);
    Authority authority = Mockito.mock(Authority.class);
    Mockito.when(authority.getCredSource()).thenReturn(Authority.CredSource.HEADER);
    Mockito.when(authority.getHeader()).thenReturn("Athenz-Principal-Auth");
    Mockito.when(httpServletRequest.getHeader("Athenz-Principal-Auth")).thenReturn("Creds");
    Mockito.when(authority.authenticate(ArgumentMatchers.any(), ArgumentMatchers.any(), ArgumentMatchers.any(), ArgumentMatchers.any())).thenReturn(principal);
    Http.AuthorityList authorities = new Http.AuthorityList();
    authorities.add(authority);
    assertEquals("athenz.api", Http.authorizedUser(httpServletRequest, authorities, authorizer, "action", "resource", null));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Authorizer(com.yahoo.athenz.auth.Authorizer) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 93 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ZTSImplTest method getResourceAccessWithDelegatedGroups.

private void getResourceAccessWithDelegatedGroups(boolean wildCardRole, boolean wildCardDomain) {
    final String domainName1 = "access-domain-delegated-group1";
    final String domainName2 = "access-domain-delegated-group2";
    final String groupName1 = "group1";
    final String groupName2 = "group2";
    final String roleName1 = "role1";
    final String policyName1 = "policy1";
    List<Role> roles1 = new ArrayList<>();
    Role role1 = ZTSTestUtils.createRoleObject(domainName1, roleName1, "user.jane", "user.joey");
    role1.getRoleMembers().add(new RoleMember().setMemberName(ResourceUtils.groupResourceName(domainName1, groupName1)));
    role1.getRoleMembers().add(new RoleMember().setMemberName(ResourceUtils.groupResourceName(domainName1, groupName2)).setExpiration(Timestamp.fromMillis(100000)));
    roles1.add(role1);
    List<Group> groups1 = new ArrayList<>();
    Group group1 = ZTSTestUtils.createGroupObject(domainName1, groupName1, "user.john");
    groups1.add(group1);
    Group group2 = ZTSTestUtils.createGroupObject(domainName1, groupName2, "user.joe");
    groups1.add(group2);
    List<Policy> policies1 = new ArrayList<>();
    final String assumeRoleResource = ZTSTestUtils.getAssumeRoleResource(domainName2, roleName1, wildCardRole, wildCardDomain);
    Policy policy1 = ZTSTestUtils.createPolicyObject(domainName1, policyName1, roleName1, true, "assume_role", assumeRoleResource, AssertionEffect.ALLOW);
    policies1.add(policy1);
    List<Role> roles2 = new ArrayList<>();
    Role role2 = ZTSTestUtils.createRoleObject(domainName2, roleName1, domainName1, null);
    roles2.add(role2);
    List<Policy> policies2 = new ArrayList<>();
    Policy policy2 = ZTSTestUtils.createPolicyObject(domainName2, policyName1, roleName1, true, "update", domainName2 + ":resource1", AssertionEffect.ALLOW);
    policies2.add(policy2);
    SignedDomain signedDomain1 = ZTSTestUtils.createSignedDomain(domainName1, roles1, policies1, null, groups1, privateKey);
    store.processSignedDomain(signedDomain1, false);
    SignedDomain signedDomain2 = ZTSTestUtils.createSignedDomain(domainName2, roles2, policies2, null, null, privateKey);
    store.processSignedDomain(signedDomain2, false);
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "user1", "v=U1;d=user;n=user1;s=signature", 0, principalAuthority);
    ResourceContext context = createResourceContext(principal, null);
    // role1 - jane & joey have regular role access, john (grp1), joe (grp2 but expired).
    ResourceAccess access = zts.getResourceAccess(context, "update", domainName2 + ":resource1", null, "user.jane");
    assertTrue(access.getGranted());
    access = zts.getResourceAccess(context, "update", domainName2 + ":resource1", null, "user.joey");
    assertTrue(access.getGranted());
    access = zts.getResourceAccess(context, "update", domainName2 + ":resource1", null, "user.john");
    assertTrue(access.getGranted());
    access = zts.getResourceAccess(context, "update", domainName2 + ":resource1", null, "user.joe");
    assertFalse(access.getGranted());
    // role access against the trusted domain
    RoleAccess roleAccess = zts.getRoleAccess(context, domainName2, "user.jane");
    assertEquals(roleAccess.getRoles().size(), 1);
    assertTrue(roleAccess.getRoles().contains("role1"));
    roleAccess = zts.getRoleAccess(context, domainName2, "user.joey");
    assertEquals(roleAccess.getRoles().size(), 1);
    assertTrue(roleAccess.getRoles().contains("role1"));
    roleAccess = zts.getRoleAccess(context, domainName2, "user.john");
    assertEquals(roleAccess.getRoles().size(), 1);
    assertTrue(roleAccess.getRoles().contains("role1"));
    roleAccess = zts.getRoleAccess(context, domainName2, "user.joe");
    assertTrue(roleAccess.getRoles().isEmpty());
    // role access against the domain itself
    roleAccess = zts.getRoleAccess(context, domainName1, "user.jane");
    assertEquals(roleAccess.getRoles().size(), 1);
    assertTrue(roleAccess.getRoles().contains("role1"));
    roleAccess = zts.getRoleAccess(context, domainName1, "user.joey");
    assertEquals(roleAccess.getRoles().size(), 1);
    assertTrue(roleAccess.getRoles().contains("role1"));
    roleAccess = zts.getRoleAccess(context, domainName1, "user.john");
    assertEquals(roleAccess.getRoles().size(), 1);
    assertTrue(roleAccess.getRoles().contains("role1"));
    roleAccess = zts.getRoleAccess(context, domainName1, "user.joe");
    assertTrue(roleAccess.getRoles().isEmpty());
    store.getCacheStore().invalidate(domainName1);
    store.getCacheStore().invalidate(domainName2);
}
Also used : Policy(com.yahoo.athenz.zms.Policy) Authority(com.yahoo.athenz.auth.Authority) Principal(com.yahoo.athenz.auth.Principal)

