use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class RsrcCtxWrapperTest method TestAuthorize.
@Test
public void TestAuthorize() {
HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
AuthorityList authListMock = new AuthorityList();
Authorizer authorizerMock = Mockito.mock(Authorizer.class);
Authority authMock = Mockito.mock(Authority.class);
Principal prin = Mockito.mock(Principal.class);
Mockito.when(authMock.getHeader()).thenReturn("testheader");
Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
Mockito.when(authMock.authenticate(Mockito.<String>any(), Mockito.<String>any(), Mockito.<String>any(), Mockito.any())).thenReturn(prin);
Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
Mockito.when(reqMock.getMethod()).thenReturn("POST");
authListMock.add(authMock);
// force true access right
Mockito.when(authorizerMock.access(Mockito.<String>any(), Mockito.<String>any(), Mockito.any(), Mockito.any())).thenReturn(true);
RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock);
wrapper.authorize("add-domain", "test", "test");
// after authorize success, principal should be set
assertEquals(wrapper.principal(), prin);
}
use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class RsrcCtxWrapperTest method TestRsrcCtxWrapperSimpleAssertion.
@Test
public void TestRsrcCtxWrapperSimpleAssertion() {
HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
AuthorityList authListMock = new AuthorityList();
Authorizer authorizerMock = Mockito.mock(Authorizer.class);
Authority authMock = Mockito.mock(Authority.class);
Principal prin = Mockito.mock(Principal.class);
Mockito.when(authMock.getHeader()).thenReturn("testheader");
Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
Mockito.when(authMock.authenticate(Mockito.<String>any(), Mockito.<String>any(), Mockito.<String>any(), Mockito.any())).thenReturn(prin);
Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
Mockito.when(reqMock.getMethod()).thenReturn("POST");
authListMock.add(authMock);
RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock);
assertNotNull(wrapper.context());
// default principal should be null
assertEquals(wrapper.principal(), null);
assertEquals(wrapper.request(), reqMock);
assertEquals(wrapper.response(), resMock);
wrapper.authenticate();
// after authenticate, principal should be set
assertEquals(wrapper.principal(), prin);
// invalid kerberos request
try {
wrapper.authenticateKerberos();
fail();
} catch (ResourceException ex) {
assertNotNull(ex);
}
}
use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class ZTSImpl method loadAuthorities.
void loadAuthorities() {
// get our authorities
final String authListConfig = System.getProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES, ZTSConsts.ZTS_PRINCIPAL_AUTHORITY_CLASS);
final String userAuthorityClass = System.getProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS);
authorities = new AuthorityList();
String[] authorityList = authListConfig.split(",");
for (String authorityClass : authorityList) {
Authority authority = getAuthority(authorityClass);
if (authority == null) {
throw new IllegalArgumentException("Invalid authority");
}
if (authorityClass.equals(userAuthorityClass)) {
userAuthority = authority;
}
authority.initialize();
authorities.add(authority);
}
}
use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class ZMSImpl method loadAuthorities.
void loadAuthorities() {
// get our authorities
final String authListConfig = System.getProperty(ZMSConsts.ZMS_PROP_AUTHORITY_CLASSES, ZMSConsts.ZMS_PRINCIPAL_AUTHORITY_CLASS);
final String principalAuthorityClass = System.getProperty(ZMSConsts.ZMS_PROP_PRINCIPAL_AUTHORITY_CLASS);
final String userAuthorityClass = System.getProperty(ZMSConsts.ZMS_PROP_USER_AUTHORITY_CLASS);
authorities = new AuthorityList();
String[] authorityList = authListConfig.split(",");
for (String authorityClass : authorityList) {
Authority authority = getAuthority(authorityClass);
if (authority == null) {
throw new IllegalArgumentException("Invalid authority");
}
if (authorityClass.equals(principalAuthorityClass)) {
principalAuthority = authority;
}
if (authorityClass.equals(userAuthorityClass)) {
userAuthority = authority;
}
authority.initialize();
authorities.add(authority);
}
}
use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class RsrcCtxWrapperTest method testAuthorizeMtlsRestricted.
@Test
public void testAuthorizeMtlsRestricted() {
HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
AuthorityList authListMock = new AuthorityList();
Authorizer authorizerMock = Mockito.mock(Authorizer.class);
Authority authMock = Mockito.mock(Authority.class);
Metric metricMock = Mockito.mock(Metric.class);
Object timerMetricMock = Mockito.mock(Object.class);
Principal prin = Mockito.mock(Principal.class);
Mockito.when(prin.getMtlsRestricted()).thenReturn(true);
Mockito.when(authMock.getHeader()).thenReturn("testheader");
Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
Mockito.when(authMock.authenticate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(prin);
Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
Mockito.when(reqMock.getMethod()).thenReturn("POST");
authListMock.add(authMock);
// force true access right
Mockito.when(authorizerMock.access(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(true);
RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock, metricMock, timerMetricMock, "apiName");
try {
wrapper.authorize("add-domain", "test", "test");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getMessage(), "ResourceException (403): {code: 403, message: \"mTLS Restricted\"}");
assertEquals(ex.getCode(), 403);
}
}
Aggregations