Examples with AuthorityList com.yahoo.athenz.common.server.rest.Http.AuthorityList used on opensource projects

Example 1 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class RsrcCtxWrapperTest method TestAuthorize.

@Test
public void TestAuthorize() {
    HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
    AuthorityList authListMock = new AuthorityList();
    Authorizer authorizerMock = Mockito.mock(Authorizer.class);
    Authority authMock = Mockito.mock(Authority.class);
    Principal prin = Mockito.mock(Principal.class);
    Mockito.when(authMock.getHeader()).thenReturn("testheader");
    Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
    Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
    Mockito.when(authMock.authenticate(Mockito.<String>any(), Mockito.<String>any(), Mockito.<String>any(), Mockito.any())).thenReturn(prin);
    Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
    Mockito.when(reqMock.getMethod()).thenReturn("POST");
    authListMock.add(authMock);
    // force true access right
    Mockito.when(authorizerMock.access(Mockito.<String>any(), Mockito.<String>any(), Mockito.any(), Mockito.any())).thenReturn(true);
    RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock);
    wrapper.authorize("add-domain", "test", "test");
    // after authorize success, principal should be set
    assertEquals(wrapper.principal(), prin);
}

Example 2 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class RsrcCtxWrapperTest method TestRsrcCtxWrapperSimpleAssertion.

@Test
public void TestRsrcCtxWrapperSimpleAssertion() {
    HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
    AuthorityList authListMock = new AuthorityList();
    Authorizer authorizerMock = Mockito.mock(Authorizer.class);
    Authority authMock = Mockito.mock(Authority.class);
    Principal prin = Mockito.mock(Principal.class);
    Mockito.when(authMock.getHeader()).thenReturn("testheader");
    Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
    Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
    Mockito.when(authMock.authenticate(Mockito.<String>any(), Mockito.<String>any(), Mockito.<String>any(), Mockito.any())).thenReturn(prin);
    Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
    Mockito.when(reqMock.getMethod()).thenReturn("POST");
    authListMock.add(authMock);
    RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock);
    assertNotNull(wrapper.context());
    // default principal should be null
    assertEquals(wrapper.principal(), null);
    assertEquals(wrapper.request(), reqMock);
    assertEquals(wrapper.response(), resMock);
    wrapper.authenticate();
    // after authenticate, principal should be set
    assertEquals(wrapper.principal(), prin);
    // invalid kerberos request
    try {
        wrapper.authenticateKerberos();
        fail();
    } catch (ResourceException ex) {
        assertNotNull(ex);
    }
}

Example 3 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class ZTSImpl method loadAuthorities.

void loadAuthorities() {
    // get our authorities
    final String authListConfig = System.getProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES, ZTSConsts.ZTS_PRINCIPAL_AUTHORITY_CLASS);
    final String userAuthorityClass = System.getProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS);
    authorities = new AuthorityList();
    String[] authorityList = authListConfig.split(",");
    for (String authorityClass : authorityList) {
        Authority authority = getAuthority(authorityClass);
        if (authority == null) {
            throw new IllegalArgumentException("Invalid authority");
        }
        if (authorityClass.equals(userAuthorityClass)) {
            userAuthority = authority;
        }
        authority.initialize();
        authorities.add(authority);
    }
}

Example 4 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class ZMSImpl method loadAuthorities.

void loadAuthorities() {
    // get our authorities
    final String authListConfig = System.getProperty(ZMSConsts.ZMS_PROP_AUTHORITY_CLASSES, ZMSConsts.ZMS_PRINCIPAL_AUTHORITY_CLASS);
    final String principalAuthorityClass = System.getProperty(ZMSConsts.ZMS_PROP_PRINCIPAL_AUTHORITY_CLASS);
    final String userAuthorityClass = System.getProperty(ZMSConsts.ZMS_PROP_USER_AUTHORITY_CLASS);
    authorities = new AuthorityList();
    String[] authorityList = authListConfig.split(",");
    for (String authorityClass : authorityList) {
        Authority authority = getAuthority(authorityClass);
        if (authority == null) {
            throw new IllegalArgumentException("Invalid authority");
        }
        if (authorityClass.equals(principalAuthorityClass)) {
            principalAuthority = authority;
        }
        if (authorityClass.equals(userAuthorityClass)) {
            userAuthority = authority;
        }
        authority.initialize();
        authorities.add(authority);
    }
}

Example 5 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class RsrcCtxWrapperTest method testAuthorizeMtlsRestricted.

@Test
public void testAuthorizeMtlsRestricted() {
    HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
    AuthorityList authListMock = new AuthorityList();
    Authorizer authorizerMock = Mockito.mock(Authorizer.class);
    Authority authMock = Mockito.mock(Authority.class);
    Metric metricMock = Mockito.mock(Metric.class);
    Object timerMetricMock = Mockito.mock(Object.class);
    Principal prin = Mockito.mock(Principal.class);
    Mockito.when(prin.getMtlsRestricted()).thenReturn(true);
    Mockito.when(authMock.getHeader()).thenReturn("testheader");
    Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
    Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
    Mockito.when(authMock.authenticate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(prin);
    Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
    Mockito.when(reqMock.getMethod()).thenReturn("POST");
    authListMock.add(authMock);
    // force true access right
    Mockito.when(authorizerMock.access(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(true);
    RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock, metricMock, timerMetricMock, "apiName");
    try {
        wrapper.authorize("add-domain", "test", "test");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getMessage(), "ResourceException (403): {code: 403, message: \"mTLS Restricted\"}");
        assertEquals(ex.getCode(), 403);
    }
}