Search in sources :

Example 6 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class RsrcCtxWrapperTest method testAuthenticateException.

@Test
public void testAuthenticateException() {
    HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
    AuthorityList authListMock = new AuthorityList();
    Authorizer authorizerMock = Mockito.mock(Authorizer.class);
    Authority authMock = Mockito.mock(Authority.class);
    Mockito.when(authMock.getHeader()).thenReturn("testheader");
    Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
    Mockito.when(authMock.getCredSource()).thenReturn(Authority.CredSource.HEADER);
    Mockito.when(authMock.authenticate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenThrow(new com.yahoo.athenz.common.server.rest.ResourceException(403));
    Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
    Mockito.when(reqMock.getMethod()).thenReturn("POST");
    authListMock.add(authMock);
    Object timerMetric = new Object();
    RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock, timerMetric, "apiName", false);
    try {
        wrapper.authenticate();
    } catch (ResourceException ex) {
        assertEquals(403, ex.getCode());
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Authorizer(com.yahoo.athenz.auth.Authorizer) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList) Test(org.testng.annotations.Test)

Example 7 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class RsrcCtxWrapperTest method testThrowZtsException.

@Test
public void testThrowZtsException() {
    HttpServletRequest servletRequest = new MockHttpServletRequest();
    HttpServletResponse servletResponse = Mockito.mock(HttpServletResponse.class);
    AuthorityList authListMock = new AuthorityList();
    Authorizer authorizerMock = Mockito.mock(Authorizer.class);
    Object timerMetric = new Object();
    RsrcCtxWrapper wrapper = new RsrcCtxWrapper(servletRequest, servletResponse, authListMock, false, authorizerMock, timerMetric, "apiName", false);
    com.yahoo.athenz.common.server.rest.ResourceException restExc = new com.yahoo.athenz.common.server.rest.ResourceException(503, null);
    try {
        wrapper.throwZmsException(restExc);
        fail();
    } catch (ResourceException ex) {
        assertEquals(503, ex.getCode());
    }
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authorizer(com.yahoo.athenz.auth.Authorizer) Test(org.testng.annotations.Test)

Example 8 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class ZTSImpl method loadAuthorities.

void loadAuthorities() {
    // get our authorities
    final String authListConfig = System.getProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES, ZTSConsts.ZTS_PRINCIPAL_AUTHORITY_CLASS);
    final String userAuthorityClass = System.getProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS);
    authorities = new AuthorityList();
    String[] authorityList = authListConfig.split(",");
    for (String authorityClass : authorityList) {
        Authority authority = getAuthority(authorityClass);
        if (authority == null) {
            throw new IllegalArgumentException("Invalid authority");
        }
        if (authorityClass.equals(userAuthorityClass)) {
            userAuthority = authority;
        }
        authority.initialize();
        authorities.add(authority);
    }
}
Also used : CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList)

Example 9 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class ZMSImpl method loadAuthorities.

void loadAuthorities() {
    // get our authorities
    final String authListConfig = System.getProperty(ZMSConsts.ZMS_PROP_AUTHORITY_CLASSES, ZMSConsts.ZMS_PRINCIPAL_AUTHORITY_CLASS);
    final String principalAuthorityClass = System.getProperty(ZMSConsts.ZMS_PROP_PRINCIPAL_AUTHORITY_CLASS);
    final String userAuthorityClass = System.getProperty(ZMSConsts.ZMS_PROP_USER_AUTHORITY_CLASS);
    authorities = new AuthorityList();
    String[] authorityList = authListConfig.split(",");
    for (String authorityClass : authorityList) {
        Authority authority = getAuthority(authorityClass);
        if (authority == null) {
            throw new IllegalArgumentException("Invalid authority");
        }
        if (authorityClass.equals(principalAuthorityClass)) {
            principalAuthority = authority;
        }
        if (authorityClass.equals(userAuthorityClass)) {
            userAuthority = authority;
        }
        authority.initialize();
        authorities.add(authority);
    }
}
Also used : AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList)

Example 10 with AuthorityList

use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.

the class RsrcCtxWrapperTest method testAuthorizeMtlsRestricted.

@Test
public void testAuthorizeMtlsRestricted() {
    HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
    AuthorityList authListMock = new AuthorityList();
    Authorizer authorizerMock = Mockito.mock(Authorizer.class);
    Authority authMock = Mockito.mock(Authority.class);
    Metric metricMock = Mockito.mock(Metric.class);
    Object timerMetricMock = Mockito.mock(Object.class);
    Principal prin = Mockito.mock(Principal.class);
    Mockito.when(prin.getMtlsRestricted()).thenReturn(true);
    Mockito.when(authMock.getHeader()).thenReturn("testheader");
    Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
    Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
    Mockito.when(authMock.authenticate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(prin);
    Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
    Mockito.when(reqMock.getMethod()).thenReturn("POST");
    authListMock.add(authMock);
    // force true access right
    Mockito.when(authorizerMock.access(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(true);
    RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock, metricMock, timerMetricMock, "apiName");
    try {
        wrapper.authorize("add-domain", "test", "test");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getMessage(), "ResourceException (403): {code: 403, message: \"mTLS Restricted\"}");
        assertEquals(ex.getCode(), 403);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Authorizer(com.yahoo.athenz.auth.Authorizer) HttpServletResponse(javax.servlet.http.HttpServletResponse) Metric(com.yahoo.athenz.common.metrics.Metric) AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Aggregations

AuthorityList (com.yahoo.athenz.common.server.rest.Http.AuthorityList)26 Authorizer (com.yahoo.athenz.auth.Authorizer)24 HttpServletRequest (javax.servlet.http.HttpServletRequest)24 HttpServletResponse (javax.servlet.http.HttpServletResponse)24 Test (org.testng.annotations.Test)24 Authority (com.yahoo.athenz.auth.Authority)13 PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)12 Metric (com.yahoo.athenz.common.metrics.Metric)11 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)9 Principal (com.yahoo.athenz.auth.Principal)8 DomainChangeMessage (com.yahoo.athenz.common.messaging.DomainChangeMessage)3 CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)1