Example 6 with AuthorityList
use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class RsrcCtxWrapperTest method testAuthenticateException.
@Test
public void testAuthenticateException() {
HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
AuthorityList authListMock = new AuthorityList();
Authorizer authorizerMock = Mockito.mock(Authorizer.class);
Authority authMock = Mockito.mock(Authority.class);
Mockito.when(authMock.getHeader()).thenReturn("testheader");
Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
Mockito.when(authMock.getCredSource()).thenReturn(Authority.CredSource.HEADER);
Mockito.when(authMock.authenticate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenThrow(new com.yahoo.athenz.common.server.rest.ResourceException(403));
Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
Mockito.when(reqMock.getMethod()).thenReturn("POST");
authListMock.add(authMock);
Object timerMetric = new Object();
RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock, timerMetric, "apiName", false);
try {
wrapper.authenticate();
} catch (ResourceException ex) {
assertEquals(403, ex.getCode());
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Authority(com.yahoo.athenz.auth.Authority)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Authorizer(com.yahoo.athenz.auth.Authorizer)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList)
Test(org.testng.annotations.Test)
Example 7 with AuthorityList
use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class RsrcCtxWrapperTest method testThrowZtsException.
@Test
public void testThrowZtsException() {
HttpServletRequest servletRequest = new MockHttpServletRequest();
HttpServletResponse servletResponse = Mockito.mock(HttpServletResponse.class);
AuthorityList authListMock = new AuthorityList();
Authorizer authorizerMock = Mockito.mock(Authorizer.class);
Object timerMetric = new Object();
RsrcCtxWrapper wrapper = new RsrcCtxWrapper(servletRequest, servletResponse, authListMock, false, authorizerMock, timerMetric, "apiName", false);
com.yahoo.athenz.common.server.rest.ResourceException restExc = new com.yahoo.athenz.common.server.rest.ResourceException(503, null);
try {
wrapper.throwZmsException(restExc);
fail();
} catch (ResourceException ex) {
assertEquals(503, ex.getCode());
}
}
Also used :
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Authorizer(com.yahoo.athenz.auth.Authorizer)
Test(org.testng.annotations.Test)
Example 8 with AuthorityList
use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class ZTSImpl method loadAuthorities.
void loadAuthorities() {
// get our authorities
final String authListConfig = System.getProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES, ZTSConsts.ZTS_PRINCIPAL_AUTHORITY_CLASS);
final String userAuthorityClass = System.getProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS);
authorities = new AuthorityList();
String[] authorityList = authListConfig.split(",");
for (String authorityClass : authorityList) {
Authority authority = getAuthority(authorityClass);
if (authority == null) {
throw new IllegalArgumentException("Invalid authority");
}
if (authorityClass.equals(userAuthorityClass)) {
userAuthority = authority;
}
authority.initialize();
authorities.add(authority);
}
}
Also used :
CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority)
AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList)
Example 9 with AuthorityList
use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class ZMSImpl method loadAuthorities.
void loadAuthorities() {
// get our authorities
final String authListConfig = System.getProperty(ZMSConsts.ZMS_PROP_AUTHORITY_CLASSES, ZMSConsts.ZMS_PRINCIPAL_AUTHORITY_CLASS);
final String principalAuthorityClass = System.getProperty(ZMSConsts.ZMS_PROP_PRINCIPAL_AUTHORITY_CLASS);
final String userAuthorityClass = System.getProperty(ZMSConsts.ZMS_PROP_USER_AUTHORITY_CLASS);
authorities = new AuthorityList();
String[] authorityList = authListConfig.split(",");
for (String authorityClass : authorityList) {
Authority authority = getAuthority(authorityClass);
if (authority == null) {
throw new IllegalArgumentException("Invalid authority");
}
if (authorityClass.equals(principalAuthorityClass)) {
principalAuthority = authority;
}
if (authorityClass.equals(userAuthorityClass)) {
userAuthority = authority;
}
authority.initialize();
authorities.add(authority);
}
}
Also used :
AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList)
Example 10 with AuthorityList
use of com.yahoo.athenz.common.server.rest.Http.AuthorityList in project athenz by yahoo.
the class RsrcCtxWrapperTest method testAuthorizeMtlsRestricted.
@Test
public void testAuthorizeMtlsRestricted() {
HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
AuthorityList authListMock = new AuthorityList();
Authorizer authorizerMock = Mockito.mock(Authorizer.class);
Authority authMock = Mockito.mock(Authority.class);
Metric metricMock = Mockito.mock(Metric.class);
Object timerMetricMock = Mockito.mock(Object.class);
Principal prin = Mockito.mock(Principal.class);
Mockito.when(prin.getMtlsRestricted()).thenReturn(true);
Mockito.when(authMock.getHeader()).thenReturn("testheader");
Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
Mockito.when(authMock.getCredSource()).thenReturn(com.yahoo.athenz.auth.Authority.CredSource.HEADER);
Mockito.when(authMock.authenticate(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(prin);
Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
Mockito.when(reqMock.getMethod()).thenReturn("POST");
authListMock.add(authMock);
// force true access right
Mockito.when(authorizerMock.access(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(true);
RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock, metricMock, timerMetricMock, "apiName");
try {
wrapper.authorize("add-domain", "test", "test");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getMessage(), "ResourceException (403): {code: 403, message: \"mTLS Restricted\"}");
assertEquals(ex.getCode(), 403);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Authority(com.yahoo.athenz.auth.Authority)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Authorizer(com.yahoo.athenz.auth.Authorizer)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Metric(com.yahoo.athenz.common.metrics.Metric)
AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Aggregations
AuthorityList (com.yahoo.athenz.common.server.rest.Http.AuthorityList)26
Authorizer (com.yahoo.athenz.auth.Authorizer)24
HttpServletRequest (javax.servlet.http.HttpServletRequest)24
HttpServletResponse (javax.servlet.http.HttpServletResponse)24
Test (org.testng.annotations.Test)24
Authority (com.yahoo.athenz.auth.Authority)13
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)12
Metric (com.yahoo.athenz.common.metrics.Metric)11
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)9
Principal (com.yahoo.athenz.auth.Principal)8
DomainChangeMessage (com.yahoo.athenz.common.messaging.DomainChangeMessage)3
CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)1