Example 94 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class RsrcCtxWrapperTest method testAuthorizeMtlsRestricted.

@Test
public void testAuthorizeMtlsRestricted() {
    HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
    AuthorityList authListMock = new AuthorityList();
    Authorizer authorizerMock = Mockito.mock(Authorizer.class);
    Authority authMock = Mockito.mock(Authority.class);
    Metric metricMock = Mockito.mock(Metric.class);
    Object timerMetricMock = Mockito.mock(Object.class);
    Principal prin = Mockito.mock(Principal.class);
    Mockito.when(prin.getMtlsRestricted()).thenReturn(true);
    Mockito.when(authMock.getHeader()).thenReturn("testheader");
    Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
    Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
    Mockito.when(authMock.authenticate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(prin);
    Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
    Mockito.when(reqMock.getMethod()).thenReturn("POST");
    authListMock.add(authMock);
    // force true access right
    Mockito.when(authorizerMock.access(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(true);
    RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock, metricMock, timerMetricMock, "apiName");
    try {
        wrapper.authorize("add-domain", "test", "test");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getMessage(), "ResourceException (403): {code: 403, message: \"mTLS Restricted\"}");
        assertEquals(ex.getCode(), 403);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Authorizer(com.yahoo.athenz.auth.Authorizer) HttpServletResponse(javax.servlet.http.HttpServletResponse) Metric(com.yahoo.athenz.common.metrics.Metric) AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 95 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class RsrcCtxWrapperTest method testRsrcCtxWrapperSimpleAssertionMtlsRestricted.

@Test
public void testRsrcCtxWrapperSimpleAssertionMtlsRestricted() {
    HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
    AuthorityList authListMock = new AuthorityList();
    Authorizer authorizerMock = Mockito.mock(Authorizer.class);
    Authority authMock = Mockito.mock(Authority.class);
    Metric metricMock = Mockito.mock(Metric.class);
    Object timerMetricMock = Mockito.mock(Object.class);
    Principal prin = Mockito.mock(Principal.class);
    Mockito.when(prin.getMtlsRestricted()).thenReturn(true);
    Mockito.when(authMock.getHeader()).thenReturn("testheader");
    Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
    Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
    Mockito.when(authMock.authenticate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(prin);
    Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
    Mockito.when(reqMock.getMethod()).thenReturn("POST");
    authListMock.add(authMock);
    RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock, metricMock, timerMetricMock, "apiName");
    assertNotNull(wrapper.context());
    // default principal should be null
    assertNull(wrapper.principal());
    assertEquals(wrapper.request(), reqMock);
    assertEquals(wrapper.response(), resMock);
    assertEquals(wrapper.getApiName(), "apiname");
    assertEquals(wrapper.getHttpMethod(), "POST");
    try {
        wrapper.authenticate();
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getMessage(), "ResourceException (401): {code: 401, message: \"certificate is mTLS restricted\"}");
        assertEquals(ex.getCode(), 401);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Authorizer(com.yahoo.athenz.auth.Authorizer) HttpServletResponse(javax.servlet.http.HttpServletResponse) Metric(com.yahoo.athenz.common.metrics.Metric) AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Aggregations

Authority (com.yahoo.athenz.auth.Authority)193 Principal (com.yahoo.athenz.auth.Principal)124 Test (org.testng.annotations.Test)72 PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)32 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)30 HttpServletRequest (javax.servlet.http.HttpServletRequest)24 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)21 HttpServletResponse (javax.servlet.http.HttpServletResponse)20 ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)19 Authorizer (com.yahoo.athenz.auth.Authorizer)15 AuthorityList (com.yahoo.athenz.common.server.rest.Http.AuthorityList)13 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)11 ServerPrivateKey (com.yahoo.athenz.auth.ServerPrivateKey)9 Timestamp (com.yahoo.rdl.Timestamp)9 Metric (com.yahoo.athenz.common.metrics.Metric)8 IOException (java.io.IOException)8 Response (javax.ws.rs.core.Response)6 Struct (com.yahoo.rdl.Struct)5 UnsupportedEncodingException (java.io.UnsupportedEncodingException)5 WebApplicationException (javax.ws.rs.WebApplicationException)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial