Examples with PrincipalAuthority com.yahoo.athenz.auth.impl.PrincipalAuthority used on opensource projects

Search in sources :

Example 76 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testDeleteProviderResourceGroupRolesNull.

@Test
public void testDeleteProviderResourceGroupRolesNull() {
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx1 = createResourceContext(principal1);
    try {
        zms.deleteProviderResourceGroupRoles(rsrcCtx1, null, null, null, null, null);
    } catch (Exception ex) {
        assertTrue(true);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException)

Example 77 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testGetAccessCrossDomain.

@Test
public void testGetAccessCrossDomain() {
    setupTenantDomainProviderService("CrossDomainAccessDom1", "coretech", "storage", "http://localhost:8090/provider");
    Tenancy tenant = createTenantObject("CrossDomainAccessDom1", "coretech.storage");
    ProviderMockClient.setReturnTenantRoles(true);
    zms.putTenancy(mockDomRsrcCtx, "CrossDomainAccessDom1", "coretech.storage", auditRef, tenant);
    List<TenantRoleAction> roleActions = new ArrayList<TenantRoleAction>();
    for (Struct.Field f : TABLE_PROVIDER_ROLE_ACTIONS) {
        roleActions.add(new TenantRoleAction().setRole(f.name()).setAction((String) f.value()));
    }
    TenantRoles tenantRoles = new TenantRoles().setDomain("coretech").setService("storage").setTenant("CrossDomainAccessDom1").setRoles(roleActions);
    zms.putTenantRoles(mockDomRsrcCtx, "coretech", "storage", "CrossDomainAccessDom1", auditRef, tenantRoles);
    Tenancy tenant1 = zms.getTenancy(mockDomRsrcCtx, "CrossDomainAccessDom1", "coretech.storage");
    assertNotNull(tenant1);
    // reset roles in the CrossDomainAccessDom1 domain with unique values
    Role role = createRoleObject("CrossDomainAccessDom1", "reader", null, "user.joe", "user.jane");
    zms.putRole(mockDomRsrcCtx, "CrossDomainAccessDom1", "reader", auditRef, role);
    role = createRoleObject("CrossDomainAccessDom1", "writer", null, "user.john", "user.jane");
    zms.putRole(mockDomRsrcCtx, "CrossDomainAccessDom1", "writer", auditRef, role);
    Policy policy = createPolicyObject("CrossDomainAccessDom1", "tenancy.coretech.storage.writer", "writer", "ASSUME_ROLE", "coretech:role.storage.tenant.CrossDomainAccessDom1.writer", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "CrossDomainAccessDom1", "tenancy.coretech.storage.writer", auditRef, policy);
    policy = createPolicyObject("CrossDomainAccessDom1", "tenancy.coretech.storage.reader", "reader", "ASSUME_ROLE", "coretech:role.storage.tenant.CrossDomainAccessDom1.reader", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, "CrossDomainAccessDom1", "tenancy.coretech.storage.reader", auditRef, policy);
    // verify the ASSUME_ROLE check - with trust domain specified it should work and
    // without trust domain it will not work since the resource is pointing to the
    // provider's domain and not to the tenant's domain
    Access access = zms.getAccess(mockDomRsrcCtx, "ASSUME_ROLE", "coretech:role.storage.tenant.CrossDomainAccessDom1.reader", null, "user.jane");
    assertFalse(access.getGranted());
    access = zms.getAccess(mockDomRsrcCtx, "ASSUME_ROLE", "coretech:role.storage.tenant.CrossDomainAccessDom1.reader", "CrossDomainAccessDom1", "user.jane");
    assertTrue(access.getGranted());
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal pJane = principalAuthority.authenticate("v=U1;d=user;n=jane;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxJane = createResourceContext(pJane);
    Principal pJohn = principalAuthority.authenticate("v=U1;d=user;n=john;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxJohn = createResourceContext(pJohn);
    Principal pJoe = principalAuthority.authenticate("v=U1;d=user;n=joe;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtxJoe = createResourceContext(pJoe);
    access = zms.getAccess(rsrcCtxJoe, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJoe, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertTrue(access.getGranted());
    // unknown action should always fail
    access = zms.getAccess(rsrcCtxJoe, "UPDATE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "UPDATE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "UPDATE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom1", null);
    assertFalse(access.getGranted());
    // same set as above without trust domain field
    access = zms.getAccess(rsrcCtxJoe, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJoe, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertTrue(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "WRITE", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", null, null);
    assertTrue(access.getGranted());
    // failure with different domain name
    access = zms.getAccess(rsrcCtxJoe, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom2", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJane, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom2", null);
    assertFalse(access.getGranted());
    access = zms.getAccess(rsrcCtxJohn, "READ", "coretech:service.storage.tenant.CrossDomainAccessDom1.resource1", "CrossDomainAccessDom2", null);
    assertFalse(access.getGranted());
    zms.deleteTenancy(mockDomRsrcCtx, "CrossDomainAccessDom1", "coretech.storage", auditRef);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, "CrossDomainAccessDom1", auditRef);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, "coretech", auditRef);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) ArrayList(java.util.ArrayList) Struct(com.yahoo.rdl.Struct) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 78 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testRetrieveAccessDomainValid.

@Test
public void testRetrieveAccessDomainValid() {
    TopLevelDomain dom1 = createTopLevelDomainObject("AccessDomain", "Test Domain1", "testOrg", adminUser);
    zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal pJane = principalAuthority.authenticate("v=U1;d=user;n=jane;s=signature", "10.11.12.13", "GET", null);
    AthenzDomain athenzDomain = zms.retrieveAccessDomain("accessdomain", pJane);
    assertNotNull(athenzDomain);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, "AccessDomain", auditRef);
}
Also used : AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal)

Example 79 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testPutTenancyResourceGroupNull.

@Test
public void testPutTenancyResourceGroupNull() {
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal1 = principalAuthority.authenticate("v=U1;d=user;n=user1;s=signature", "10.11.12.13", "GET", null);
    ResourceContext rsrcCtx1 = createResourceContext(principal1);
    TenancyResourceGroup tenantResource = new TenancyResourceGroup();
    try {
        zms.putTenancyResourceGroup(rsrcCtx1, null, null, null, null, tenantResource);
    } catch (Exception ex) {
        assertTrue(true);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException)

Example 80 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZMSImplTest method testGetUserTokenDefaultSelfName.

@Test
public void testGetUserTokenDefaultSelfName() {
    // Use real Principal Authority to verify signatures
    PrincipalAuthority principalAuthority = new com.yahoo.athenz.auth.impl.PrincipalAuthority();
    principalAuthority.setKeyStore(zms);
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "user10";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    zms.privateKeyId = "0";
    zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey));
    UserToken token = zms.getUserToken(rsrcCtx1, "_self_", null, false);
    assertNotNull(token);
    assertTrue(token.getToken().startsWith("v=U1;d=user;n=" + userId + ";"));
    assertTrue(token.getToken().contains(";h=localhost"));
    assertTrue(token.getToken().contains(";i=10.11.12.13"));
    assertTrue(token.getToken().contains(";k=0"));
    // Verify signature
    Principal principalToVerify = principalAuthority.authenticate(token.getToken(), "10.11.12.13", "GET", null);
    assertNotNull(principalToVerify);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Aggregations

PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74 Test (org.testng.annotations.Test)62 Principal (com.yahoo.athenz.auth.Principal)44 Authority (com.yahoo.athenz.auth.Authority)40 BeforeTest (org.testng.annotations.BeforeTest)26 KeyStore (com.yahoo.athenz.auth.KeyStore)16 SignedDomain (com.yahoo.athenz.zms.SignedDomain)16 IOException (java.io.IOException)16 WebApplicationException (javax.ws.rs.WebApplicationException)16 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13 Path (java.nio.file.Path)13 ArrayList (java.util.ArrayList)12 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11 DataStore (com.yahoo.athenz.zts.store.DataStore)11 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial